Re: [NSE] rpc library

[Djalal Harouni <tixxdz () gmail com>]

On 2010-04-15 20:28:06 -0600, David Fifield wrote:
> On Mon, Apr 12, 2010 at 01:37:31AM +0100, Djalal Harouni wrote:
> > hi, attached are patches for rpc.lua lib, rpcinfo.nse and nfs-*.nse
> > scripts
> >
> > 1) rpc.lua lib
> > - better Comm:new() error handling.
> > - two new methodes: ChkVersion(): to check if the lib support the rpc
> >   protocol version, and SetVersion() to set rpc versions.
> > - fixed some left open sockets.
> >
> > 2) nse scripts which use the rpc.lua lib:
> > - better error output for rpcinfo.nse and nfs-*.nse scripts
> >
> > ex:./nmap -p111 -PN -n -d1 --script scripts/nfs-dirlist.nse
> > --script-args="nfs.version=4" 192.168.100.101
> >
> > PORT    STATE SERVICE REASON
> > 111/tcp open  rpcbind syn-ack
> > | nfs-dirlist:
> > |   /mnt/nfs/files
> > |     ERROR: rpc.Helper.Dir: RPC library does not support: nfs version 4
> >
> > Reminder:
> > when adding NFSv4 support we must update the nfs and mountd versions
> > mismatch check.
>
> Hello, Djalal. I am looking at the rpc.lua patch. It's hard for me to
> see what the patch changes because in addition to functional changes,
> you've altered the layout of the file. For example, here is the same
> method in the old and new files:
>
> Comm = {
>       SendPacket = function( self, packet )
>               return self.socket:send( packet )
>       end,
> }
>
> function Comm:SendPacket(packet )
>       return self.socket:send(packet)
> end
>
> These are the same function, but they appear as differences in the
> patch. So I can't see what's really changed. I must ask you, if you
> will, to redo your changes without changing the layout of the file more
> than is necessary. Then coding style changes can be done as a separate
> patch.

An other simplified description of the patches (I hope):

1) RPC library:
- Comm class re-design:

  - Added Connect(), Disconnect(), ChkProgram(), ChkVersion() and SetVersion() methodes.
  This methodes let us to handle network connections and to store and check RPC based programs infos.

  - All RPC programs (Portmap/rpcbind, NFS, Mount etc) informations are stored in the Comm object:
    program name string, program id, used version, socket, remote IP PORT and protocol.

  - Portmap, NFS and Mount functions must use the Comm object as a parameter in order to perform network operations, 
all the Connect() and Disconnect() stuff for each Class was removed, duplicate code. 


  Simple picture :)
  - Helper functions, ex: rpc.Helper.RpcInfo()
        |       Creates the Comm object and makes the connection.
        |       The Comm object have all the RPC infos (socket, program name etc)
        |
        |       ex: rpc.Helper.RpcInfo()
        |         comm = Comm:new('rpcbind', 2) -- we have some infos
        |         comm:Connect(host, port) -- we have the additional network infos
        |
        |         portmap:Dump(comm) -- call the *Internal* Portmap.Dump function
        |                            -- pass comm object as a parameter
        |                            -- *this* is the change
        |
        |         comm:Disconnect() -- disconnect and return result after that
        |
  - Portmap/NFS Internal functions, ex: Portmap:Dump()
        |       The Comm object is passed as a prameter by the high level functions.
        |       Perform encode/decode and network operations
        |
        |       ex: portmap:Dump()
        |         comm:EncodePacket()
        |         comm:SendPacket()
        |         comm:ReceivePacket()
        |         ...
        |         return final data to the rpc.Helper.RpcInfo()

Conclusion about the Comm re-design:
  - The Comm object is created by the high level *Helpers* functions and passed to the *Internal* ones.
  - New *Internal* RPC Protocols or Procedures functions don't need to *worry* about network operations or RPC infos, 
they also don't need to have local copies of the Comm object, it is used as a parameter and this is more *flexible* for 
new code.
  NB: the Comm object did already handle the encode/decode operations.


Other changes to the RPC lib
- better error handling:
  - table of error messages and stat codes for NFS v1,2,3
  - table of error messages and stat codes for Mount
  - return the complete error description:  "rpc.Helper.function: internal_function: error message"
  - debug output for RPC error procedures and decoding operations.

- fixed some left open sockets
- added nfs and mount version mismatch check
...


2) NSE Scripts:
- better error handling.


I must remind you that some scripts/libs (including these ones) trust remote inputs!!! 
I have found this thread: http://seclists.org/nmap-dev/2009/q3/210 which is a good start.

I hope it's clear :)

> David Fifield

-- 
Djalal
http://dzcore.wordpress.com

Attachment: rpc.lua.diff
Description:

Attachment: rpcinfo.nse.diff
Description:

Attachment: nfs-showmounts.nse.diff
Description:

Attachment: nfs-dirlist.nse.diff
Description:

Attachment: nfs-acls.nse.diff
Description:

Attachment: nfs-statfs.nse.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/