From ea937ec538c189c2560e89cef2d8545ef9d4e1ab Mon Sep 17 00:00:00 2001
From: Philipp Eder <philipp.eder@greenbone.net>
Date: Thu, 24 Oct 2024 11:59:06 +0000
Subject: [PATCH] Add: krb5 credential

To support krb5 a new credential service is required to get the `realm`,
as well as `kdc` in addition to `username` and `password`.

This adds:
```
<credentials>
 <credential type="up" service="krb5">
   <username>scanuser</username>
   <password>mypass</password>
   <realm>myrealm</realm>
   <kdc>mykdc</kdc>
 </credential>
</credentials>
```
---
 ospd_openvas/preferencehandler.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/ospd_openvas/preferencehandler.py b/ospd_openvas/preferencehandler.py
index 9c8c704f..bb8abced 100644
--- a/ospd_openvas/preferencehandler.py
+++ b/ospd_openvas/preferencehandler.py
@@ -32,6 +32,8 @@
 OID_ESXI_AUTH = "1.3.6.1.4.1.25623.1.0.105058"
 OID_SNMP_AUTH = "1.3.6.1.4.1.25623.1.0.105076"
 OID_PING_HOST = "1.3.6.1.4.1.25623.1.0.100315"
+# TODO: check me, check me, check me 
+OID_KRB5_AUTH = "1.3.6.1.4.1.25623.1.81.0"
 
 BOREAS_ALIVE_TEST = "ALIVE_TEST"
 BOREAS_ALIVE_TEST_PORTS = "ALIVE_TEST_PORTS"
@@ -589,6 +591,9 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]:
         for credential in credentials.items():
             service = credential[0]
             cred_params = credentials.get(service)
+            if not cred_params:
+                logger.warning("No credentials parameter found for service %s", service)
+                continue
             cred_type = cred_params.get('type', '')
             username = cred_params.get('username', '')
             password = cred_params.get('password', '')
@@ -665,6 +670,28 @@ def build_credentials_as_prefs(self, credentials: Dict) -> List[str]:
                 cred_prefs_list.append(
                     f'{OID_SMB_AUTH}:2:password:SMB password:|||{password}'
                 )
+            elif service == 'krb5':
+                realm = cred_params.get('realm', '')
+                if not realm:
+                    self.errors.append("Missing realm for Kerberos authentication.")
+                    continue
+                kdc = cred_params.get('kdc', '')
+                if not kdc:
+                    self.errors.append("Missing KDC for Kerberos authentication.")
+                    continue
+                cred_prefs_list.append(
+                    f'{OID_KRB5_AUTH}:1:entry:KRB5 login:|||{username}'
+                )
+                cred_prefs_list.append(
+                    f'{OID_KRB5_AUTH}:2:password:KRB5 password:|||{password}'
+                )
+                cred_prefs_list.append(
+                    f'{OID_KRB5_AUTH}:3:entry:KRB5 realm:|||{realm}'
+                )
+                #TODO: add multiple kdcs
+                cred_prefs_list.append(
+                    f'{OID_KRB5_AUTH}:4:entry:KRB5 kdc:|||{kdc}'
+                )
             # Check service esxi
             elif service == 'esxi':
                 cred_prefs_list.append(