2006-01-17 01:12:38 +00:00
|
|
|
require 'rex/socket'
|
2006-03-08 19:13:27 +00:00
|
|
|
require 'rex/encoder/xdr'
|
2006-01-17 01:12:38 +00:00
|
|
|
|
|
|
|
module Rex
|
|
|
|
module Proto
|
|
|
|
module SunRPC
|
|
|
|
|
2008-04-02 19:03:42 +00:00
|
|
|
class RPCTimeout < ::Interrupt
|
|
|
|
def initialize(msg = 'Operation timed out.')
|
|
|
|
@msg = msg
|
|
|
|
end
|
|
|
|
|
|
|
|
def to_s
|
|
|
|
@msg
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
# XXX: CPORT!
|
2010-02-03 20:30:09 +00:00
|
|
|
class Client
|
2006-01-17 01:12:38 +00:00
|
|
|
AUTH_NULL = 0
|
|
|
|
AUTH_UNIX = 1
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
PMAP_PROG = 100000
|
|
|
|
PMAP_VERS = 2
|
|
|
|
PMAP_GETPORT = 3
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
CALL = 0
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-21 02:44:01 +00:00
|
|
|
attr_reader :rhost, :rport, :proto, :program, :version
|
2010-02-08 00:59:29 +00:00
|
|
|
attr_accessor :pport. :call_sock
|
2006-03-08 19:13:27 +00:00
|
|
|
|
|
|
|
attr_accessor :should_fragment
|
|
|
|
|
2006-01-21 02:44:01 +00:00
|
|
|
def initialize(rhost, rport, proto, program, version)
|
|
|
|
if proto.downcase !~ /^(tcp|udp)$/
|
2008-04-02 19:03:42 +00:00
|
|
|
raise ::Rex::ArgumentError, 'Protocol is not "tcp" or "udp"'
|
2006-01-21 02:44:01 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
@rhost, @rport, @program, @version, @proto = \
|
|
|
|
rhost, rport, program, version, proto.downcase
|
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
@pport = nil
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
@auth_type = AUTH_NULL
|
|
|
|
@auth_data = ''
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
@call_sock = nil
|
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-21 02:44:01 +00:00
|
|
|
# XXX: Add optional parameter to have proto be something else
|
|
|
|
def create()
|
2006-01-17 01:12:38 +00:00
|
|
|
proto_num = 0
|
2006-01-21 02:44:01 +00:00
|
|
|
if @proto.eql?('tcp')
|
2006-01-17 01:12:38 +00:00
|
|
|
proto_num = 6
|
2006-01-21 02:44:01 +00:00
|
|
|
elsif @proto.eql?('udp')
|
2006-01-17 01:12:38 +00:00
|
|
|
proto_num = 17
|
|
|
|
end
|
|
|
|
|
|
|
|
buf =
|
2006-03-08 19:13:27 +00:00
|
|
|
Rex::Encoder::XDR.encode(CALL, 2, PMAP_PROG, PMAP_VERS, PMAP_GETPORT,
|
2006-01-17 01:12:38 +00:00
|
|
|
@auth_type, [@auth_data, 400], AUTH_NULL, '',
|
|
|
|
@program, @version, proto_num, 0)
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-03-08 19:13:27 +00:00
|
|
|
sock = make_rpc(@proto, @rhost, @rport)
|
|
|
|
send_rpc(sock, buf)
|
|
|
|
ret = recv_rpc(sock)
|
|
|
|
close_rpc(sock)
|
2006-01-17 01:12:38 +00:00
|
|
|
|
2009-12-23 13:44:53 +00:00
|
|
|
return ret
|
2006-01-17 01:12:38 +00:00
|
|
|
end
|
2008-04-02 19:03:42 +00:00
|
|
|
|
2008-09-17 01:42:51 +00:00
|
|
|
def call(procedure, buffer, timeout=60)
|
2006-01-17 01:12:38 +00:00
|
|
|
buf =
|
2006-03-08 19:13:27 +00:00
|
|
|
Rex::Encoder::XDR.encode(CALL, 2, @program, @version, procedure,
|
2006-01-17 01:12:38 +00:00
|
|
|
@auth_type, [@auth_data, 400], AUTH_NULL, '')+
|
2010-02-03 20:30:09 +00:00
|
|
|
buffer
|
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
if !@call_sock
|
2006-03-08 19:13:27 +00:00
|
|
|
@call_sock = make_rpc(@proto, @rhost, @pport)
|
2006-01-17 01:12:38 +00:00
|
|
|
end
|
2006-03-08 19:13:27 +00:00
|
|
|
|
|
|
|
send_rpc(@call_sock, buf)
|
2010-02-03 20:30:09 +00:00
|
|
|
recv_rpc(@call_sock, timeout)
|
2006-01-17 01:12:38 +00:00
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-21 02:44:01 +00:00
|
|
|
def destroy
|
2006-03-08 19:13:27 +00:00
|
|
|
close_rpc(@call_sock) if @call_sock
|
2006-01-21 02:44:01 +00:00
|
|
|
@call_sock = nil
|
2006-01-17 01:12:38 +00:00
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-21 02:44:01 +00:00
|
|
|
def authnull_create
|
2006-01-17 01:12:38 +00:00
|
|
|
@auth_type = AUTH_NULL
|
|
|
|
@auth_data = ''
|
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
def authunix_create(host, uid, gid, groupz)
