Class: Nexpose::SharedCredential

Inherits:

SharedCredentialSummary

• Object
• SharedCredentialSummary
• Nexpose::SharedCredential

Defined in:

lib/nexpose/shared_cred.rb

Instance Attribute Summary

• #database ⇒ Object

  Database or SID.

• #description ⇒ Object

  Optional description of this credential.

• #disabled ⇒ Object

  Array of sites where this credential has been temporarily disabled.

• #host ⇒ Object

  IP address or host name to restrict this credential to.

• #ntlm_hash ⇒ Object

  Windows/Samba LM/NTLM Hash.

• #password ⇒ Object

  Password or SNMP community name.

• #pem_key ⇒ Object

  PEM-format private key.

• #port ⇒ Object

  Single port to restrict this credential to.

• #privilege_password ⇒ Object

  Password to use when elevating permissions (e.g., sudo).

• #privilege_type ⇒ Object

  Permission elevation type.

• #sites ⇒ Object

  Array of site IDs that this credential is restricted to.

Attributes inherited from SharedCredentialSummary

#all_sites, #domain, #id, #last_modified, #name, #privilege_username, #type, #username

Class Method Summary

• .load(nsc, id) ⇒ Object
• .parse(xml) ⇒ Object

Instance Method Summary

• #initialize(name, id = -1)) ⇒ SharedCredential constructor

  A new instance of SharedCredential.

• #save(nsc) ⇒ Boolean

  Save this credential to the security console.

• #to_xml ⇒ Object

Methods inherited from SharedCredentialSummary

#delete, from_json

Constructor Details

#initialize(name, id = -1)) ⇒ SharedCredential

Returns a new instance of SharedCredential.

# File 'lib/nexpose/shared_cred.rb', line 93

def initialize(name, id = -1)
  @name, @id = name, id.to_i
  @sites = []
  @disabled = []
end

Instance Attribute Details

#database ⇒ Object

Database or SID.

# File 'lib/nexpose/shared_cred.rb', line 71

def database
  @database
end

#description ⇒ Object

Optional description of this credential.

# File 'lib/nexpose/shared_cred.rb', line 68

def description
  @description
end

#disabled ⇒ Object

Array of sites where this credential has been temporarily disabled.

# File 'lib/nexpose/shared_cred.rb', line 91

def disabled
  @disabled
end

#host ⇒ Object

IP address or host name to restrict this credential to.

# File 'lib/nexpose/shared_cred.rb', line 84

def host
  @host
end

#ntlm_hash ⇒ Object

Windows/Samba LM/NTLM Hash.

# File 'lib/nexpose/shared_cred.rb', line 73

def ntlm_hash
  @ntlm_hash
end

#password ⇒ Object

Password or SNMP community name.

# File 'lib/nexpose/shared_cred.rb', line 75

def password
  @password
end

#pem_key ⇒ Object

PEM-format private key.

# File 'lib/nexpose/shared_cred.rb', line 77

def pem_key
  @pem_key
end

#port ⇒ Object

Single port to restrict this credential to.

# File 'lib/nexpose/shared_cred.rb', line 86

def port
  @port
end

#privilege_password ⇒ Object

Password to use when elevating permissions (e.g., sudo).

# File 'lib/nexpose/shared_cred.rb', line 79

def privilege_password
  @privilege_password
end

#privilege_type ⇒ Object

Permission elevation type. See Nexpose::Credential::ElevationType.

# File 'lib/nexpose/shared_cred.rb', line 81

def privilege_type
  @privilege_type
end

#sites ⇒ Object

Array of site IDs that this credential is restricted to.

