From 9b57e4dff65eaa144acc9a93576a3130ecfea10a Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Tue, 25 May 2021 12:25:43 +0200 Subject: [PATCH 01/12] Extension for a new previlige escalation credential field in GMP for the creation and modification of targets. In file gmp.c: Extended the structs create_target_data_t and modify_target_data_t and the enum client_state_t. Adjusted the functions gmp_xml_handle_start_element and gmp_xml_handle_end_element. Adjusted the function call of modify_target and create_target in gmp_xml_handle_end_element. In file manage_sql.c: Extended the functions create_target and modify_target with the new field ssh_elevate_credential and added the required functionality. (cherry picked from commit 049b4dea9681eced4b4849dda5d15e826a3d4eda) --- src/gmp.c | 102 ++++++++++++++++++++++++++++++++++++----------- src/manage.h | 4 +- src/manage_sql.c | 68 +++++++++++++++++++++++++++++-- 3 files changed, 145 insertions(+), 29 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index ed86e8431..45d454930 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -931,6 +931,7 @@ typedef struct char *port_range; ///< Port range for new target. char *ssh_credential_id; ///< SSH credential for new target. char *ssh_lsc_credential_id; ///< SSH credential (deprecated). + char *ssh_elevate_credential_id ; ///< SSH elevation credential. char *ssh_port; ///< Port for SSH. char *ssh_lsc_port; ///< Port for SSH (deprecated). char *smb_credential_id; ///< SMB credential for new target. @@ -962,6 +963,7 @@ create_target_data_reset (create_target_data_t *data) free (data->port_range); free (data->ssh_credential_id); free (data->ssh_lsc_credential_id); + free (data->ssh_elevate_credential_id); free (data->ssh_port); free (data->ssh_lsc_port); free (data->smb_credential_id); @@ -2807,25 +2809,26 @@ modify_setting_data_reset (modify_setting_data_t *data) */ typedef struct { - char *alive_tests; ///< Alive tests. - char *allow_simultaneous_ips; ///< Boolean. Whether to scan multiple IPs of a host simultaneously. - char *comment; ///< Comment. - char *exclude_hosts; ///< Hosts to exclude from set. - char *reverse_lookup_only; ///< Boolean. Whether to consider only hosts that reverse lookup. - char *reverse_lookup_unify; ///< Boolean. Whether to unify based on reverse lookup. - char *hosts; ///< Hosts for target. - char *name; ///< Name of target. - char *port_list_id; ///< Port list for target. - char *ssh_credential_id; ///< SSH credential for target. - char *ssh_lsc_credential_id; ///< SSH credential for target (deprecated). - char *ssh_port; ///< Port for SSH. - char *ssh_lsc_port; ///< Port for SSH (deprecated). - char *smb_credential_id; ///< SMB credential for target. - char *smb_lsc_credential_id; ///< SMB credential for target (deprecated). - char *esxi_credential_id; ///< ESXi credential for target. - char *esxi_lsc_credential_id; ///< ESXi credential for target (deprecated). - char *snmp_credential_id; ///< SNMP credential for target. - char *target_id; ///< Target UUID. + char *alive_tests; ///< Alive tests. + char *allow_simultaneous_ips; ///< Boolean. Whether to scan multiple IPs of a host simultaneously. + char *comment; ///< Comment. + char *exclude_hosts; ///< Hosts to exclude from set. + char *reverse_lookup_only; ///< Boolean. Whether to consider only hosts that reverse lookup. + char *reverse_lookup_unify; ///< Boolean. Whether to unify based on reverse lookup. + char *hosts; ///< Hosts for target. + char *name; ///< Name of target. + char *port_list_id; ///< Port list for target. + char *ssh_credential_id; ///< SSH credential for target. + char *ssh_lsc_credential_id; ///< SSH credential for target (deprecated). + char *ssh_elevate_credential_id; ///< SSH credential for target (deprecated). + char *ssh_port; ///< Port for SSH. + char *ssh_lsc_port; ///< Port for SSH (deprecated). + char *smb_credential_id; ///< SMB credential for target. + char *smb_lsc_credential_id; ///< SMB credential for target (deprecated). + char *esxi_credential_id; ///< ESXi credential for target. + char *esxi_lsc_credential_id; ///< ESXi credential for target (deprecated). + char *snmp_credential_id; ///< SNMP credential for target. + char *target_id; ///< Target UUID. } modify_target_data_t; /** @@ -2847,6 +2850,7 @@ modify_target_data_reset (modify_target_data_t *data) free (data->port_list_id); free (data->ssh_credential_id); free (data->ssh_lsc_credential_id); + free (data->ssh_elevate_credential_id); free (data->ssh_port); free (data->ssh_lsc_port); free (data->smb_credential_id); @@ -4262,6 +4266,7 @@ typedef enum CLIENT_CREATE_TARGET_SMB_LSC_CREDENTIAL, CLIENT_CREATE_TARGET_SSH_LSC_CREDENTIAL, CLIENT_CREATE_TARGET_SSH_LSC_CREDENTIAL_PORT, + CLIENT_CREATE_TARGET_SSH_ELEVATE_CREDENTIAL, CLIENT_CREATE_TASK, CLIENT_CREATE_TASK_ALERT, CLIENT_CREATE_TASK_ALTERABLE, @@ -4485,6 +4490,7 @@ typedef enum CLIENT_MODIFY_TARGET_SMB_CREDENTIAL, CLIENT_MODIFY_TARGET_SNMP_CREDENTIAL, CLIENT_MODIFY_TARGET_SSH_CREDENTIAL, + CLIENT_MODIFY_TARGET_SSH_ELEVATE_CREDENTIAL, CLIENT_MODIFY_TARGET_SSH_CREDENTIAL_PORT, CLIENT_MODIFY_TARGET_SMB_LSC_CREDENTIAL, CLIENT_MODIFY_TARGET_SSH_LSC_CREDENTIAL, @@ -6516,6 +6522,12 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, &modify_target_data->ssh_lsc_credential_id); set_client_state (CLIENT_MODIFY_TARGET_SSH_LSC_CREDENTIAL); } + else if (strcasecmp ("SSH_ELEVATE_CREDENTIAL", element_name) == 