Re: [RFC] Username/Password NSE library

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Patrick Donnelly wrote:
> On Wed, Jun 25, 2008 at 12:25 AM, Kris Katterjohn <katterjohn () gmail com> wrote:
> > My initial reactions:
> >
> > * I mentioned the functionality of returning a table of usernames and
> > passwords, and the option of returning a table of only a certain size,
>
> Like I said, you can modify usernames and passwords to return smaller
> tables based on a parameter (e.g. unpwdb.usernames("short")).
> Alternatively, you can modify the design to operate on an array (and
> use ipairs()). The user could then break on the number he wants e.g.:
>
> for i, user in unpwdb.usernames() do
>   if i > 20 then break; end
>   -- do stuff
> end

I understand this, I was merely pointing out that the closure was the method
of choice.  I mentioned it initially[1], and nobody seemed to think that
returning a table was better[2][3].

But, like I said, if returning a table is now the desired functionality, then
your changes seem fine.

> > * The third return value from the functions, which tells the caller whether
> > we're using a user-defined list or not, is always nil in yours.
>
> This is simply necessary for Lua's generic for loop and the next
> function. I suggest alternate functions that return information about
> it being a user-defined list and what not.

If returning the table is decided upon, then this makes sense (unless there is
a simpler way).

> > Aside from these, your changes seem to work fine after I modified my test
> > script to handle them.
>
> Good to hear it.

I have run into one problem which I didn't test last night: giving the library
a non-existent filename.  Rather than returning false and giving the caller an
error message like mine did, or returning the error message like I assume
yours is supposed to do[4], I get this rather nasty looking error message:

SCRIPT ENGINE: error while initializing script rules:
./nselib/unpwdb.lua:29: bad argument #1 to 'lines' (none: No such file or
directory)
stack traceback:
        [C]: in function 'lines'
        ./nselib/unpwdb.lua:29: in main chunk
        [C]: in function 'require'
        ./scripts/unpwdbtest.nse:7: in main chunk
        [C]: ?
        [C]: ?


> Cheers,

Thanks,
Kris Katterjohn

[1] http://seclists.org/nmap-dev/2008/q2/0740.html
[2] http://seclists.org/nmap-dev/2008/q2/0754.html
[3] http://seclists.org/nmap-dev/2008/q2/0757.html
[4] http://www.lua.org/manual/5.1/manual.html#pdf-error

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSGJxAP9K37xXYl36AQLtkQ//fU+wxXbwL6AHy5g8Db2VZ3wQGuwDIQFp
inZzM1E5DYdoTLk7ZVu2MT4AOnVpxX5fyTKMeLuEPBy1/8snpg/kilGeNTW8hLNk
zzmiKsBIIvo3jXSp+4I2+hiMRcx2pgu36ekkejURPWj8t4T4abIsCC78EYLdHsxm
hU5hxZibJmYlzPKDWblzCclsu2/ERvTRI+0RkXvNEpQkVA6xR5ml6vYwkJsU3lvG
X0Oz7Y9yASNg31tBblaG6nimWxv2NlSs5wQyvt6lJ0gOuEFq4ZLGDRimLaPHqdsm
ghhhzyB3SY0AsLcVRDWMgDDMU9Jfi/iL5pqk+hkD/BA7aeDGYB/RAOcgOrdcoqnn
3dkBBVVX3PrGegTSlcTo3fnFNWScYNr9z8Uy0RbdyY1aHDQArqZBkW5RwiYEnbKa
oIwTBbu4AXty5HLtzjs0fEu99GzGd8euRpz/g9BlkW81f82ZjimPfmnTufxqvf7Z
779Os0R4zzBn+Mc++zOr+v5jMgTb1DPXS0iTc58iRNy3mLefqaEO/J7odNcu67/f
a7ice8GuwOxA/HdxhVDYu2o6NLZC9AOMTb/8uXs3lnY4vPGCVRyKvzI8aSTuWKPM
uu+TGDLFfDuzKiTupZoT4/OW3QnVGlji9VJFu6aTsQFrvoxOLolPtlA+SwAwhOqf
KSRg7nU9/nQ=
=AVsc
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org