# File 'lib/nexpose/shared_cred.rb', line 89

def sites
  @sites
end

Class Method Details

.load(nsc, id) ⇒ Object

# File 'lib/nexpose/shared_cred.rb', line 99

def self.load(nsc, id)
  response = AJAX.get(nsc, "/data/credential/shared/get?credid=#{id}")
  parse(response)
end

.parse(xml) ⇒ Object

# File 'lib/nexpose/shared_cred.rb', line 156

def self.parse(xml)
  rexml = REXML::Document.new(xml)
  rexml.elements.each('Credential') do |c|
    cred = new(c.elements['Name'].text, c.attributes['id'].to_i)

    desc = c.elements['Description']
    cred.description = desc.text if desc

    c.elements.each('Account/Field') do |field|
      case field.attributes['name']
      when 'database'
        cred.database = field.text
      when 'domain'
        cred.domain = field.text
      when 'username'
        cred.username = field.text
      when 'password'
        cred.password = field.text
      when 'ntlmhash'
        cred.ntlm_hash = field.text
      when 'pemkey'
        cred.pem_key = field.text
      when 'privilegeelevationusername'
        cred.privilege_username = field.text
      when 'privilegeelevationpassword'
        cred.privilege_password = field.text
      when 'privilegeelevationtype'
        cred.privilege_type = field.text
      end
    end

    service = REXML::XPath.first(c, 'Services/Service')
    cred.type = service.attributes['type']

    c.elements.each('Restrictions/Restriction') do |r|
      cred.host = r.text if r.attributes['type'] == 'host'
      cred.port = r.text.to_i if r.attributes['type'] == 'port'
    end

    sites = REXML::XPath.first(c, 'Sites')
    cred.all_sites = sites.attributes['all'] == '1'

    sites.elements.each('Site') do |site|
      site_id = site.attributes['id'].to_i
      cred.sites << site_id unless cred.all_sites
      cred.disabled << site_id if site.attributes['enabled'] == '0'
    end

    return cred
  end
  nil
end

Instance Method Details

#save(nsc) ⇒ Boolean

Save this credential to the security console.

Parameters:

• nsc (Connection) —

  An active connection to a Nexpose console.

Returns:

• (Boolean) —

  Whether the save succeeded.

# File 'lib/nexpose/shared_cred.rb', line 109

def save(nsc)
  response = AJAX.post(nsc, '/data/credential/shared/save', to_xml)
  !!(response =~ /success="1"/)
end

#to_xml ⇒ Object

# File 'lib/nexpose/shared_cred.rb', line 114

def to_xml
  xml = '<Credential '
  xml << %( id="#{@id}">)

  xml << %(<Name>#{@name}</Name>)
  xml << %(<Description>#{@description}</Description>)

  xml << %(<Services><Service type="#{@type}"></Service></Services>)

  xml << '<Account type="nexpose">'
  xml << %(<Field name="database">#{@database}</Field>)
  xml << %(<Field name="domain">#{@domain}</Field>)
  xml << %(<Field name="username">#{@username}</Field>)
  xml << %(<Field name="ntlmhash">#{@ntlm_hash}</Field>) if @ntlm_hash
  xml << %(<Field name="password">#{@password}</Field>) if @password
  xml << %(<Field name="pemkey">#{@pem_key}</Field>) if @pem_key
  xml << %(<Field name="privilegeelevationusername">#{@privilege_username}</Field>)
  xml << %(<Field name="privilegeelevationpassword">#{@privilege_password}</Field>) if @privilege_password
  xml << %(<Field name="privilegeelevationtype">#{@privilege_type}</Field>) if @privilege_type
  xml << '</Account>'

  xml << '<Restrictions>'
  xml << %(<Restriction type="host">#{@host}</Restriction>) if @host
  xml << %(<Restriction type="port">#{@port}</Restriction>) if @port
  xml << '</Restrictions>'

  xml << %(<Sites all="#{@all_sites ? 1 : 0}">)
  @sites.each do |site|
    xml << %(<Site id="#{site}")
    xml << ' enabled="0"' if @disabled.member? site
    xml << '></Site>'
  end
  if @sites.empty?
    @disabled.each do |site|
      xml << %(<Site id="#{site}" enabled="0"></Site>)
    end
  end
  xml << '</Sites>'

  xml << '</Credential>'
end