Add: nasl-function: ip_reverse_lookup

To be able to reverse lookup the IP address of either the target or given IP address a new function `ip_reverse_lookup` is introduced. This function does not rely on found vhosts to be easier to use within a krb5 context. It does not fork and just calls `getnameinfo`. The function can used with an IP address: ``` ip_reverse_lookup('1.1.1.1'); ``` and without: ``` ip_reverse_lookup(); ``` When no ip address is given than the target ip address will be used.
greenbone · Dec 17, 2024 · 5bba8b8 · 5bba8b8
1 parent 51cf104
commit 5bba8b8
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 15 deletions.
diff --git a/misc/openvas-krb5.c b/misc/openvas-krb5.c
@@ -534,6 +534,7 @@ okrb5_error_code_to_string (const OKrb5ErrorCode code)
   do                                    \
     {                                   \
       var = calloc (1, strlen (s) + 1); \
+      snprintf (var, strlen (s) + 1, s);    \
       goto result;                      \
     }                                   \
   while (0)
@@ -575,7 +576,6 @@ okrb5_error_code_to_string (const OKrb5ErrorCode code)
         }
       else
         {
-          result = NULL;
           goto result;
         }
     }

diff --git a/nasl/nasl_host.c b/nasl/nasl_host.c
@@ -20,6 +20,7 @@
 #include "../misc/network.h"
 #include "../misc/pcap_openvas.h" /* for v6_is_local_ip */
 #include "../misc/plugutils.h"    /* for plug_get_host_fqdn */
+#include "base/hosts.h"
 #include "nasl_debug.h"
 #include "nasl_func.h"
 #include "nasl_global_ctxt.h"
@@ -234,6 +235,51 @@ get_host_open_port (lex_ctxt *lexic)
   return retc;
 }
 
+tree_cell *
+host_reverse_lookup (lex_ctxt *lexic)
+{
+  char *t = get_str_var_by_num (lexic, 0);
+  gvm_host_t *target = NULL;
+  tree_cell *retc;
+
+  if (t == NULL)
+    {
+      t = plug_get_host_ip_str (lexic->script_infos);
+    }
+  else
+    {
+      // we need to duplicate it as get_str_var_by_name does store it within
+      // string_form which is released with the lex_ctxt release.
+      t = g_strdup (t);
+    }
+  if (t == NULL)
+    {
+      nasl_perror (lexic, "Empty target\n");
+      goto fail;
+    }
+  target = gvm_host_from_str (t);
+  if (target == NULL)
+    {
+      nasl_perror (lexic, "%s: Invalid target\n", t);
+      goto fail;
+    }
+  g_free (t);
+
+  t = gvm_host_reverse_lookup (target);
+  if (t == NULL)
+    {
+      goto fail;
+    }
+
+  retc = alloc_typed_cell (CONST_STR);
+  retc->x.str_val = t;
+  retc->size = strlen (t);
+
+  return retc;
+fail:
+  return FAKE_CELL;
+}
+
 tree_cell *
 get_port_state (lex_ctxt *lexic)
 {

diff --git a/nasl/nasl_host.h b/nasl/nasl_host.h
@@ -62,4 +62,8 @@ nasl_same_host (lex_ctxt *);
 tree_cell *
 nasl_target_is_ipv6 (lex_ctxt *lexic);
 
+
+tree_cell *
+host_reverse_lookup (lex_ctxt *lexic);
+
 #endif
diff --git a/nasl/nasl_init.c b/nasl/nasl_init.c
@@ -133,6 +133,7 @@ static init_func libfuncs[] = {
   {"http2_put", nasl_http2_put},
   {"add_host_name", add_hostname},
   {"get_host_name", get_hostname},
+  {"ip_reverse_lookup", host_reverse_lookup},
   {"get_host_names", get_hostnames},
   {"get_host_name_source", get_hostname_source},
   {"resolve_host_name", resolve_hostname},

diff --git a/nasl/nasl_krb5.c b/nasl/nasl_krb5.c
@@ -9,17 +9,17 @@
 #include "nasl_var.h"
 
 #include <stdio.h>
-// TODO: add string function for result
-#define nasl_print_krb_error(lexic, credential, result)                       \
-  do                                                                          \
-    {                                                                         \
-      char *error_str = okrb5_error_code_to_string (result);                  \
-      nasl_perror (lexic,                                                     \
-                   "%s[config_path: '%s' realm: '%s' user: '%s'] => %s (%d)", \
-                   __func__, credential.config_path.data,                     \
-                   credential.realm.data, credential.user.user.data, result); \
-      free (error_str);                                                       \
-    }                                                                         \
+
+#define nasl_print_krb_error(lexic, credential, result)                   \
+  do                                                                      \
+    {                                                                     \
+      char *error_str = okrb5_error_code_to_string (result);              \
+      nasl_perror (                                                       \
+        lexic, "%s[config_path: '%s' realm: '%s' user: '%s'] => %s (%d)", \
+        __func__, credential.config_path.data, credential.realm.data,     \
+        credential.user.user.data, error_str, result);                    \
+      free (error_str);                                                   \
+    }                                                                     \
   while (0)
 
 OKrb5ErrorCode last_okrb5_result;
@@ -50,11 +50,10 @@ OKrb5ErrorCode last_okrb5_result;
 static OKrb5Credential
 build_krb5_credential (lex_ctxt *lexic)
 {
-  OKrb5Credential credential;
+  OKrb5Credential credential = {0};
   OKrb5ErrorCode code;
 
   char *kdc = NULL;
-  memset (&credential, 0, sizeof (OKrb5Credential));
 
   set_slice_from_lex_or_env (lexic, credential.config_path, "config_path",
                              "KRB5_CONFIG");
@@ -78,7 +77,7 @@ build_krb5_credential (lex_ctxt *lexic)
 
   if ((code = o_krb5_find_kdc (&credential, &kdc)))
     {
-      if (code != O_KRB5_REALM_NOT_FOUND)
+      if (code != O_KRB5_REALM_NOT_FOUND && code != O_KRB5_CONF_NOT_FOUND)
         {
           nasl_print_krb_error (lexic, credential, code);
         }