Refactor/Extract Common Credential Module #98
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| module Nexpose | ||
|
|
||
| # Contains the shared methods for the SiteCredential and SharedCredential Objects. | ||
| # See Nexpose::SiteCredential or Nexpose::SharedCredential for additional info. | ||
| class Credential | ||
|
|
||
| # Mapping of Common Ports. | ||
| DEFAULT_PORTS = { 'cvs' => 2401, | ||
| 'ftp' => 21, | ||
| 'http' => 80, | ||
| 'as400' => 449, | ||
| 'notes' => 1352, | ||
| 'tds' => 1433, | ||
| 'sybase' => 5000, | ||
| 'cifs' => 445, | ||
| 'cifshash' => 445, | ||
| 'oracle' => 1521, | ||
| 'pop' => 110, | ||
| 'postgresql' => 5432, | ||
| 'remote execution' => 512, | ||
| 'snmp' => 161, | ||
| 'snmpv3' => 161, | ||
| 'ssh' => 22, | ||
| 'ssh-key' => 22, | ||
| 'telnet' => 23, | ||
| 'mysql' => 3306, | ||
| 'db2' => 50000 } | ||
|
|
||
|
|
||
| # Credential type options. | ||
| module Type | ||
|
There was a problem hiding this comment. We should check to see if there are any new ones to go into the constants here. (Yes, unfortunately, it's a manual process.) There was a problem hiding this comment. All synced up, no new ones to add. |
||
| CVS = 'cvs' # Concurrent Versioning System (CVS) | ||
| FTP = 'ftp' # File Transfer Protocol (FTP) | ||
| HTTP = 'http' # Web Site HTTP Authentication | ||
| AS400 = 'as400' # IBM AS/400 | ||
| NOTES = 'notes' # Lotus Notes/Domino | ||
| TDS = 'tds' # Microsoft SQL Server | ||
| SYBASE = 'sybase' # Sybase SQL Server | ||
| CIFS = 'cifs' # Microsoft Windows/Samba (SMB/CIFS) | ||
| CIFSHASH = 'cifshash' # Microsoft Windows/Samba LM/NTLM Hash (SMB/CIFS) | ||
| ORACLE = 'oracle' # Oracle | ||
| POP = 'pop' # Post Office Protocol (POP) | ||
| POSTGRESQL = 'postgresql' # PostgreSQL | ||
| REMOTE_EXECUTION = 'remote execution' # Remote Execution | ||
| SNMP = 'snmp' # Simple Network Management Protocol | ||
| SNMPV3 = 'snmpv3' # Simple Network Management Protocol v3 | ||
| SSH = 'ssh' # Secure Shell (SSH) | ||
| SSH_KEY = 'ssh-key' # Secure Shell (SSH) Public Key | ||
| TELNET = 'telnet' # TELNET | ||
| MYSQL = 'mysql' # MySQL Server | ||
| DB2 = 'db2' # DB2 | ||
| end | ||
|
|
||
|
|
||
| # Permission Elevation / Privilege Escalation Types. | ||
| module ElevationType | ||
| NONE = 'NONE' | ||
| SUDO = 'SUDO' | ||
| SUDOSU = 'SUDOSU' | ||
| SU = 'SU' | ||
| end | ||
|
|
||
|
|
||
| # Test this credential against a target where the credentials should apply. | ||
| # Only works for a newly created credential. Loading an existing credential | ||
| # will likely fail. | ||
| # | ||
| # @param [Connection] nsc An active connection to the security console. | ||
| # @param [String] target Target host to check credentials against. | ||
| # @param [Fixnum] engine_id ID of the engine to use for testing credentials. | ||
| # Will default to the local engine if none is provided. | ||
| # | ||
| def test(nsc, target, engine_id = nil) | ||
| unless engine_id | ||
| engine_id = nsc.engines.find { |e| e.name == 'Local scan engine' }.id | ||
| end | ||
| @port = Credential::DEFAULT_PORTS[@type] if @port.nil? | ||
| parameters = _to_param(target, engine_id, @port) | ||
| xml = AJAX.form_post(nsc, '/ajax/test_admin_credentials.txml', parameters) | ||
| result = REXML::XPath.first(REXML::Document.new(xml), 'TestAdminCredentialsResult') | ||
| result.attributes['success'].to_i == 1 | ||
| end | ||
|
|
||
|
|
||
| def _to_param(target, engine_id, port) | ||
| { engineid: engine_id, | ||
| sc_creds_dev: target, | ||
| sc_creds_svc: @type, | ||
| sc_creds_database: @database, | ||
| sc_creds_domain: @domain, | ||
| sc_creds_uname: @username, | ||
| sc_creds_password: @password, | ||
| sc_creds_pemkey: @pem_key, | ||
| sc_creds_port: port, | ||
| sc_creds_privilegeelevationusername: @privilege_username, | ||
