infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Scrub out the install path in the backtrace 

git-svn-id: file:///home/svn/framework3/trunk@13314 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2011-07-23 07:03:27 +00:00
parent 05867ef6d0
commit f2426b6f33
1 changed files with 30 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
lib/msf/core/rpc/v10/service.rb
View File

@ -23,7 +23,7 @@ class Service
attr_accessor :service, :srvhost, :srvport, :uri, :options attr_accessor :service, :srvhost, :srvport, :uri, :options
attr_accessor :handlers, :default_handler, :tokens, :users, :framework attr_accessor :handlers, :default_handler, :tokens, :users, :framework
attr_accessor :dispatcher_timeout, :token_timeout, :debug attr_accessor :dispatcher_timeout, :token_timeout, :debug
def initialize(framework, options={}) def initialize(framework, options={})
self.framework = framework self.framework = framework
self.handlers = {} self.handlers = {}
@ -34,12 +34,12 @@ class Service
:host => '127.0.0.1', :host => '127.0.0.1',
:port => 55553 :port => 55553
}.merge(options) }.merge(options)
self.srvhost = self.options[:host] self.srvhost = self.options[:host]
self.srvport = self.options[:port] self.srvport = self.options[:port]
self.uri = self.options[:uri] self.uri = self.options[:uri]
self.debug = self.options[:debug] self.debug = self.options[:debug]
self.dispatcher_timeout = self.options[:dispatcher_timeout] || 7200 self.dispatcher_timeout = self.options[:dispatcher_timeout] || 7200
self.token_timeout = self.options[:token_timeout] || 300 self.token_timeout = self.options[:token_timeout] || 300
self.tokens = self.options[:tokens] || {} self.tokens = self.options[:tokens] || {}
@ -77,11 +77,11 @@ class Service
def wait def wait
self.service.wait self.service.wait
end end
def on_request_uri(cli, req) def on_request_uri(cli, req)
res = Rex::Proto::Http::Response.new() res = Rex::Proto::Http::Response.new()
res["Content-Type"] = "binary/message-pack" res["Content-Type"] = "binary/message-pack"
begin begin
res.body = process(req).to_msgpack res.body = process(req).to_msgpack
rescue Msf::RPC::Exception => e rescue Msf::RPC::Exception => e
@ -91,11 +91,11 @@ class Service
end end
cli.send_response(res) cli.send_response(res)
end end
def add_handler(group, handler) def add_handler(group, handler)
self.handlers[group] = handler self.handlers[group] = handler
end end
def process(req) def process(req)
msg = nil msg = nil
@ -107,26 +107,26 @@ class Service
raise ArgumentError, "Invalid Request: `#{req.inspect}'" raise ArgumentError, "Invalid Request: `#{req.inspect}'"
end end
end end
if not (req.headers["Content-Type"] and req.headers["Content-Type"] == "binary/message-pack") if not (req.headers["Content-Type"] and req.headers["Content-Type"] == "binary/message-pack")
raise ArgumentError, "Invalid Content Type" raise ArgumentError, "Invalid Content Type"
end end
msg = MessagePack.unpack(req.body) msg = MessagePack.unpack(req.body)
if not (msg and msg.kind_of?(::Array) and msg.length > 0) if not (msg and msg.kind_of?(::Array) and msg.length > 0)
raise ArgumentError, "Invalid Message Format" raise ArgumentError, "Invalid Message Format"
end end
group, funct = msg.shift.split(".", 2) group, funct = msg.shift.split(".", 2)
if not self.handlers[group] if not self.handlers[group]
raise ArgumentError, "Unknown API Group: `#{group.inspect}'" raise ArgumentError, "Unknown API Group: `#{group.inspect}'"
end end
doauth = true doauth = true
mname = 'rpc_' + funct mname = 'rpc_' + funct
if self.handlers[group].respond_to?(mname + '_noauth') if self.handlers[group].respond_to?(mname + '_noauth')
doauth = false doauth = false
mname << '_noauth' mname << '_noauth'
@ -135,50 +135,50 @@ class Service
if not self.handlers[group].respond_to?(mname) if not self.handlers[group].respond_to?(mname)
raise ArgumentError, "Unknown API Call: `#{mname.inspect}'" raise ArgumentError, "Unknown API Call: `#{mname.inspect}'"
end end
if doauth if doauth
token = msg.shift token = msg.shift
if not authenticate(token) if not authenticate(token)
raise ::Msf::RPC::Exception.new(401, "Invalid Authentication Token") raise ::Msf::RPC::Exception.new(401, "Invalid Authentication Token")
end end
end end
::Timeout.timeout(self.dispatcher_timeout) { self.handlers[group].send(mname, *msg) } ::Timeout.timeout(self.dispatcher_timeout) { self.handlers[group].send(mname, *msg) }
rescue ::Exception => e rescue ::Exception => e
elog("RPC Exception: #{e.class} #{e.to_s} #{e.backtrace} #{msg.inspect} #{req.inspect}") elog("RPC Exception: #{e.class} #{e.to_s} #{e.backtrace} #{msg.inspect} #{req.inspect}")
process_exception(e) process_exception(e)
end end
end end
def process_exception(e) def process_exception(e)
r = { r = {
:error => true, :error => true,
:error_class => e.class.to_s, :error_class => e.class.to_s,
:error_string => e.to_s, :error_string => e.to_s,
:error_backtrace => e.backtrace :error_backtrace => e.backtrace.map{|x| x.gsub(/^.*lib\//, 'lib/'} # Dont expose the install path
} }
if e.respond_to?(:message) if e.respond_to?(:message)
r[:error_message] = e.message r[:error_message] = e.message
end end
if e.respond_to?(:code) if e.respond_to?(:code)
r[:error_code] = e.code r[:error_code] = e.code
end end
r r
end end
def add_token(token) def add_token(token)
self.tokens[token] = [nil, nil, nil, true] self.tokens[token] = [nil, nil, nil, true]
end end
def remove_token def remove_token
self.tokens.delete(token) self.tokens.delete(token)
end end
def add_user(user, pass) def add_user(user, pass)
self.users.each do |r| self.users.each do |r|
if r[0] == user if r[0] == user
@ -188,17 +188,17 @@ class Service
end end
self.users << [user, pass] self.users << [user, pass]
end end
def remove_user(user) def remove_user(user)
self.users = self.users.select{|r| r[0] != user } self.users = self.users.select{|r| r[0] != user }
end end
def authenticate(token) def authenticate(token)
stale = [] stale = []
# Force the encoding to ASCII-8BIT # Force the encoding to ASCII-8BIT
token = token.unpack("C*").pack("C*") token = token.unpack("C*").pack("C*")
self.tokens.each_key do |t| self.tokens.each_key do |t|
user,ctime,mtime,perm = self.tokens[t] user,ctime,mtime,perm = self.tokens[t]
if ! perm and mtime + self.token_timeout < Time.now.to_i if ! perm and mtime + self.token_timeout < Time.now.to_i
@ -209,14 +209,14 @@ class Service
stale.each { |t| self.tokens.delete(t) } stale.each { |t| self.tokens.delete(t) }
if not self.tokens[token] if not self.tokens[token]
begin begin
if framework.db.active and Msf::DBManager::ApiKey.find_by_token(token) if framework.db.active and Msf::DBManager::ApiKey.find_by_token(token)
return true return true
end end
rescue ::Exception => e rescue ::Exception => e
end end
return false return false
end end