|
2008-04-02 19:03:42 +00:00
|
|
|
raise ::Rex::ArgumentError, 'Hostname length is too long' if host.length > 255
|
2006-01-21 02:44:01 +00:00
|
|
|
# 10?
|
2008-04-02 19:03:42 +00:00
|
|
|
raise ::Rex::ArgumentError, 'Too many groups' if groupz.length > 10
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
@auth_type = AUTH_UNIX
|
|
|
|
@auth_data =
|
2006-03-08 19:13:27 +00:00
|
|
|
Rex::Encoder::XDR.encode(0, host, uid, gid, groupz) # XXX: TIME! GROUPZ?!
|
2006-01-17 01:12:38 +00:00
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
# XXX: Dirty, integrate some sort of request system into create/call?
|
2006-03-08 19:13:27 +00:00
|
|
|
def portmap_req(host, port, rpc_vers, procedure, buffer)
|
|
|
|
buf = Rex::Encoder::XDR.encode(CALL, 2, PMAP_PROG, rpc_vers, procedure,
|
2006-01-17 01:12:38 +00:00
|
|
|
AUTH_NULL, '', AUTH_NULL, '') + buffer
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-03-08 19:13:27 +00:00
|
|
|
sock = make_rpc('tcp', host, port)
|
|
|
|
send_rpc(sock, buf)
|
|
|
|
ret = recv_rpc(sock)
|
|
|
|
close_rpc(sock)
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
return ret
|
|
|
|
end
|
2009-12-23 13:44:53 +00:00
|
|
|
|
2006-01-17 01:12:38 +00:00
|
|
|
private
|
2006-03-08 19:13:27 +00:00
|
|
|
def make_rpc(proto, host, port)
|
2006-01-21 02:44:01 +00:00
|
|
|
Rex::Socket.create(
|
2006-01-17 01:12:38 +00:00
|
|
|
'PeerHost' => host,
|
|
|
|
'PeerPort' => port,
|
|
|
|
'Proto' => proto)
|
|
|
|
end
|
2006-03-08 19:13:27 +00:00
|
|
|
|
|
|
|
def build_tcp(buf)
|
|
|
|
if !self.should_fragment
|
|
|
|
return Rex::Encoder::XDR.encode(0x80000000 | buf.length) + buf
|
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-03-08 19:13:27 +00:00
|
|
|
str = buf.dup
|
|
|
|
|
|
|
|
fragmented = ''
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-03-08 19:13:27 +00:00
|
|
|
while (str.size > 0)
|
|
|
|
frag = str.slice!(0, rand(3) + 1)
|
|
|
|
len = frag.size
|
|
|
|
if str.size == 0
|
|
|
|
len |= 0x80000000
|
|
|
|
end
|
|
|
|
|
|
|
|
fragmented += Rex::Encoder::XDR.encode(len) + frag
|
|
|
|
end
|
|
|
|
|
|
|
|
return fragmented
|
|
|
|
end
|
|
|
|
|
|
|
|
def send_rpc(sock, buf)
|
2006-01-17 01:12:38 +00:00
|
|
|
buf = gen_xid() + buf
|
2006-01-21 02:44:01 +00:00
|
|
|
if sock.type?.eql?('tcp')
|
2006-03-08 19:13:27 +00:00
|
|
|
buf = build_tcp(buf)
|
2006-01-17 01:12:38 +00:00
|
|
|
end
|
|
|
|
sock.write(buf)
|
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2008-09-17 01:42:51 +00:00
|
|
|
def recv_rpc(sock, timeout=60)
|
|
|
|
buf = sock.get(timeout)
|
2006-01-17 01:12:38 +00:00
|
|
|
buf.slice!(0..3)
|
2006-01-21 02:44:01 +00:00
|
|
|
if sock.type?.eql?('tcp')
|
2006-01-17 01:12:38 +00:00
|
|
|
buf.slice!(0..3)
|
|
|
|
end
|
2008-04-02 19:03:42 +00:00
|
|
|
return buf if buf.length > 1
|
|
|
|
return nil
|
2006-01-17 01:12:38 +00:00
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-03-08 19:13:27 +00:00
|
|
|
def close_rpc(sock)
|
2006-01-17 01:12:38 +00:00
|
|
|
sock.close
|
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
|
2006-03-08 19:13:27 +00:00
|
|
|
def gen_xid
|
|
|
|
return Rex::Encoder::XDR.encode(rand(0xffffffff) + 1)
|
2006-01-17 01:12:38 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
2010-02-03 20:30:09 +00:00
|
|
|
end
|
2010-02-08 00:59:29 +00:00
|
|
|
|