Add: krb5_gss_session_key, krb5_error_code_to_string

Adds new nasl functions:
- krb5_gss_session_key: to extract the session key
- krb5_error_code_to_string: to translate the stored error code into a
  string.

Usage:
```
sk = krb5_gss_session_key();
display("Error code: " + krb5_error_code_to_string());
```

misc/openvas-krb5.c

@@ -669,7 +669,6 @@ o_krb5_gss_prepare_context (const OKrb5Credential *creds,
   gss_buffer_desc targetbuf = GSS_C_EMPTY_BUFFER;
   const struct OKrb5Target *target = &creds->target;
 
-
   if (gss_context->gss_creds == GSS_C_NO_CREDENTIAL)
     {
       if ((result = okrb5_gss_authenticate (creds, gss_context)))
@@ -809,3 +808,59 @@ o_krb5_gss_session_key_context (struct OKrb5GSSContext *gss_context,
 result:
   return result;
 }
+
+char *
+okrb5_error_code_to_string (const OKrb5ErrorCode code)
+{
+#define HEAP_STRING(var, s)             \
+  do                                    \
+    {                                   \
+      var = calloc (1, strlen (s) + 1); \
+      goto result;                      \
+    }                                   \
+  while (0)
+
+  char *result = NULL;
+  switch (code)
+    {
+    case O_KRB5_SUCCESS:
+      HEAP_STRING (result, "success");
+    case O_KRB5_CONF_NOT_FOUND:
+      HEAP_STRING (result, "krb5.conf not found");
+    case O_KRB5_CONF_NOT_CREATED:
+      HEAP_STRING (result, "krb5.conf not created");
+    case O_KRB5_TMP_CONF_NOT_CREATED:
+      HEAP_STRING (result, "tmp krb5.conf not created");
+    case O_KRB5_TMP_CONF_NOT_MOVED:
+      HEAP_STRING (result, "tmp krb5.conf not moved");
+    case O_KRB5_REALM_NOT_FOUND:
+      HEAP_STRING (result, "realm not found");
+    case O_KRB5_EXPECTED_NULL:
+      HEAP_STRING (result, "expected null");
+    case O_KRB5_EXPECTED_NOT_NULL:
+      HEAP_STRING (result, "expected not null");
+    case O_KRB5_UNABLE_TO_WRITE:
+      HEAP_STRING (result, "unable to write");
+    case O_KRB5_NOMEM:
+      HEAP_STRING (result, "no memory");
+    default:
+      if (code >= O_KRB5_ERROR)
+        {
+          int maj_stat = code - O_KRB5_ERROR;
+          OM_uint32 min_stat;
+          gss_buffer_desc msg;
+          OM_uint32 msg_ctx;
+
+          (void) gss_display_status (&min_stat, maj_stat, GSS_C_GSS_CODE,
+                                     GSS_C_NULL_OID, &msg_ctx, &msg);
+          result = msg.value;
+        }
+      else
+        {
+          result = NULL;
+          goto result;
+        }
+    }
+result:
+  return result;
+}

misc/openvas-krb5.h

@@ -69,8 +69,6 @@ typedef struct
   struct OKrb5Target target;
 } OKrb5Credential;
 
-
-
 // TODO: initializer with default values and NULL
 
 typedef struct
@@ -155,17 +153,18 @@ o_krb5_cache_request (const OKrb5Credential credentials, const char *data,
     }                                             \
   while (0)
 
-
 typedef struct OKrb5GSSContext OKrb5GSSContext;
 // Unsure about bool type
 
 OKrb5ErrorCode
 o_krb5_gss_session_key_context (struct OKrb5GSSContext *gss_context,
                                 struct OKrb5Slice **out);
 
-struct OKrb5GSSContext *okrb5_gss_init_context (void);
+struct OKrb5GSSContext *
+okrb5_gss_init_context (void);
 
-void okrb5_gss_free_context (struct OKrb5GSSContext *context);
+void
+okrb5_gss_free_context (struct OKrb5GSSContext *context);
 
 OKrb5ErrorCode
 o_krb5_gss_prepare_context (const OKrb5Credential *creds,
@@ -176,5 +175,10 @@ o_krb5_gss_update_context (struct OKrb5GSSContext *gss_context,
                            const struct OKrb5Slice *in_data,
                            struct OKrb5Slice **out_data, bool *more);
 
+// Returns NULL if the error code is not found. The returned string must be
+// freed by the caller.
+char *
+okrb5_error_code_to_string (const OKrb5ErrorCode code);
+
 
 #endif

nasl/nasl_init.c

@@ -424,6 +424,8 @@ static init_func libfuncs[] = {
   {"krb5_gss_update_context", nasl_okrb5_gss_update_context},
   {"krb5_gss_update_context_needs_more", nasl_okrb5_gss_update_context_needs_more},
   {"krb5_gss_update_context_out", nasl_okrb5_gss_update_context_out},
+  {"krb5_gss_session_key", nasl_okrb5_gss_session_key_context},
+  {"krb5_error_code_to_string", nasl_okrb5_error_code_to_string},
   {NULL, NULL}};
 
