[Openvas-commits] r3536 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri May 29 11:22:44 CEST 2009 

Author: felix
Date: 2009-05-29 11:22:42 +0200 (Fri, 29 May 2009)
New Revision: 3536

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/ssh_authorization.nasl
Log:
* scripts/ssh_authorization.nasl:
Corrected check, the defining kb-items can not only be set by the
preferences ("old") but also directly by the server.
Send messages in every case (no port, no account defined, account
defined) and improved wording, added a final exit(0);


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-29 09:16:22 UTC (rev 3535)
+++ trunk/openvas-plugins/ChangeLog	2009-05-29 09:22:42 UTC (rev 3536)
@@ -1,5 +1,13 @@
 2009-05-29  Felix Wolfsteller <felix.wolfsteller at intevation.de>
 
+	* scripts/ssh_authorization.nasl:
+	Corrected check, the defining kb-items can not only be set by the
+	preferences ("old") but also directly by the server.
+	Send messages in every case (no port, no account defined, account
+	defined) and improved wording, added a final exit(0);
+
+2009-05-29  Felix Wolfsteller <felix.wolfsteller at intevation.de>
+
 	* scripts/slad_ssh.inc:
 	Begin messages text with capital letter.
 

Modified: trunk/openvas-plugins/scripts/ssh_authorization.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ssh_authorization.nasl	2009-05-29 09:16:22 UTC (rev 3535)
+++ trunk/openvas-plugins/scripts/ssh_authorization.nasl	2009-05-29 09:22:42 UTC (rev 3536)
@@ -27,7 +27,7 @@
 if(description)
 {
  script_id(90022);
- script_version ("2.0");
+ script_version ("2.1");
  name["english"] = "SSH Authorization";
 
  script_name(english:name["english"]);
@@ -101,23 +101,38 @@
   if (ssh_public_key) set_kb_item(name: "Secret/SSH/publickey", value: ssh_public_key);
   if (ssh_private_key) set_kb_item(name: "Secret/SSH/privatekey", value: ssh_private_key);
   if (ssh_key_passphrase) set_kb_item(name: "Secret/SSH/passphrase", value: ssh_key_passphrase);
+}
 
-  if(ssh_login_name || ssh_public_key)
+# Check if port for us is known
+port = get_kb_item("Services/ssh");
+if(!port)
+{
+  log_message(data:'No port for an ssh connect was found open.\nHence local security checks are not enabled.');
+  exit(0);
+}
+
+# Check if an account was defined either by the preferences ("old") or by the
+# server ("new").
+
+ssh_login_name = get_kb_item(name: "Secret/SSH/login");
+ssh_public_key = get_kb_item(name: "Secret/SSH/publickey");
+
+if(ssh_login_name || ssh_public_key)
+{
+  sock = ssh_login_or_reuse_connection();
+  if(!sock)
   {
-    port = get_kb_item("Services/ssh");
-    if(!port) {
-      exit(0);
-    }
-
-    sock = ssh_login_or_reuse_connection();
-    if(!sock)
-    {
-      security_note(data:"It was not possible to login using the SSH crendentials supplied.\n Hence local security checks is not enabled", port:port);
-      ssh_close_connection();
-      exit(0);
-    }
- 
-    security_note(data:"It was possible to login using the SSH credentials supplied.\n Hence local security check is enabled", port:port);
+    security_note(data: 'It was not possible to login using the SSH crendentials supplied.\n Hence local security checks are not enabled.', port:port);
     ssh_close_connection();
+    exit(0);
   }
+
+  security_note(data:'It was possible to login using the SSH credentials supplied.\nHence local security check are enabled.', port:port);
+  ssh_close_connection();
 }
+else
+{
+  security_note(data:'No SSH crendentials were supplied.\nHence local security checks are not enabled.', port:port);
+}
+
+exit(0);

More information about the Openvas-commits mailing list