0) + { + append_attribute (attribute_names, attribute_values, "id", + &modify_target_data->ssh_elevate_credential_id); + set_client_state (CLIENT_MODIFY_TARGET_SSH_ELEVATE_CREDENTIAL); + } else if (strcasecmp ("SMB_CREDENTIAL", element_name) == 0) { append_attribute (attribute_names, attribute_values, "id", @@ -7522,6 +7534,12 @@ gmp_xml_handle_start_element (/* unused */ GMarkupParseContext* context, &create_target_data->ssh_lsc_credential_id); set_client_state (CLIENT_CREATE_TARGET_SSH_LSC_CREDENTIAL); } + else if (strcasecmp ("SSH_ELEVATE_CREDENTIAL", element_name) == 0) + { + append_attribute (attribute_names, attribute_values, "id", + &create_target_data->ssh_elevate_credential_id); + set_client_state (CLIENT_CREATE_TARGET_SSH_ELEVATE_CREDENTIAL); + } else if (strcasecmp ("SMB_CREDENTIAL", element_name) == 0) { append_attribute (attribute_names, attribute_values, "id", @@ -21414,7 +21432,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, case CLIENT_CREATE_TARGET: { - credential_t ssh_credential = 0, smb_credential = 0; + credential_t ssh_credential = 0, ssh_elevate_credential = 0, smb_credential = 0; credential_t esxi_credential = 0, snmp_credential = 0; target_t new_target; @@ -21512,6 +21530,12 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, return; } } + else if (create_target_data->ssh_elevate_credential_id + && find_credential_with_permission + (create_target_data->ssh_elevate_credential_id, + &ssh_elevate_credential, + "get_credentials")) + SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("create_target")); else if (create_target_data->smb_credential_id && find_credential_with_permission (create_target_data->smb_credential_id, @@ -21596,6 +21620,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, create_target_data->port_list_id, create_target_data->port_range, ssh_credential, + ssh_elevate_credential, create_target_data->ssh_credential_id ? create_target_data->ssh_port : create_target_data->ssh_lsc_port, @@ -21665,25 +21690,32 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, case 9: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_target", - "SMB credential must be of type" + "ELEVATE credential must be of type" " 'up'")); log_event_fail ("target", "Target", NULL, "created"); break; case 10: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_target", - "ESXi credential must be of type" + "SMB credential must be of type" " 'up'")); log_event_fail ("target", "Target", NULL, "created"); break; case 11: + SEND_TO_CLIENT_OR_FAIL + (XML_ERROR_SYNTAX ("create_target", + "ESXi credential must be of type" + " 'up'")); + log_event_fail ("target", "Target", NULL, "created"); + break; + case 12: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_target", "SNMP credential must be of type" " 'snmp'")); log_event_fail ("target", "Target", NULL, "created"); break; - case 12: + case 13: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_target", "One of PORT_LIST and PORT_RANGE are" @@ -21731,6 +21763,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, CLOSE (CLIENT_CREATE_TARGET, PORT_RANGE); CLOSE (CLIENT_CREATE_TARGET, SSH_CREDENTIAL); CLOSE (CLIENT_CREATE_TARGET, SSH_LSC_CREDENTIAL); + CLOSE (CLIENT_CREATE_TARGET, SSH_ELEVATE_CREDENTIAL); CLOSE (CLIENT_CREATE_TARGET, SMB_CREDENTIAL); CLOSE (CLIENT_CREATE_TARGET, SMB_LSC_CREDENTIAL); CLOSE (CLIENT_CREATE_TARGET, SNMP_CREDENTIAL); @@ -24143,6 +24176,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, modify_target_data->ssh_credential_id ? modify_target_data->ssh_credential_id : modify_target_data->ssh_lsc_credential_id, + modify_target_data->ssh_elevate_credential_id, modify_target_data->ssh_credential_id ? modify_target_data->ssh_port : modify_target_data->ssh_lsc_port, @@ -24365,6 +24399,27 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, log_event_fail ("target", "Target", modify_target_data->target_id, "modified"); break; + case 22: + log_event_fail ("target", "Target", + modify_target_data->target_id, + "modified"); + if (send_find_error_to_client + ("modify_target", "Credential", + modify_target_data->ssh_elevate_credential_id, + gmp_parser)) + { + error_send_to_client (error); + return; + } + break; + case 23: + SEND_TO_CLIENT_OR_FAIL + (XML_ERROR_SYNTAX ("modify_target", + "ELEVATE credential must be of type" + " 'up'")); + log_event_fail ("target", "Target", + modify_target_data->target_id, "modified"); + break; case 99: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("modify_target", @@ -24406,6 +24461,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, CLOSE (CLIENT_MODIFY_TARGET, PORT_LIST); CLOSE (CLIENT_MODIFY_TARGET, SSH_CREDENTIAL); CLOSE (CLIENT_MODIFY_TARGET, SSH_LSC_CREDENTIAL); + CLOSE (CLIENT_MODIFY_TARGET, SSH_ELEVATE_CREDENTIAL); CLOSE (CLIENT_MODIFY_TARGET, SMB_CREDENTIAL); CLOSE (CLIENT_MODIFY_TARGET, SMB_LSC_CREDENTIAL); CLOSE (CLIENT_MODIFY_TARGET, SNMP_CREDENTIAL); diff --git a/src/manage.h b/src/manage.h index e320edb30..b63e3d833 100644 --- a/src/manage.h +++ b/src/manage.h @@ -1585,7 +1585,7 @@ find_target_with_permission (const char *, target_t *, const char *); int create_target (const char*, const char*, const char*, const char*, const char*, - const char *, const char*, credential_t, const char*, + const char *, const char*, credential_t, credential_t, const char*, credential_t, credential_t, credential_t, const char *, const char *, const char *, const char *, target_t*); @@ -1595,7 +1595,7 @@ copy_target (const char*, const char*, const char *, target_t*); int modify_target (const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, const char*, - const char*, const char*, const char*, const char*, + const char*, const char*, const char*, const char*, const char*, const char*); int diff --git a/src/manage_sql.c b/src/manage_sql.c index 3ba61cde2..a931b97b0 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -30613,6 +30613,7 @@ create_target (const char* name, const char* asset_hosts_filter, const char* hosts, const char* exclude_hosts, const char* comment, const char* port_list_id, const char* port_range, credential_t ssh_credential, + credential_t ssh_elevate_credential, const char* ssh_port, credential_t smb_credential, credential_t esxi_credential, credential_t snmp_credential, const char *reverse_lookup_only, @@ -30666,7 +30667,7 @@ create_target (const char* name, const char* asset_hosts_filter, else if (port_range == NULL) { sql_rollback (); - return 12; + return 13; } else { @@ -30809,13 +30810,29 @@ create_target (const char* name, const char* asset_hosts_filter, } g_free (quoted_ssh_port); + if (ssh_elevate_credential) + { + gchar *type = credential_type (ssh_elevate_credential); + if (strcmp (type, "up")) + { + sql_rollback (); + return 9; + } + g_free (type); + + sql ("INSERT INTO targets_login_data" + " (target, type, credential, port)" + " VALUES (%llu, 'elevate', %llu, %s);", + new_target, ssh_elevate_credential, "0"); + } + if (smb_credential) { gchar *type = credential_type (smb_credential); if (strcmp (type, "up")) { sql_rollback (); - return 9; + return 10; } g_free (type); @@ -30831,7 +30848,7 @@ create_target (const char* name, const char* asset_hosts_filter, if (strcmp (type, "up")) { sql_rollback (); - return 10; + return 11; } g_free (type); @@ -30847,7 +30864,7 @@ create_target (const char* name, const char* asset_hosts_filter, if (strcmp (type, "snmp")) { sql_rollback (); - return 11; + return 12; } g_free (type); @@ -31074,6 +31091,7 @@ int modify_target (const char *target_id, const char *name, const char *hosts, const char *exclude_hosts, const char *comment, const char *port_list_id, const char *ssh_credential_id, + const char *ssh_elevate_credential_id, const char *ssh_port, const char *smb_credential_id, const char *esxi_credential_id, const char* snmp_credential_id, const char *reverse_lookup_only, @@ -31274,6 +31292,48 @@ modify_target (const char *target_id, const char *name, const char *hosts, set_target_login_data (target, "ssh", 0, 0); } + if (ssh_elevate_credential_id) + { + credential_t ssh_elevate_credential; + + if (target_in_use (target)) + { + sql_rollback (); + return 15; + } + + ssh_elevate_credential = 0; + if (strcmp (ssh_elevate_credential_id, "0")) + { + gchar *type; + if (find_credential_with_permission (ssh_elevate_credential_id, + &ssh_elevate_credential, + "get_credentials")) + { + sql_rollback (); + return -1; + } + + if (ssh_elevate_credential == 0) + { + sql_rollback (); + return 22; + } + + type = credential_type (ssh_elevate_credential); + if (strcmp (type, "up")) + { + sql_rollback (); + return 23; + } + g_free (type); + + set_target_login_data (target, "elevate", ssh_elevate_credential, 0); + } + else + set_target_login_data (target, "elevate", 0, 0); + } + if (smb_credential_id) { credential_t smb_credential; From 4afc1c8692bfb648fe582f7b660e14823c4b5041 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Tue, 25 May 2021 15:01:49 +0200 Subject: [PATCH 02/12] Added documentation in manage_sql.c: Added documentation of the parameter ssh_elevate_credential at the call of create_target. Added documentation of the parameter ssh_elevate_credential_id at the call of modify_target. (cherry picked from commit a40fa21b1bef6c8447dd25ff3c19f7053cdcdc3e) --- src/manage_sql.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/manage_sql.c b/src/manage_sql.c index a931b97b0..e5bb6add7 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -30591,6 +30591,7 @@ target_login_port (target_t target, const char* type) * @param[in] port_list_id Port list of target (overrides \p port_range). * @param[in] port_range Port range of target. * @param[in] ssh_credential SSH credential. + * @param[in] ssh_elevate_credential SSH previlige escalation credential. * @param[in] ssh_port Port for SSH login. * @param[in] smb_credential SMB credential. * @param[in] esxi_credential ESXi credential. @@ -31066,6 +31067,7 @@ delete_target (const char *target_id, int ultimate) * @param[in] comment Comment on target. * @param[in] port_list_id Port list of target (overrides \p port_range). * @param[in] ssh_credential_id SSH credential. + * @param[in] ssh_elevate_credential_id SSH previlige escalation credential. * @param[in] ssh_port Port for SSH login. * @param[in] smb_credential_id SMB credential. * @param[in] esxi_credential_id ESXi credential. From de27b84d3fc11a0505edbed04c2d51fce1816aef Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 27 May 2021 10:30:53 +0200 Subject: [PATCH 03/12] Extended the GMP get target functionality for the escalation credential. in file gmp.c: Added the necessary data structures and code to get the new credential to the function handle_get_targets(). in manage_sql.c: Extended the TARGET_ITERATOR_COLUMNS and TARGET_ITERATOR_FILTER_COLUMNS for the new credential. Added the functions target_iterator_ssh_elevate_credential(), target_iterator_ssh_elevate_trash() and