Scrub out the install path in the backtrace
git-svn-id: file:///home/svn/framework3/trunk@13314 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
05867ef6d0
commit
f2426b6f33
|
@ -23,7 +23,7 @@ class Service
|
|||
attr_accessor :service, :srvhost, :srvport, :uri, :options
|
||||
attr_accessor :handlers, :default_handler, :tokens, :users, :framework
|
||||
attr_accessor :dispatcher_timeout, :token_timeout, :debug
|
||||
|
||||
|
||||
def initialize(framework, options={})
|
||||
self.framework = framework
|
||||
self.handlers = {}
|
||||
|
@ -34,12 +34,12 @@ class Service
|
|||
:host => '127.0.0.1',
|
||||
:port => 55553
|
||||
}.merge(options)
|
||||
|
||||
|
||||
self.srvhost = self.options[:host]
|
||||
self.srvport = self.options[:port]
|
||||
self.uri = self.options[:uri]
|
||||
self.debug = self.options[:debug]
|
||||
|
||||
|
||||
self.dispatcher_timeout = self.options[:dispatcher_timeout] || 7200
|
||||
self.token_timeout = self.options[:token_timeout] || 300
|
||||
self.tokens = self.options[:tokens] || {}
|
||||
|
@ -77,11 +77,11 @@ class Service
|
|||
def wait
|
||||
self.service.wait
|
||||
end
|
||||
|
||||
|
||||
def on_request_uri(cli, req)
|
||||
res = Rex::Proto::Http::Response.new()
|
||||
res["Content-Type"] = "binary/message-pack"
|
||||
|
||||
|
||||
begin
|
||||
res.body = process(req).to_msgpack
|
||||
rescue Msf::RPC::Exception => e
|
||||
|
@ -91,11 +91,11 @@ class Service
|
|||
end
|
||||
cli.send_response(res)
|
||||
end
|
||||
|
||||
|
||||
def add_handler(group, handler)
|
||||
self.handlers[group] = handler
|
||||
end
|
||||
|
||||
|
||||
def process(req)
|
||||
msg = nil
|
||||
|
||||
|
@ -107,26 +107,26 @@ class Service
|
|||
raise ArgumentError, "Invalid Request: `#{req.inspect}'"
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
if not (req.headers["Content-Type"] and req.headers["Content-Type"] == "binary/message-pack")
|
||||
raise ArgumentError, "Invalid Content Type"
|
||||
end
|
||||
|
||||
|
||||
msg = MessagePack.unpack(req.body)
|
||||
|
||||
|
||||
if not (msg and msg.kind_of?(::Array) and msg.length > 0)
|
||||
raise ArgumentError, "Invalid Message Format"
|
||||
end
|
||||
|
||||
|
||||
group, funct = msg.shift.split(".", 2)
|
||||
|
||||
|
||||
if not self.handlers[group]
|
||||
raise ArgumentError, "Unknown API Group: `#{group.inspect}'"
|
||||
end
|
||||
|
||||
doauth = true
|
||||
mname = 'rpc_' + funct
|
||||
|
||||
|
||||
if self.handlers[group].respond_to?(mname + '_noauth')
|
||||
doauth = false
|
||||
mname << '_noauth'
|
||||
|
@ -135,50 +135,50 @@ class Service
|
|||
if not self.handlers[group].respond_to?(mname)
|
||||
raise ArgumentError, "Unknown API Call: `#{mname.inspect}'"
|
||||
end
|
||||
|
||||
|
||||
if doauth
|
||||
token = msg.shift
|
||||
if not authenticate(token)
|
||||
raise ::Msf::RPC::Exception.new(401, "Invalid Authentication Token")
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
::Timeout.timeout(self.dispatcher_timeout) { self.handlers[group].send(mname, *msg) }
|
||||
|
||||
|
||||
rescue ::Exception => e
|
||||
elog("RPC Exception: #{e.class} #{e.to_s} #{e.backtrace} #{msg.inspect} #{req.inspect}")
|
||||
process_exception(e)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
def process_exception(e)
|
||||
r = {
|
||||
:error => true,
|
||||
:error_class => e.class.to_s,
|
||||
:error_string => e.to_s,
|
||||
:error_backtrace => e.backtrace
|
||||
:error_backtrace => e.backtrace.map{|x| x.gsub(/^.*lib\//, 'lib/'} # Dont expose the install path
|
||||
}
|
||||
|
||||
if e.respond_to?(:message)
|
||||
r[:error_message] = e.message
|
||||
end
|
||||
|
||||
|
||||
if e.respond_to?(:code)
|
||||
r[:error_code] = e.code
|
||||
end
|
||||
|
||||
|
||||
r
|
||||
end
|
||||
|
||||
|
||||
|
||||
def add_token(token)
|
||||
self.tokens[token] = [nil, nil, nil, true]
|
||||
end
|
||||
|
||||
|
||||
def remove_token
|
||||
self.tokens.delete(token)
|
||||
end
|
||||
|
||||
|
||||
def add_user(user, pass)
|
||||
self.users.each do |r|
|
||||
if r[0] == user
|
||||
|
@ -188,17 +188,17 @@ class Service
|
|||
end
|
||||
self.users << [user, pass]
|
||||
end
|
||||
|
||||
|
||||
def remove_user(user)
|
||||
self.users = self.users.select{|r| r[0] != user }
|
||||
self.users = self.users.select{|r| r[0] != user }
|
||||
end
|
||||
|
||||
def authenticate(token)
|
||||
def authenticate(token)
|
||||
stale = []
|
||||
|
||||
|
||||
# Force the encoding to ASCII-8BIT
|
||||
token = token.unpack("C*").pack("C*")
|
||||
|
||||
|
||||
self.tokens.each_key do |t|
|
||||
user,ctime,mtime,perm = self.tokens[t]
|
||||
if ! perm and mtime + self.token_timeout < Time.now.to_i
|
||||
|
@ -209,14 +209,14 @@ class Service
|
|||
stale.each { |t| self.tokens.delete(t) }
|
||||
|
||||
if not self.tokens[token]
|
||||
|
||||
|
||||
begin
|
||||
if framework.db.active and Msf::DBManager::ApiKey.find_by_token(token)
|
||||
return true
|
||||
end
|
||||
rescue ::Exception => e
|
||||
end
|
||||
|
||||
|
||||
return false
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue