Nmap Development mailing list archives

Re: [NSE] rpc library; errors during nfsd startup

From: Djalal Harouni <tixxdz () gmail com>
Date: Mon, 26 Apr 2010 00:40:33 +0100

On 2010-04-21 19:17:47 -0600, David Fifield wrote:

This is related to your patch, Djalal, but it affects the current code
and your patched code so I'm replying here.

I get errors if I run the nfs and rpc scripts quickly after restarting
nfsd on the remote. This is what I see with the current code if I run
the scan up to about 3 seconds after restarting nfsd.

Hi David,

Pls use the patch commited as r17391, this will give you more verbose
output about the errors.
I don't have a Mac OS X but perhaps David this has a relation with the
init scripts, as I'm using linux with System V init scripts I can tell
you that sometimes I got some errors when restarting NFS, perhaps there
is a delay or a sleep call before NFS can be registred with portmap, in
order to honor init scripts dependencies.

PORT    STATE SERVICE REASON
111/tcp open  rpcbind syn-ack
| rpcinfo:
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100021  0,1,3,4      877/udp  nlockmgr
|   100021  0,1,3,4     1022/tcp  nlockmgr
|   100024  1            905/udp  status
|_  100024  1           1021/tcp  status
| nfs-acls:
|_  Failed to list mount points
| nfs-dirlist:
|_  Failed to list mount points
| nfs-showmount:
|_  Failed to list mount points
| nfs-statfs:
|_  Failed to list mount points

Compare this to the output if I run later:

PORT    STATE SERVICE REASON
111/tcp open  rpcbind syn-ack
| rpcinfo:
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100003  2,3         2049/tcp  nfs
|   100003  2,3         2049/udp  nfs
|   100005  1,3          821/udp  mountd
|   100005  1,3         1009/tcp  mountd
|   100011  1,2          658/udp  rquotad
|   100021  0,1,3,4      877/udp  nlockmgr
|   100021  0,1,3,4     1022/tcp  nlockmgr
|   100024  1            905/udp  status
|_  100024  1           1021/tcp  status
| nfs-showmount:
|_  /Users/david 192.168.0.0
| nfs-statfs:
|   /Users/david
|_    ERROR: Mount failed
| nfs-acls:
|   /Users/david
|_    ERROR: Mount failed
| nfs-dirlist:
|   /Users/david
|_    ERROR: Mount failed

The change is even more obvious with the patched library. If I scan
within 3 seconds of restarting nfsd I get lots of errors.

NSE: 'nfs-dirlist' (thread: 0xa00ff70) against 192.168.0.190:111 threw an error!
./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil)
stack traceback:
        [C]: in function 'format'
        ./nselib/rpc.lua:1280: in function 'ShowMounts'
        ./scripts/nfs-dirlist.nse:47: in function <./scripts/nfs-dirlist.nse:40>
        (tail call): ?

NSE: 'nfs-statfs' (thread: 0xa018d00) against 192.168.0.190:111 threw an error!
./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil)
stack traceback:
        [C]: in function 'format'
        ./nselib/rpc.lua:1280: in function 'ShowMounts'
        ./scripts/nfs-statfs.nse:40: in function <./scripts/nfs-statfs.nse:37>
        (tail call): ?

NSE: 'nfs-showmount' (thread: 0xa0303f8) against 192.168.0.190:111 threw an error!
./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil)
stack traceback:
        [C]: in function 'format'
        ./nselib/rpc.lua:1280: in function 'ShowMounts'
        ./scripts/nfs-showmount.nse:39: in function <./scripts/nfs-showmount.nse:34>
        (tail call): ?

NSE: Finished 'rpcinfo' (thread: 0xa01a250) against 192.168.0.190:111.
NSE: 'nfs-acls' (thread: 0xa00e9d8) against 192.168.0.190:111 threw an error!
./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil)
stack traceback:
        [C]: in function 'format'
        ./nselib/rpc.lua:1280: in function 'ShowMounts'
        ./scripts/nfs-acls.nse:42: in function <./scripts/nfs-acls.nse:37>
        (tail call): ?

Completed NSE at 19:16, 0.11s elapsed
NSE: Script Scanning completed.
Nmap scan report for 192.168.0.190
Fetchfile found ./nmap-mac-prefixes
MAC prefix 0001C8 is duplicated in ./nmap-mac-prefixes; ignoring duplicates.
MAC prefix 080030 is duplicated in ./nmap-mac-prefixes; ignoring duplicates.
MAC prefix 080030 is duplicated in ./nmap-mac-prefixes; ignoring duplicates.
Host is up, received arp-response (0.00022s latency).
Scanned at 2010-04-21 19:16:52 MDT for 0s
PORT    STATE SERVICE REASON
111/tcp open  rpcbind syn-ack
| rpcinfo:
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100021  0,1,3,4      877/udp  nlockmgr
|   100021  0,1,3,4     1022/tcp  nlockmgr
|   100024  1            905/udp  status
|_  100024  1           1021/tcp  status

The expected output is this.

PORT    STATE SERVICE REASON
111/tcp open  rpcbind syn-ack
| rpcinfo:
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100003  2,3         2049/tcp  nfs
|   100003  2,3         2049/udp  nfs
|   100005  1,3          915/udp  mountd
|   100005  1,3         1008/tcp  mountd
|   100011  1,2          652/udp  rquotad
|   100021  0,1,3,4      877/udp  nlockmgr
|   100021  0,1,3,4     1022/tcp  nlockmgr
|   100024  1            905/udp  status
|_  100024  1           1021/tcp  status
| nfs-showmount:
|_  /Users/david 192.168.0.0
| nfs-dirlist:
|   /Users/david
|_    ERROR: rpc.Helper.Dir: Mount: Reply state was not Accepted(0) as expected
| nfs-statfs:
|   /Users/david
|_    ERROR: rpc.Helper.ExportStats: Mount: Reply state was not Accepted(0) as expected
| nfs-acls:
|   /Users/david
|_    ERROR: rpc.Helper.GetAttributes: Mount: Reply state was not Accepted(0) as expected

This is with the Mac OS X nfsd.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


-- 
tixxdz
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] rpc library, (continued)
- - - Re: [NSE] rpc library Patrik Karlsson (Apr 18)
    - Re: [NSE] rpc library Djalal Harouni (Apr 18)
    - Re: [NSE] rpc library David Fifield (Apr 21)
    - Re: [NSE] rpc library; trusted inputs? David Fifield (Apr 21)
    - Re: [NSE] rpc library; trusted inputs? Djalal Harouni (Apr 26)
    - Re: [NSE] rpc library; trusted inputs? David Fifield (Apr 26)
    - Re: [NSE] rpc library; errors during nfsd startup David Fifield (Apr 21)
    - Re: [NSE] rpc library; errors during nfsd startup Patrik Karlsson (Apr 22)
    - Re: [NSE] rpc library; errors during nfsd startup Djalal Harouni (Apr 23)
    - Re: [NSE] rpc library; errors during nfsd startup Patrik Karlsson (Apr 25)
    - Re: [NSE] rpc library; errors during nfsd startup Djalal Harouni (Apr 25)
    - Re: [NSE] rpc library; errors during nfsd startup David Fifield (May 04)