Class: Nexpose::SharedCredential
- Inherits:
-
SharedCredentialSummary
- Object
- SharedCredentialSummary
- Nexpose::SharedCredential
- Defined in:
- lib/nexpose/shared_cred.rb
Instance Attribute Summary collapse
-
#database ⇒ Object
Database or SID.
-
#description ⇒ Object
Optional description of this credential.
-
#disabled ⇒ Object
Array of sites where this credential has been temporarily disabled.
-
#host ⇒ Object
IP address or host name to restrict this credential to.
-
#ntlm_hash ⇒ Object
Windows/Samba LM/NTLM Hash.
-
#password ⇒ Object
Password or SNMP community name.
-
#pem_key ⇒ Object
PEM-format private key.
-
#port ⇒ Object
Single port to restrict this credential to.
-
#privilege_password ⇒ Object
Password to use when elevating permissions (e.g., sudo).
-
#privilege_type ⇒ Object
Permission elevation type.
-
#sites ⇒ Object
Array of site IDs that this credential is restricted to.
Attributes inherited from SharedCredentialSummary
#all_sites, #domain, #id, #last_modified, #name, #privilege_username, #type, #username
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(name, id = -1)) ⇒ SharedCredential
constructor
A new instance of SharedCredential.
-
#save(nsc) ⇒ Boolean
Save this credential to the security console.
- #to_xml ⇒ Object
Methods inherited from SharedCredentialSummary
Constructor Details
#initialize(name, id = -1)) ⇒ SharedCredential
Returns a new instance of SharedCredential.
93 94 95 96 97 |
# File 'lib/nexpose/shared_cred.rb', line 93 def initialize(name, id = -1) @name, @id = name, id.to_i @sites = [] @disabled = [] end |
Instance Attribute Details
#database ⇒ Object
Database or SID.
71 72 73 |
# File 'lib/nexpose/shared_cred.rb', line 71 def database @database end |
#description ⇒ Object
Optional description of this credential.
68 69 70 |
# File 'lib/nexpose/shared_cred.rb', line 68 def description @description end |
#disabled ⇒ Object
Array of sites where this credential has been temporarily disabled.
91 92 93 |
# File 'lib/nexpose/shared_cred.rb', line 91 def disabled @disabled end |
#host ⇒ Object
IP address or host name to restrict this credential to.
84 85 86 |
# File 'lib/nexpose/shared_cred.rb', line 84 def host @host end |
#ntlm_hash ⇒ Object
Windows/Samba LM/NTLM Hash.
73 74 75 |
# File 'lib/nexpose/shared_cred.rb', line 73 def ntlm_hash @ntlm_hash end |
#password ⇒ Object
Password or SNMP community name.
75 76 77 |
# File 'lib/nexpose/shared_cred.rb', line 75 def password @password end |
#pem_key ⇒ Object
PEM-format private key.
77 78 79 |
# File 'lib/nexpose/shared_cred.rb', line 77 def pem_key @pem_key end |
#port ⇒ Object
Single port to restrict this credential to.
86 87 88 |
# File 'lib/nexpose/shared_cred.rb', line 86 def port @port end |
#privilege_password ⇒ Object
Password to use when elevating permissions (e.g., sudo).
79 80 81 |
# File 'lib/nexpose/shared_cred.rb', line 79 def privilege_password @privilege_password end |
#privilege_type ⇒ Object
Permission elevation type. See Nexpose::Credential::ElevationType.
81 82 83 |
# File 'lib/nexpose/shared_cred.rb', line 81 def privilege_type @privilege_type end |
#sites ⇒ Object
Array of site IDs that this credential is restricted to.
89 90 91 |
# File 'lib/nexpose/shared_cred.rb', line 89 def sites @sites end |
Class Method Details
.load(nsc, id) ⇒ Object
99 100 101 102 |
# File 'lib/nexpose/shared_cred.rb', line 99 def self.load(nsc, id) response = AJAX.get(nsc, "/data/credential/shared/get?credid=#{id}") parse(response) end |
.parse(xml) ⇒ Object
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 |
# File 'lib/nexpose/shared_cred.rb', line 156 def self.parse(xml) rexml = REXML::Document.new(xml) rexml.elements.each('Credential') do |c| cred = new(c.elements['Name'].text, c.attributes['id'].to_i) desc = c.elements['Description'] cred.description = desc.text if desc c.elements.each('Account/Field') do |field| case field.attributes['name'] when 'database' cred.database = field.text when 'domain' cred.domain = field.text when 'username' cred.username = field.text when 'password' cred.password = field.text when 'ntlmhash' cred.ntlm_hash = field.text when 'pemkey' cred.pem_key = field.text when 'privilegeelevationusername' cred.privilege_username = field.text when 'privilegeelevationpassword' cred.privilege_password = field.text when 'privilegeelevationtype' cred.privilege_type = field.text end end service = REXML::XPath.first(c, 'Services/Service') cred.type = service.attributes['type'] c.elements.each('Restrictions/Restriction') do |r| cred.host = r.text if r.attributes['type'] == 'host' cred.port = r.text.to_i if r.attributes['type'] == 'port' end sites = REXML::XPath.first(c, 'Sites') cred.all_sites = sites.attributes['all'] == '1' sites.elements.each('Site') do |site| site_id = site.attributes['id'].to_i cred.sites << site_id unless cred.all_sites cred.disabled << site_id if site.attributes['enabled'] == '0' end return cred end nil end |
Instance Method Details
#save(nsc) ⇒ Boolean
Save this credential to the security console.
109 110 111 112 |
# File 'lib/nexpose/shared_cred.rb', line 109 def save(nsc) response = AJAX.post(nsc, '/data/credential/shared/save', to_xml) !!(response =~ /success="1"/) end |
#to_xml ⇒ Object
114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 |
# File 'lib/nexpose/shared_cred.rb', line 114 def to_xml xml = '<Credential ' xml << %( id="#{@id}">) xml << %(<Name>#{@name}</Name>) xml << %(<Description>#{@description}</Description>) xml << %(<Services><Service type="#{@type}"></Service></Services>) xml << '<Account type="nexpose">' xml << %(<Field name="database">#{@database}</Field>) xml << %(<Field name="domain">#{@domain}</Field>) xml << %(<Field name="username">#{@username}</Field>) xml << %(<Field name="ntlmhash">#{@ntlm_hash}</Field>) if @ntlm_hash xml << %(<Field name="password">#{@password}</Field>) if @password xml << %(<Field name="pemkey">#{@pem_key}</Field>) if @pem_key xml << %(<Field name="privilegeelevationusername">#{@privilege_username}</Field>) xml << %(<Field name="privilegeelevationpassword">#{@privilege_password}</Field>) if @privilege_password xml << %(<Field name="privilegeelevationtype">#{@privilege_type}</Field>) if @privilege_type xml << '</Account>' xml << '<Restrictions>' xml << %(<Restriction type="host">#{@host}</Restriction>) if @host xml << %(<Restriction type="port">#{@port}</Restriction>) if @port xml << '</Restrictions>' xml << %(<Sites all="#{@all_sites ? 1 : 0}">) @sites.each do |site| xml << %(<Site id="#{site}") xml << ' enabled="0"' if @disabled.member? site xml << '></Site>' end if @sites.empty? @disabled.each do |site| xml << %(<Site id="#{site}" enabled="0"></Site>) end end xml << '</Sites>' xml << '</Credential>' end |