Class: Nexpose::SharedCredential
- Inherits:
-
SharedCredentialSummary
- Object
- APIObject
- Credential
- SharedCredentialSummary
- Nexpose::SharedCredential
- Defined in:
- lib/nexpose/shared_credential.rb
Constant Summary
Constants inherited from Credential
Instance Attribute Summary collapse
-
#auth_type ⇒ Object
Authentication type of SNMP v3 credential.
-
#database ⇒ Object
Database or SID.
-
#description ⇒ Object
Optional description of this credential.
-
#disabled ⇒ Object
Array of sites where this credential has been temporarily disabled.
-
#host ⇒ Object
IP address or host name to restrict this credential to.
-
#ntlm_hash ⇒ Object
Windows/Samba LM/NTLM Hash.
-
#password ⇒ Object
Password or SNMP community name.
-
#pem_key ⇒ Object
PEM-format private key.
-
#port ⇒ Object
Single port to restrict this credential to.
-
#privacy_password ⇒ Object
Privacty password of SNMP v3 credential.
-
#privacy_type ⇒ Object
Privacy type of SNMP v3 credential.
-
#privilege_password ⇒ Object
(also: #permission_elevation_password)
Password to use when elevating permissions (e.g., sudo).
-
#privilege_type ⇒ Object
(also: #permission_elevation_type)
Permission elevation type.
-
#sites ⇒ Object
Array of site IDs that this credential is restricted to.
Attributes inherited from SharedCredentialSummary
#all_sites, #domain, #id, #last_modified, #name, #privilege_username, #service, #username
Class Method Summary collapse
Instance Method Summary collapse
- #_to_param(target, engine_id, port, siteid) ⇒ Object
- #as_xml ⇒ Object
-
#initialize(name, id = -1)) ⇒ SharedCredential
constructor
A new instance of SharedCredential.
-
#save(nsc) ⇒ Boolean
Save this credential to the security console.
-
#test(nsc, target, engine_id = nil, siteid = -1)) ⇒ Object
Test this credential against a target where the credentials should apply.
- #to_xml ⇒ Object
Methods inherited from SharedCredentialSummary
Methods included from CredentialHelper
#set_as400_service, #set_cifs_service, #set_cifshash_service, #set_cvs_service, #set_db2_service, #set_ftp_service, #set_http_service, #set_mysql_service, #set_notes_service, #set_oracle_service, #set_pop_service, #set_postgresql_service, #set_remote_execution_service, #set_snmp_service, #set_snmpv3_service, #set_ssh_key_service, #set_ssh_service, #set_sybase_service, #set_tds_service, #set_telnet_service
Methods inherited from APIObject
Constructor Details
#initialize(name, id = -1)) ⇒ SharedCredential
Returns a new instance of SharedCredential.
108 109 110 111 112 113 |
# File 'lib/nexpose/shared_credential.rb', line 108 def initialize(name, id = -1) @name = name @id = id.to_i @sites = [] @disabled = [] end |
Instance Attribute Details
#auth_type ⇒ Object
Authentication type of SNMP v3 credential
95 96 97 |
# File 'lib/nexpose/shared_credential.rb', line 95 def auth_type @auth_type end |
#database ⇒ Object
Database or SID.
77 78 79 |
# File 'lib/nexpose/shared_credential.rb', line 77 def database @database end |
#description ⇒ Object
Optional description of this credential.
74 75 76 |
# File 'lib/nexpose/shared_credential.rb', line 74 def description @description end |
#disabled ⇒ Object
Array of sites where this credential has been temporarily disabled.
106 107 108 |
# File 'lib/nexpose/shared_credential.rb', line 106 def disabled @disabled end |
#host ⇒ Object
IP address or host name to restrict this credential to.
99 100 101 |
# File 'lib/nexpose/shared_credential.rb', line 99 def host @host end |
#ntlm_hash ⇒ Object
Windows/Samba LM/NTLM Hash.
