Re: AFP showmount script

[David Fifield <david () bamsoftware com>]

On Wed, Jan 13, 2010 at 10:00:16PM +0100, Patrik Karlsson wrote:
> On 13 jan 2010, at 00.25, David Fifield wrote:
> > On Mon, Jan 04, 2010 at 11:14:27AM +0100, Patrik Karlsson wrote:
> > > Hi,
> > >
> > > I have been working on a new AFP script recently and I'm submitting a
> > > first version to the list. It is similar to the nfs-showmount script
> > > as it attempts to list publicly shared volumes and their ACLs. I have
> > > put all the protocol specific stuff into afp.lua which goes inside the
> > > nselibs directory. As always it needs testing and feedback is of
> > > course much appreciated.
> >
> > I'm having trouble getting it to work. The debug output shows it is
> > getting a response but it's not appearing in the port table.
> >
> > $ ./nmap --datadir . -p afp -PN 192.168.0.190 --script=afp-showmount -d
> >
> > Starting Nmap 5.10BETA2 ( http://nmap.org ) at 2010-01-12 16:20 MST
> > Initiating NSE at 16:20
> > NSE: NSE Script Threads (1) running:
> > NSE: Starting afp-showmount against 192.168.0.190:548.
> > NSE: Volumes: 1
> > NSE: Volume name: david's Public Folder
> > NSE: Vol_id: 1
> > NSE: Finished afp-showmount against 192.168.0.190:548.
> > Completed NSE at 16:20, 0.04s elapsed
> > NSE: Script Scanning completed.
> > Nmap scan report for 192.168.0.190
> > Host is up, received user-set (0.0038s latency).
> > Scanned at 2010-01-12 16:20:45 MST for 0s
> > PORT    STATE SERVICE REASON
> > 548/tcp open  afp     syn-ack
> >
> > I attached a pcap file in case it helps.
>
> Here's an updated version of the script that addresses the bug where
> no results would show if a single share was found.

It works for me now.

548/tcp open  afp     syn-ack
| afp-showmount:
|   david's Public Folder
|     Owner: Search,Read,Write
|     Group: Search,Read
|     Everyone: Search,Read
|_    User: Search,Read

The script and library look to be of high quality as usual and I've
committed them in r16521.

I see there are a couple of unused functions in the script,
acl_group_to_string and acls_to_string, which appear to be alternate
versions of functions that are used. We should keep only one pair,
unless there's a good reason to have both.

I have a suggestion for the constants in afp.lua. Use hex literals
instead of decimal to make it more clear when a value is a bit flag. In
other words, change this:
        EveryoneSearch = 65536,
        EveryoneRead = 131072,
        EveryoneWrite = 262144,
to this:
        EveryoneSearch = 0x10000,
        EveryoneRead = 0x20000,
        EveryoneWrite = 0x40000,

You have this comment at the top of afp.lua:

-- The library currently has enough functionality to query share names and access controls.
-- More functionality will be added once more scripts that depend on it are developed.

I think that's a good practice to follow in general for NSE libraries.
It's not possible to predict future needs exactly, and it's not good to
be stuck with an awkward interface or with a feature that has bugs
because there was nothing that used it.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/