| sc_creds_privilegeelevationpassword: @privilege_password, | ||
| sc_creds_privilegeelevationtype: @privilege_type, | ||
| sc_creds_snmpv3authtype: @auth_type, | ||
| sc_creds_snmpv3privtype: @privacy_type, | ||
| sc_creds_snmpv3privpassword: @privacy_password, | ||
| siteid: -1 } | ||
|
There was a problem hiding this comment. This field doesn't matter, right? Technically we could have a site ID for site credentials, but I don't think it would get used, unless for logging. |
||
| end | ||
|
|
||
| end | ||
|
|
||
|
|
||
| end | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,29 +6,9 @@ module Nexpose | |
| # be passed back as is during a Site Save operation. This object | ||
| # can only be used to create a new set of credentials. | ||
| # | ||
| class SiteCredential < Credential | ||
| include XMLUtils | ||
|
|
||
|
|
||
| # Security blob for an existing set of credentials | ||
| attr_accessor :blob | ||
|
|
@@ -63,6 +43,22 @@ class Credential | |
| # The privacy/encryption pass phrase to use with SNMP v3 credentials | ||
| attr_accessor :privacy_password | ||
|
|
||
| ## Added temporarily while testing the test method. | ||
|
There was a problem hiding this comment. Comment indicates that maybe these should be deleted? |
||
| # The site credential type. See Nexpose::Credential::Type. | ||
| attr_accessor :type | ||
|
There was a problem hiding this comment. Does service == type? Otherwise, I don't know how site creds were working before. There was a problem hiding this comment. Reminder for us to update the Wiki: https://github.com/rapid7/nexpose-client/wiki/Using-Shared-Credentials |
||
| # Permission elevation type. See Nexpose::Credential::ElevationType. | ||
| attr_accessor :privilege_type | ||
| # User name. | ||
| attr_accessor :username | ||
|
There was a problem hiding this comment. If the names are different, we can merge them in a couple ways. We could alias in the attributes, so that existing code isn't broken by changing "name" -> "username". Or, we could have an override of the There was a problem hiding this comment. I setup an alias for username so that the old userid attr can point to username - for consistency with |
||
|
|
||
|
|
||
| def initialize(name, id = -1) | ||
| @name, @id = name, id.to_i | ||
| @sites = [] | ||
| @disabled = [] | ||
| end | ||
|
|
||
|
|
||
| def self.for_service(service, user, password, realm = nil, host = nil, port = nil) | ||
| cred = new | ||
|
There was a problem hiding this comment. This will need to be changed. Either the constructor needs to accept 0 args, or we need to just go ahead an fill them in in this method. |
||
| cred.service = service | ||
|
|
@@ -80,7 +76,7 @@ def add_privilege_credentials(type, username, password) | |
| @priv_username = username | ||
| @priv_password = password | ||
| end | ||
|
|
||
| def add_snmpv3_credentials(auth_type, privacy_type, privacy_password) | ||
| @auth_type = auth_type | ||
| @privacy_type = privacy_type | ||
|
|
@@ -113,7 +109,7 @@ def as_xml | |
| attributes['privilegeelevationtype'] = @priv_type if @priv_type | ||
| attributes['privilegeelevationusername'] = @priv_username if @priv_username | ||
| attributes['privilegeelevationpassword'] = @priv_password if @priv_password | ||
|
|
||
| attributes['snmpv3authtype'] = @auth_type if @auth_type | ||
| attributes['snmpv3privtype'] = @privacy_type if @privacy_type | ||
| attributes['snmpv3privpassword'] = @privacy_password if @privacy_password | ||
|
|
@@ -139,61 +135,6 @@ def hash | |
| to_xml.hash | ||
| end | ||
|
|
||
| end | ||
|
|
||
| # Object that represents Header name-value pairs, associated with Web Session Authentication. | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Want to rename to "shared_credential" as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do.