79 80 81 |
# File 'lib/nexpose/shared_credential.rb', line 79 def ntlm_hash @ntlm_hash end |
#password ⇒ Object
Password or SNMP community name.
81 82 83 |
# File 'lib/nexpose/shared_credential.rb', line 81 def password @password end |
#pem_key ⇒ Object
PEM-format private key.
83 84 85 |
# File 'lib/nexpose/shared_credential.rb', line 83 def pem_key @pem_key end |
#port ⇒ Object
Single port to restrict this credential to.
101 102 103 |
# File 'lib/nexpose/shared_credential.rb', line 101 def port @port end |
#privacy_password ⇒ Object
Privacty password of SNMP v3 credential
93 94 95 |
# File 'lib/nexpose/shared_credential.rb', line 93 def privacy_password @privacy_password end |
#privacy_type ⇒ Object
Privacy type of SNMP v3 credential
97 98 99 |
# File 'lib/nexpose/shared_credential.rb', line 97 def privacy_type @privacy_type end |
#privilege_password ⇒ Object Also known as: permission_elevation_password
Password to use when elevating permissions (e.g., sudo).
85 86 87 |
# File 'lib/nexpose/shared_credential.rb', line 85 def privilege_password @privilege_password end |
#privilege_type ⇒ Object Also known as: permission_elevation_type
Permission elevation type. See Nexpose::Credential::ElevationType.
89 90 91 |
# File 'lib/nexpose/shared_credential.rb', line 89 def privilege_type @privilege_type end |
#sites ⇒ Object
Array of site IDs that this credential is restricted to.
104 105 106 |
# File 'lib/nexpose/shared_credential.rb', line 104 def sites @sites end |
Class Method Details
.load(nsc, id) ⇒ Object
115 116 117 118 |
# File 'lib/nexpose/shared_credential.rb', line 115 def self.load(nsc, id) response = AJAX.get(nsc, "/data/credential/shared/get?credid=#{id}") parse(response) end |
.parse(xml) ⇒ Object
218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 |
# File 'lib/nexpose/shared_credential.rb', line 218 def self.parse(xml) rexml = REXML::Document.new(xml) rexml.elements.each('Credential') do |c| cred = new(c.elements['Name'].text, c.attributes['id'].to_i) desc = c.elements['Description'] cred.description = desc.text if desc c.elements.each('Account/Field') do |field| case field.attributes['name'] when 'database' cred.database = field.text when 'domain' cred.domain = field.text when 'username' cred.username = field.text when 'password' cred.password = field.text when 'ntlmhash' cred.ntlm_hash = field.text when 'pemkey' cred.pem_key = field.text when 'privilegeelevationusername' cred.privilege_username = field.text when 'privilegeelevationpassword' cred.privilege_password = field.text when 'privilegeelevationtype' cred.privilege_type = field.text when 'snmpv3authtype' cred.auth_type = field.text when 'snmpv3privtype' cred.privacy_type = field.text when 'snmpv3privpassword' cred.privacy_password = field.text end end service = REXML::XPath.first(c, 'Services/Service') cred.type = service.attributes['type'] c.elements.each('Restrictions/Restriction') do |r| cred.host = r.text if r.attributes['type'] == 'host' cred.port = r.text.to_i if r.attributes['type'] == 'port' end sites = REXML::XPath.first(c, 'Sites') cred.all_sites = sites.attributes['all'] == '1' sites.elements.each('Site') do |site| site_id = site.attributes['id'].to_i cred.sites << site_id unless cred.all_sites cred.disabled << site_id if site.attributes['enabled'] == '0' end return cred end nil end |
Instance Method Details
#_to_param(target, engine_id, port, siteid) ⇒ Object
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 |