target_ssh_elevate_credential(). (cherry picked from commit 133eecd348b2994b0daa01716cadd352679d32cd) --- src/gmp.c | 91 ++++++++++++++----- src/manage.h | 6 ++ src/manage_sql.c | 223 +++++++++++++++++++++++++++++------------------ src/manage_sql.h | 1 + 4 files changed, 216 insertions(+), 105 deletions(-) diff --git a/src/gmp.c b/src/gmp.c index 45d454930..940e9db8a 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -918,28 +918,28 @@ create_schedule_data_reset (create_schedule_data_t *data) */ typedef struct { - char *alive_tests; ///< Alive tests. - char *allow_simultaneous_ips; ///< Boolean. Whether to scan multiple IPs of a host simultaneously. - char *asset_hosts_filter; ///< Asset hosts. - char *comment; ///< Comment. - char *exclude_hosts; ///< Hosts to exclude from set. - char *reverse_lookup_only; ///< Boolean. Whether to consider only hosts that reverse lookup. - char *reverse_lookup_unify; ///< Boolean. Whether to unify based on reverse lookup. - char *copy; ///< UUID of resource to copy. - char *hosts; ///< Hosts for new target. - char *port_list_id; ///< Port list for new target. - char *port_range; ///< Port range for new target. - char *ssh_credential_id; ///< SSH credential for new target. - char *ssh_lsc_credential_id; ///< SSH credential (deprecated). - char *ssh_elevate_credential_id ; ///< SSH elevation credential. - char *ssh_port; ///< Port for SSH. - char *ssh_lsc_port; ///< Port for SSH (deprecated). - char *smb_credential_id; ///< SMB credential for new target. - char *smb_lsc_credential_id; ///< SMB credential (deprecated). - char *esxi_credential_id; ///< ESXi credential for new target. - char *esxi_lsc_credential_id; ///< ESXi credential (deprecated). - char *snmp_credential_id; ///< SNMP credential for new target. - char *name; ///< Name of new target. + char *alive_tests; ///< Alive tests. + char *allow_simultaneous_ips; ///< Boolean. Whether to scan multiple IPs of a host simultaneously. + char *asset_hosts_filter; ///< Asset hosts. + char *comment; ///< Comment. + char *exclude_hosts; ///< Hosts to exclude from set. + char *reverse_lookup_only; ///< Boolean. Whether to consider only hosts that reverse lookup. + char *reverse_lookup_unify; ///< Boolean. Whether to unify based on reverse lookup. + char *copy; ///< UUID of resource to copy. + char *hosts; ///< Hosts for new target. + char *port_list_id; ///< Port list for new target. + char *port_range; ///< Port range for new target. + char *ssh_credential_id; ///< SSH credential for new target. + char *ssh_lsc_credential_id; ///< SSH credential (deprecated). + char *ssh_elevate_credential_id; ///< SSH elevation credential. + char *ssh_port; ///< Port for SSH. + char *ssh_lsc_port; ///< Port for SSH (deprecated). + char *smb_credential_id; ///< SMB credential for new target. + char *smb_lsc_credential_id; ///< SMB credential (deprecated). + char *esxi_credential_id; ///< ESXi credential for new target. + char *esxi_lsc_credential_id; ///< ESXi credential (deprecated). + char *snmp_credential_id; ///< SNMP credential for new target. + char *name; ///< Name of new target. } create_target_data_t; /** @@ -16450,16 +16450,19 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error) { char *ssh_name, *ssh_uuid, *smb_name, *smb_uuid; char *esxi_name, *esxi_uuid, *snmp_name, *snmp_uuid; + char *ssh_elevate_name, *ssh_elevate_uuid; const char *port_list_uuid, *port_list_name, *ssh_port; const char *hosts, *exclude_hosts, *reverse_lookup_only; const char *reverse_lookup_unify, *allow_simultaneous_ips; credential_t ssh_credential, smb_credential; credential_t esxi_credential, snmp_credential; + credential_t ssh_elevate_credential; int port_list_trash, max_hosts, port_list_available; int ssh_credential_available; int smb_credential_available; int esxi_credential_available; int snmp_credential_available; + int ssh_elevate_credential_available; ret = get_next (&targets, &get_targets_data->get, &first, &count, init_target_iterator); @@ -16475,6 +16478,7 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error) smb_credential = target_iterator_smb_credential (&targets); esxi_credential = target_iterator_esxi_credential (&targets); snmp_credential = target_iterator_snmp_credential (&targets); + ssh_elevate_credential = target_iterator_ssh_elevate_credential (&targets); ssh_credential_available = 1; if (get_targets_data->get.trash && target_iterator_ssh_trash (&targets)) @@ -16587,6 +16591,35 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error) snmp_name = NULL; snmp_uuid = NULL; } + ssh_elevate_credential_available = 1; + if (get_targets_data->get.trash + && target_iterator_ssh_elevate_trash (&targets)) + { + ssh_elevate_name + = trash_credential_name (ssh_elevate_credential); + ssh_elevate_uuid + = trash_credential_uuid (ssh_elevate_credential); + ssh_elevate_credential_available + = trash_credential_readable (ssh_elevate_credential); + } + else if (ssh_elevate_credential) + { + credential_t found; + + ssh_elevate_name = credential_name (ssh_elevate_credential); + ssh_elevate_uuid = credential_uuid (ssh_elevate_credential); + if (find_credential_with_permission + (ssh_elevate_uuid, + &found, + "get_credentials")) + abort (); + ssh_elevate_credential_available = (found > 0); + } + else + { + ssh_elevate_name = NULL; + ssh_elevate_uuid = NULL; + } port_list_uuid = target_iterator_port_list_uuid (&targets); port_list_name = target_iterator_port_list_name (&targets); port_list_trash = target_iterator_port_list_trash (&targets); @@ -16685,6 +16718,18 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error) SEND_TO_CLIENT_OR_FAIL (""); SENDF_TO_CLIENT_OR_FAIL ("" + "" + "%s" + "%i", + ssh_elevate_uuid ? ssh_elevate_uuid : "", + ssh_elevate_name ? ssh_elevate_name : "", + (get_targets_data->get.trash + && target_iterator_ssh_elevate_trash (&targets))); + + if (ssh_elevate_credential_available == 0) + SEND_TO_CLIENT_OR_FAIL (""); + + SENDF_TO_CLIENT_OR_FAIL ("" "" "%s" "" @@ -16740,6 +16785,8 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error) free (smb_uuid); free (esxi_name); free (esxi_uuid); + free (ssh_elevate_name); + free (ssh_elevate_uuid); } cleanup_iterator (&targets); filtered = get_targets_data->get.id diff --git a/src/manage.h b/src/manage.h index b63e3d833..1e490f7b5 100644 --- a/src/manage.h +++ b/src/manage.h @@ -1643,6 +1643,9 @@ target_iterator_esxi_credential (iterator_t*); int target_iterator_snmp_credential (iterator_t*); +int +target_iterator_ssh_elevate_credential (iterator_t*); + int target_iterator_ssh_trash (iterator_t*); @@ -1655,6 +1658,9 @@ target_iterator_esxi_trash (iterator_t*); int target_iterator_snmp_trash (iterator_t*); +int +target_iterator_ssh_elevate_trash (iterator_t*); + const char* target_iterator_allow_simultaneous_ips (iterator_t*); diff --git a/src/manage_sql.c b/src/manage_sql.c index e5bb6add7..43cd3a1d1 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -31565,92 +31565,104 @@ modify_target (const char *target_id, const char *name, const char *hosts, #define TARGET_ITERATOR_FILTER_COLUMNS \ { GET_ITERATOR_FILTER_COLUMNS, "hosts", "exclude_hosts", "ips", "port_list", \ "ssh_credential", "smb_credential", "esxi_credential", "snmp_credential", \ - NULL } + "ssh_elevate_credential", NULL } /** * @brief Target iterator columns. */ -#define TARGET_ITERATOR_COLUMNS \ - { \ - GET_ITERATOR_COLUMNS (targets), \ - { "hosts", NULL, KEYWORD_TYPE_STRING }, \ - { "target_credential (id, 0, CAST ('ssh' AS text))", \ - NULL, \ - KEYWORD_TYPE_INTEGER }, \ - { "target_login_port (id, 0, CAST ('ssh' AS text))", \ - "ssh_port", \ - KEYWORD_TYPE_INTEGER }, \ - { "target_credential (id, 0, CAST ('smb' AS text))", \ - NULL, \ - KEYWORD_TYPE_INTEGER }, \ - { "port_list", NULL, KEYWORD_TYPE_INTEGER }, \ - { "0", NULL, KEYWORD_TYPE_INTEGER }, \ - { "0", NULL, KEYWORD_TYPE_INTEGER }, \ - { \ - "(SELECT uuid FROM port_lists" \ - " WHERE port_lists.id = port_list)", \ - NULL, \ - KEYWORD_TYPE_STRING \ - }, \ - { \ - "(SELECT name FROM port_lists" \ - " WHERE port_lists.id = port_list)", \ - "port_list", \ - KEYWORD_TYPE_STRING \ - }, \ - { "0", NULL, KEYWORD_TYPE_INTEGER }, \ - { "exclude_hosts", NULL, KEYWORD_TYPE_STRING }, \ - { "reverse_lookup_only", NULL, KEYWORD_TYPE_INTEGER }, \ - { "reverse_lookup_unify", NULL, KEYWORD_TYPE_INTEGER }, \ - { "alive_test", NULL, KEYWORD_TYPE_INTEGER }, \ - { "target_credential (id, 0, CAST ('esxi' AS text))", \ - NULL, \ - KEYWORD_TYPE_INTEGER }, \ - { "0", NULL, KEYWORD_TYPE_INTEGER }, \ - { "target_credential (id, 0, CAST ('snmp' AS text))", \ - NULL, \ - KEYWORD_TYPE_INTEGER }, \ - { "0", NULL, KEYWORD_TYPE_INTEGER }, \ - { "allow_simultaneous_ips", \ - NULL, \ - KEYWORD_TYPE_INTEGER }, \ - { \ - "(SELECT name FROM credentials" \ - " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('ssh' AS text)))", \ - "ssh_credential", \ - KEYWORD_TYPE_STRING \ - }, \ - { \ - "(SELECT name FROM credentials" \ - " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('smb' AS text)))", \ - "smb_credential", \ - KEYWORD_TYPE_STRING \ - }, \ - { \ - "(SELECT name FROM credentials" \ - " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('esxi' AS text)))", \ - "esxi_credential", \ - KEYWORD_TYPE_STRING \ - }, \ - { \ - "(SELECT name FROM credentials" \ - " WHERE credentials.id" \ - " = target_credential (targets.id, 0," \ - " CAST ('snmp' AS text)))", \ - "snmp_credential", \ - KEYWORD_TYPE_STRING \ - }, \ - { "hosts", NULL, KEYWORD_TYPE_STRING }, \ - { "max_hosts (hosts, exclude_hosts)", \ - "ips", \ - KEYWORD_TYPE_INTEGER }, \ - { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ +#define TARGET_ITERATOR_COLUMNS \ + { \ + GET_ITERATOR_COLUMNS (targets), \ + { "hosts", NULL, KEYWORD_TYPE_STRING }, \ + { "target_credential (id, 0, CAST ('ssh' AS text))", \ + NULL, \ + KEYWORD_TYPE_INTEGER }, \ + { "target_login_port (id, 0, CAST ('ssh' AS text))", \ + "ssh_port", \ + KEYWORD_TYPE_INTEGER }, \ + { "target_credential (id, 0, CAST ('smb' AS text))", \ + NULL, \ + KEYWORD_TYPE_INTEGER }, \ + { "port_list", NULL, KEYWORD_TYPE_INTEGER }, \ + { "0", NULL, KEYWORD_TYPE_INTEGER }, \ + { "0", NULL, KEYWORD_TYPE_INTEGER }, \ + { \ + "(SELECT uuid FROM port_lists" \ + " WHERE port_lists.id = port_list)", \ + NULL, \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(SELECT name FROM port_lists" \ + " WHERE port_lists.id = port_list)", \ + "port_list", \ + KEYWORD_TYPE_STRING \ + }, \ + { "0", NULL, KEYWORD_TYPE_INTEGER }, \ + { "exclude_hosts", NULL, KEYWORD_TYPE_STRING }, \ + { "reverse_lookup_only", NULL, KEYWORD_TYPE_INTEGER }, \ + { "reverse_lookup_unify", NULL, KEYWORD_TYPE_INTEGER }, \ + { "alive_test", NULL, KEYWORD_TYPE_INTEGER }, \ + { "target_credential (id, 0, CAST ('esxi' AS text))", \ + NULL, \ + KEYWORD_TYPE_INTEGER }, \ + { "0", NULL, KEYWORD_TYPE_INTEGER }, \ + { "target_credential (id, 0, CAST ('snmp' AS text))", \ + NULL, \ + KEYWORD_TYPE_INTEGER }, \ + { "0", NULL, KEYWORD_TYPE_INTEGER }, \ + { "target_credential (id, 0, CAST ('elevate' AS text))", \ + NULL, \ + KEYWORD_TYPE_INTEGER }, \ + { "0", NULL, KEYWORD_TYPE_INTEGER }, \ + { "allow_simultaneous_ips", \ + NULL, \ + KEYWORD_TYPE_INTEGER }, \ + { \ + "(SELECT name FROM credentials" \ + " WHERE credentials.id" \ + " = target_credential (targets.id, 0," \ + " CAST ('ssh' AS text)))", \ + "ssh_credential", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(SELECT name FROM credentials" \ + " WHERE credentials.id" \ + " = target_credential (targets.id, 0," \ + " CAST ('smb' AS text)))", \ + "smb_credential", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(SELECT name FROM credentials" \ + " WHERE credentials.id" \ + " = target_credential (targets.id, 0," \ + " CAST ('esxi' AS text)))", \ + "esxi_credential", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(SELECT name FROM credentials" \ + " WHERE credentials.id" \ + " = target_credential (targets.id, 0," \ + " CAST ('snmp' AS text)))", \ + "snmp_credential", \ + KEYWORD_TYPE_STRING \ + }, \ + { \ + "(SELECT name FROM credentials" \ + " WHERE credentials.id" \ + " = target_credential (targets.id, 0," \ + " CAST ('elevate' AS text)))", \ + "ssh_elevate_credential", \ + KEYWORD_TYPE_STRING \ + }, \ + { "hosts", NULL, KEYWORD_TYPE_STRING }, \ + { "max_hosts (hosts, exclude_hosts)", \ + "ips", \ + KEYWORD_TYPE_INTEGER }, \ + { NULL, NULL, KEYWORD_TYPE_UNKNOWN } \ } /** @@ -32039,6 +32051,38 @@ target_iterator_snmp_trash (iterator_t* iterator) return ret; } +/** + * @brief Get the ELEVATE LSC credential from a target iterator. + * + * @param[in] iterator Iterator. + * + * @return ELEVATE LSC credential. + */ +int +target_iterator_ssh_elevate_credential (iterator_t* iterator) +{ + int ret; + if (iterator->done) return -1; + ret = iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 18); + return ret; +} + +/** + * @brief Get the ELEVATE LSC credential location from a target iterator. + * + * @param[in] iterator Iterator. + * + * @return ELEVATE LSC credential. + */ +int +target_iterator_ssh_elevate_trash (iterator_t* iterator) +{ + int ret; + if (iterator->done) return -1; + ret = iterator_int (iterator, GET_ITERATOR_COLUMN_COUNT + 19); + return ret; +} + /** * @brief Get the allow_simultaneous_ips value from a target iterator. * @@ -32047,7 +32091,7 @@ target_iterator_snmp_trash (iterator_t* iterator) * @return allow_simult_ips_same_host or NULL if iteration is complete. */ DEF_ACCESS (target_iterator_allow_simultaneous_ips, - GET_ITERATOR_COLUMN_COUNT + 18); + GET_ITERATOR_COLUMN_COUNT + 20); /** * @brief Return the UUID of a tag. @@ -32297,6 +32341,19 @@ target_esxi_credential (target_t target) return target_credential (target, "esxi"); } +/** + * @brief Return the ELEVATE credential associated with a target, if any. + * + * @param[in] target Target. + * + * @return ELEVATE credential if any, else 0. + */ +credential_t +target_ssh_elevate_credential (target_t target) +{ + return target_credential (target, "elevate"); +} + /** * @brief Return the port list associated with a target, if any. * diff --git a/src/manage_sql.h b/src/manage_sql.h index cdedfa39b..2a084f5a4 100644 --- a/src/manage_sql.h +++ b/src/manage_sql.h @@ -314,6 +314,7 @@ port_list_t target_port_list (target_t); credential_t target_ssh_credential (target_t); credential_t target_smb_credential (target_t); credential_t target_esxi_credential (target_t); +credential_t target_ssh_elevate_credential (target_t); int create_current_report (task_t, char **, task_status_t); From 62243256e9fdbe22e2c438f50df8cbdeda8ef05c Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 27 May 2021 15:07:38 +0200 Subject: [PATCH 04/12] Add CANGELOG-entry for Extend GMP for new privilege escalation credential (cherry picked from commit 605b24c589d7b4905432459917064058659019e1) # Conflicts: # CHANGELOG.md --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7f9ec8e2..ef446e577 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [21.4.1] (unreleased) ### Added +<<<<<<< HEAD - Add NVT tag "deprecated" [#1536](https://github.com/greenbone/gvmd/pull/1536) +======= +- Add a new modification_time column to reports [#1513](https://github.com/greenbone/gvmd/pull/1513), [#1519](https://github.com/greenbone/gvmd/pull/1519) +- Extend GMP for new privilege escalation credential[#1535](https://github.com/greenbone/gvmd/pull/1535) + +### Changed +- Use pg-gvm extension for C PostgreSQL functions [#1400](https://github.com/greenbone/gvmd/pull/1400), [#1453](https://github.com/greenbone/gvmd/pull/1453) +>>>>>>> 605b24c58 (Add CANGELOG-entry for Extend GMP for new privilege escalation credential) ### Changed - Update default log config [#1501](https://github.com/greenbone/gvmd/pull/1501) From b5205184324e3a3fa58a97c1085035146773a698 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 28 May 2021 11:33:40 +0200 Subject: [PATCH 05/12] Fix formatting for new ssh_elevate_credential (cherry picked from commit 999d56f3c1e9be88d27169891767d075e55d0ff5) --- src/gmp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/gmp.c b/src/gmp.c index 940e9db8a..2463c3c91 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -16478,7 +16478,8 @@ handle_get_targets (gmp_parser_t *gmp_parser, GError **error) smb_credential = target_iterator_smb_credential (&targets); esxi_credential = target_iterator_esxi_credential (&targets); snmp_credential = target_iterator_snmp_credential (&targets); - ssh_elevate_credential = target_iterator_ssh_elevate_credential (&targets); + ssh_elevate_credential + = target_iterator_ssh_elevate_credential (&targets); ssh_credential_available = 1; if (get_targets_data->get.trash && target_iterator_ssh_trash (&targets)) From 62100a0c0ccaa6dd7aadc99e2346bd9fa4f28201 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 28 May 2021 11:34:11 +0200 Subject: [PATCH 06/12] Fix formatting for new ssh_elevate_credential (cherry picked from commit e7281cfa1bd69c09bfb161af527caf72510d3ee0) --- src/gmp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/gmp.c b/src/gmp.c index 2463c3c91..0f06dabab 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -21480,7 +21480,8 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, case CLIENT_CREATE_TARGET: { - credential_t ssh_credential = 0, ssh_elevate_credential = 0, smb_credential = 0; + credential_t ssh_credential = 0, ssh_elevate_credential = 0; + credential_t smb_credential = 0; credential_t esxi_credential = 0, snmp_credential = 0; target_t new_target; From 578eaae621ed7d9c395ca3a3a2e8decd3270e185 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 28 May 2021 11:35:18 +0200 Subject: [PATCH 07/12] Fix formatting for new ssh_elevate_credential (cherry picked from commit 4b4862d27c91c90c19f9b87471524f09fa127a9f) --- src/gmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gmp.c b/src/gmp.c index 0f06dabab..76591d268 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -24225,7 +24225,7 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, modify_target_data->ssh_credential_id ? modify_target_data->ssh_credential_id : modify_target_data->ssh_lsc_credential_id, - modify_target_data->ssh_elevate_credential_id, + modify_target_data->ssh_elevate_credential_id, modify_target_data->ssh_credential_id ? modify_target_data->ssh_port : modify_target_data->ssh_lsc_port, From 1d15936c47d3adfd14cb20a2601ed3fb34e82ae4 Mon Sep 17 00:00:00 2001 From: Timo Pollmeier Date: Fri, 28 May 2021 11:37:17 +0200 Subject: [PATCH 08/12] Fix formatting for new ssh_elevate_credential (cherry picked from commit db13a38ff27ab2f0b15e9b5fed52116ce1aed974) --- src/manage.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/manage.h b/src/manage.h index 1e490f7b5..50cb32128 100644 --- a/src/manage.h +++ b/src/manage.h @@ -1585,9 +1585,10 @@ find_target_with_permission (const char *, target_t *, const char *); int create_target (const char*, const char*, const char*, const char*, const char*, - const char *, const char*, credential_t, credential_t, const char*, - credential_t, credential_t, credential_t, const char *, - const char *, const char *, const char *, target_t*); + const char *, const char*, credential_t, credential_t, + const char*,credential_t, credential_t, credential_t, + const char *,const char *, const char *, const char *, + target_t*); int copy_target (const char*, const char*, const char *, target_t*); From 4062d1e70b339339db36b53787a35a22b2f80338 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 28 May 2021 12:07:15 +0200 Subject: [PATCH 09/12] Fix formatting for new ssh_elevate_credential. (cherry picked from commit 3df5829d2b4df816b218da5592b6675fe7b6aa78) --- src/manage.h | 4 ++-- src/manage_sql.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/manage.h b/src/manage.h index 50cb32128..6aa30e699 100644 --- a/src/manage.h +++ b/src/manage.h @@ -1586,8 +1586,8 @@ find_target_with_permission (const char *, target_t *, const char *); int create_target (const char*, const char*, const char*, const char*, const char*, const char *, const char*, credential_t, credential_t, - const char*,credential_t, credential_t, credential_t, - const char *,const char *, const char *, const char *, + const char *, credential_t, credential_t, credential_t, + const char *, const char *, const char *, const char *, target_t*); int diff --git a/src/manage_sql.c b/src/manage_sql.c index 43cd3a1d1..74d41c4ca 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -30614,7 +30614,7 @@ create_target (const char* name, const char* asset_hosts_filter, const char* hosts, const char* exclude_hosts, const char* comment, const char* port_list_id, const char* port_range, credential_t ssh_credential, - credential_t ssh_elevate_credential, + credential_t ssh_elevate_credential, const char* ssh_port, credential_t smb_credential, credential_t esxi_credential, credential_t snmp_credential, const char *reverse_lookup_only, @@ -31093,7 +31093,7 @@ int modify_target (const char *target_id, const char *name, const char *hosts, const char *exclude_hosts, const char *comment, const char *port_list_id, const char *ssh_credential_id, - const char *ssh_elevate_credential_id, + const char *ssh_elevate_credential_id, const char *ssh_port, const char *smb_credential_id, const char *esxi_credential_id, const char* snmp_credential_id, const char *reverse_lookup_only, @@ -31655,7 +31655,7 @@ modify_target (const char *target_id, const char *name, const char *hosts, " WHERE credentials.id" \ " = target_credential (targets.id, 0," \ " CAST ('elevate' AS text)))", \ - "ssh_elevate_credential", \ + "ssh_elevate_credential", \ KEYWORD_TYPE_STRING \ }, \ { "hosts", NULL, KEYWORD_TYPE_STRING }, \ From 357140a91292b569559392d1b8d0e86949c9b48e Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 28 May 2021 12:17:47 +0200 