 /* String variables */

nasl/nasl_krb5.c

@@ -284,6 +284,16 @@ nasl_okrb5_gss_update_context_needs_more (lex_ctxt *lexic)
   return retc;
 }
 
+static inline tree_cell *
+okrb5_slice_to_tree_cell (struct OKrb5Slice *slice)
+{
+  tree_cell *retc = alloc_typed_cell (CONST_DATA);
+  printf ("slice->data: %s\n", (char *) slice->data);
+  retc->x.str_val = slice->data;
+  retc->size = slice->len;
+  return retc;
+}
+
 tree_cell *
 nasl_okrb5_gss_update_context_out (lex_ctxt *lexic)
 {
@@ -292,51 +302,37 @@ nasl_okrb5_gss_update_context_out (lex_ctxt *lexic)
     {
       return FAKE_CELL;
     }
-  tree_cell *retc = alloc_typed_cell (CONST_DATA);
-  retc->x.str_val = to_application->data;
-  retc->size = to_application->len;
-  return retc;
+  return okrb5_slice_to_tree_cell (to_application);
 }
 
-/*
-  context = okrb5_gss_init_context ();
-  printf ("Using realm: %s\n", (char *) credentials.realm.data);
-  if ((result = o_krb5_gss_prepare_context (&credentials, context)))
-    {
-      return 1;
-    }
-  printf ("Using realm: %s\n", (char *) credentials.realm.data);
-  // first call always empty
-  if ((result = o_krb5_gss_update_context (context, &from_application,
-                                           &to_application, &more)))
+tree_cell *
+nasl_okrb5_gss_session_key_context (lex_ctxt *lexic)
+{
+  (void) lexic;
+  struct OKrb5Slice *session_key = NULL;
+  if (cached_gss_context == NULL)
     {
-      return 1;
+      printf ("cached_gss_context is NULL\n");
+      last_okrb5_result = O_KRB5_EXPECTED_NOT_NULL;
+      return FAKE_CELL;
     }
-  printf ("success: %d: outdata_len: %zu\n", result, to_application->len);
-
-  for (size_t i = 0; i < to_application->len; i++)
+  if ((last_okrb5_result =
+         o_krb5_gss_session_key_context (cached_gss_context, &session_key))
+      != O_KRB5_SUCCESS)
     {
-      printf ("%02x", ((char *) to_application->data)[i]);
+      printf ("o_krb5_gss_session_key_context failed\n");
+      return FAKE_CELL;
     }
-  printf ("\n");
-
-*/
-
-/*
-*OKrb5ErrorCode
-o_krb5_gss_session_key_context (struct OKrb5GSSContext *gss_context,
-                                struct OKrb5Slice **out);
-
-struct OKrb5GSSContext *okrb5_gss_init_context (void);
-
-void okrb5_gss_free_context (struct OKrb5GSSContext *context);
+  return okrb5_slice_to_tree_cell (session_key);
+}
 
-OKrb5ErrorCode
-o_krb5_gss_prepare_context (const OKrb5Credential *creds,
-                            struct OKrb5GSSContext *gss_context);
+tree_cell *
 
-OKrb5ErrorCode
-o_krb5_gss_update_context (struct OKrb5GSSContext *gss_context,
-                           const struct OKrb5Slice *in_data,
-                           struct OKrb5Slice **out_data, bool *more);
-*/
+nasl_okrb5_error_code_to_string (lex_ctxt *lexic)
+{
+  (void) lexic;
+  tree_cell *retc = alloc_typed_cell (CONST_STR);
+  retc->x.str_val = okrb5_error_code_to_string (last_okrb5_result);
+  retc->size = strlen (retc->x.str_val);
+  return retc;
+}

nasl/nasl_krb5.h

@@ -98,3 +98,10 @@ nasl_okrb5_gss_update_context_needs_more(lex_ctxt *lexic);
 
 tree_cell *
 nasl_okrb5_gss_update_context_out (lex_ctxt *lexic);
+
+
+tree_cell *
+nasl_okrb5_gss_session_key_context (lex_ctxt *lexic);
+
+tree_cell *
+nasl_okrb5_error_code_to_string (lex_ctxt *lexic);

rust/examples/gss.nasl

@@ -29,4 +29,16 @@ if (out) {
 	display('no data?!');
 }
 
+
+soc = open_sock_tcp( 445 );
+if( ! soc ) {
+    return -1;
+}
+
+display("Forking");
+sk = krb5_gss_session_key();
+display("Error code: " + krb5_error_code_to_string());
+display("Session key: " + hexstr(sk));
+
+
 # TODO: provide clean up function