# File 'lib/nexpose/shared_credential.rb', line 195 def _to_param(target, engine_id, port, siteid) { engineid: engine_id, sc_creds_dev: target, sc_creds_svc: @service, sc_creds_database: @database, sc_creds_domain: @domain, sc_creds_uname: @username, sc_creds_password: @password, sc_creds_pemkey: @pem_key, sc_creds_port: port, sc_creds_privilegeelevationusername: @privilege_username, sc_creds_privilegeelevationpassword: @privilege_password, sc_creds_privilegeelevationtype: @privilege_type, sc_creds_snmpv3authtype: @auth_type, sc_creds_snmpv3privtype: @privacy_type, sc_creds_snmpv3privpassword: @privacy_password, siteid: siteid } end |
#as_xml ⇒ Object
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 |
# File 'lib/nexpose/shared_credential.rb', line 130 def as_xml xml = REXML::Element.new('Credential') xml.add_attribute('id', @id) xml.add_element('Name').add_text(@name) xml.add_element('Description').add_text(@description) services = xml.add_element('Services') services.add_element('Service').add_attribute('type', @service) (account = xml.add_element('Account')).add_attribute('type', 'nexpose') account.add_element('Field', { 'name' => 'database' }).add_text(@database) account.add_element('Field', { 'name' => 'domain' }).add_text(@domain) account.add_element('Field', { 'name' => 'username' }).add_text(@username) account.add_element('Field', { 'name' => 'ntlmhash' }).add_text(@ntlm_hash) if @ntlm_hash account.add_element('Field', { 'name' => 'password' }).add_text(@password) if @password account.add_element('Field', { 'name' => 'pemkey' }).add_text(@pem_key) if @pem_key account.add_element('Field', { 'name' => 'privilegeelevationusername' }).add_text(@privilege_username) account.add_element('Field', { 'name' => 'privilegeelevationpassword' }).add_text(@privilege_password) if @privilege_password account.add_element('Field', { 'name' => 'privilegeelevationtype' }).add_text(@privilege_type) if @privilege_type account.add_element('Field', { 'name' => 'snmpv3authtype' }).add_text(@auth_type) if @auth_type account.add_element('Field', { 'name' => 'snmpv3privtype' }).add_text(@privacy_type) if @privacy_type account.add_element('Field', { 'name' => 'snmpv3privpassword' }).add_text(@privacy_password) if @privacy_password restrictions = xml.add_element('Restrictions') restrictions.add_element('Restriction', { 'type' => 'host' }).add_text(@host) if @host restrictions.add_element('Restriction', { 'type' => 'port' }).add_text(@port) if @port sites = xml.add_element('Sites') sites.add_attribute('all', @all_sites ? 1 : 0) @sites.each do |s| site = sites.add_element('Site') site.add_attribute('id', s) site.add_attribute('enabled', 0) if @disabled.member? s end if @sites.empty? @disabled.each do |s| site = sites.add_element('Site') site.add_attribute('id', s) site.add_attribute('enabled', 0) end end xml end |
#save(nsc) ⇒ Boolean
Save this credential to the security console.
125 126 127 128 |
# File 'lib/nexpose/shared_credential.rb', line 125 def save(nsc) response = AJAX.post(nsc, '/data/credential/shared/save', to_xml) !!(response =~ /success="1"/) end |
#test(nsc, target, engine_id = nil, siteid = -1)) ⇒ Object
Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail due to the API not sending password.
184 185 186 187 188 189 190 191 192 193 |
# File 'lib/nexpose/shared_credential.rb', line 184 def test(nsc, target, engine_id = nil, siteid = -1) unless engine_id engine_id = nsc.engines.detect { |e| e.name == 'Local scan engine' }.id end @port = Credential::DEFAULT_PORTS[@service] if @port.nil? parameters = _to_param(target, engine_id, @port, siteid) xml = AJAX.form_post(nsc, '/data/credential/shared/test', parameters) result = REXML::XPath.first(REXML::Document.new(xml), 'TestAdminCredentialsResult') result.attributes['success'].to_i == 1 end |
#to_xml ⇒ Object
214 215 216 |
# File 'lib/nexpose/shared_credential.rb', line 214 def to_xml as_xml.to_s end |