Subject: [PATCH 10/12] Added consistency checks for the new ssh_elevate_credential in manage_sql.c: Added a check, if there is a ssh_credential when a ssh_elevate_credential is given, in the functions create_target() und modify_target(). If there is no ssh_credential an error code is returned. in gmp.c: Added the according error messages to the error messages sections behind the call of create_target() and modify_target(). (cherry picked from commit 371ed32f4aec57f1634f323f13c396f5cec1bc85) --- src/gmp.c | 15 +++++++++++++++ src/manage_sql.c | 9 +++++++++ 2 files changed, 24 insertions(+) diff --git a/src/gmp.c b/src/gmp.c index 76591d268..37738133b 100644 --- a/src/gmp.c +++ b/src/gmp.c @@ -21771,6 +21771,13 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, " required")); log_event_fail ("target", "Target", NULL, "created"); break; + case 14: + SEND_TO_CLIENT_OR_FAIL + (XML_ERROR_SYNTAX ("create_target", + "The elevate credential requires" + " an SSH credential")); + log_event_fail ("target", "Target", NULL, "created"); + break; case 99: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("create_target", @@ -24469,6 +24476,14 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context, log_event_fail ("target", "Target", modify_target_data->target_id, "modified"); break; + case 24: + SEND_TO_CLIENT_OR_FAIL + (XML_ERROR_SYNTAX ("modify_target", + "The elevate credential requires" + " an SSH credential")); + log_event_fail ("target", "Target", + modify_target_data->target_id, "modified"); + break; case 99: SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX ("modify_target", diff --git a/src/manage_sql.c b/src/manage_sql.c index 74d41c4ca..19475cd4d 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -30641,6 +30641,9 @@ create_target (const char* name, const char* asset_hosts_filter, if (alive_test <= -1) return 7; + if (ssh_elevate_credential && (!ssh_credential)) + return 14; + sql_begin_immediate (); if (acl_user_may ("create_target") == 0) @@ -31120,6 +31123,12 @@ modify_target (const char *target_id, const char *name, const char *hosts, return 13; } + if (ssh_elevate_credential_id && (!ssh_credential_id)) + { + sql_rollback (); + return 24; + } + target = 0; if (find_target_with_permission (target_id, &target, "modify_target")) { From 5039d9db38d277221d2d8c4b2cfcea3d360c9c9e Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 28 May 2021 15:28:35 +0200 Subject: [PATCH 11/12] Added documentation for the new SSH Elevate Credential in manage_sql.c: Adjusted and added the documentation of the return values concerned by the new SSH Elevate Credential in the Doxygen-comments of the functions create_target() and modify_target(). (cherry picked from commit dca05f38ecc3d0e961ae87e01efdace20d94c37b) --- src/manage_sql.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 19475cd4d..0a40a4e15 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -30605,9 +30605,11 @@ target_login_port (target_t target, const char* type) * @return 0 success, 1 target exists already, 2 error in host specification, * 3 too many hosts, 4 error in port range, 5 error in SSH port, * 6 failed to find port list, 7 error in alive tests, - * 8 invalid SSH credential type, 9 invalid SMB credential type, - * 10 invalid ESXi credential type, 11 invalid SNMP credential type, - * 12 port range or port list required, 99 permission denied, -1 error. + * 8 invalid SSH credential type, 9 invalid SSH elevate credential type, + * 10 invalid SMB credential type, 11 invalid ESXi credential type, + * 12 invalid SNMP credential type, 13 port range or port list required, + * 14 SSH elevate credential without an SSH credential, + * 99 permission denied, -1 error. */ int create_target (const char* name, const char* asset_hosts_filter, @@ -31090,7 +31092,8 @@ delete_target (const char *target_id, int ultimate) * 16 failed to find ESXi cred, 17 failed to find SNMP cred, * 18 invalid SSH credential type, 19 invalid SMB credential type, * 20 invalid ESXi credential type, 21 invalid SNMP credential type, - * 99 permission denied, -1 error. + * 22 failed to find SSH elevate cred, 23 invalid SSH elevate + * credential type, 99 permission denied, -1 error. */ int modify_target (const char *target_id, const char *name, const char *hosts, From 85d362b18b4f45a58ca5e1ccd8834b732f7b1258 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Wed, 2 Jun 2021 11:03:10 +0200 Subject: [PATCH 12/12] Resolved CHANGELOG conflict for PR 1535 backport --- CHANGELOG.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ef446e577..ebb92655d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,16 +7,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [21.4.1] (unreleased) ### Added -<<<<<<< HEAD - Add NVT tag "deprecated" [#1536](https://github.com/greenbone/gvmd/pull/1536) -======= -- Add a new modification_time column to reports [#1513](https://github.com/greenbone/gvmd/pull/1513), [#1519](https://github.com/greenbone/gvmd/pull/1519) - Extend GMP for new privilege escalation credential[#1535](https://github.com/greenbone/gvmd/pull/1535) -### Changed -- Use pg-gvm extension for C PostgreSQL functions [#1400](https://github.com/greenbone/gvmd/pull/1400), [#1453](https://github.com/greenbone/gvmd/pull/1453) ->>>>>>> 605b24c58 (Add CANGELOG-entry for Extend GMP for new privilege escalation credential) - ### Changed - Update default log config [#1501](https://github.com/greenbone/gvmd/pull/1501)