Scrub out the install path in the backtrace
git-svn-id: file:///home/svn/framework3/trunk@13314 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
05867ef6d0
commit
f2426b6f33
|
@ -23,7 +23,7 @@ class Service
|
||||||
attr_accessor :service, :srvhost, :srvport, :uri, :options
|
attr_accessor :service, :srvhost, :srvport, :uri, :options
|
||||||
attr_accessor :handlers, :default_handler, :tokens, :users, :framework
|
attr_accessor :handlers, :default_handler, :tokens, :users, :framework
|
||||||
attr_accessor :dispatcher_timeout, :token_timeout, :debug
|
attr_accessor :dispatcher_timeout, :token_timeout, :debug
|
||||||
|
|
||||||
def initialize(framework, options={})
|
def initialize(framework, options={})
|
||||||
self.framework = framework
|
self.framework = framework
|
||||||
self.handlers = {}
|
self.handlers = {}
|
||||||
|
@ -34,12 +34,12 @@ class Service
|
||||||
:host => '127.0.0.1',
|
:host => '127.0.0.1',
|
||||||
:port => 55553
|
:port => 55553
|
||||||
}.merge(options)
|
}.merge(options)
|
||||||
|
|
||||||
self.srvhost = self.options[:host]
|
self.srvhost = self.options[:host]
|
||||||
self.srvport = self.options[:port]
|
self.srvport = self.options[:port]
|
||||||
self.uri = self.options[:uri]
|
self.uri = self.options[:uri]
|
||||||
self.debug = self.options[:debug]
|
self.debug = self.options[:debug]
|
||||||
|
|
||||||
self.dispatcher_timeout = self.options[:dispatcher_timeout] || 7200
|
self.dispatcher_timeout = self.options[:dispatcher_timeout] || 7200
|
||||||
self.token_timeout = self.options[:token_timeout] || 300
|
self.token_timeout = self.options[:token_timeout] || 300
|
||||||
self.tokens = self.options[:tokens] || {}
|
self.tokens = self.options[:tokens] || {}
|
||||||
|
@ -77,11 +77,11 @@ class Service
|
||||||
def wait
|
def wait
|
||||||
self.service.wait
|
self.service.wait
|
||||||
end
|
end
|
||||||
|
|
||||||
def on_request_uri(cli, req)
|
def on_request_uri(cli, req)
|
||||||
res = Rex::Proto::Http::Response.new()
|
res = Rex::Proto::Http::Response.new()
|
||||||
res["Content-Type"] = "binary/message-pack"
|
res["Content-Type"] = "binary/message-pack"
|
||||||
|
|
||||||
begin
|
begin
|
||||||
res.body = process(req).to_msgpack
|
res.body = process(req).to_msgpack
|
||||||
rescue Msf::RPC::Exception => e
|
rescue Msf::RPC::Exception => e
|
||||||
|
@ -91,11 +91,11 @@ class Service
|
||||||
end
|
end
|
||||||
cli.send_response(res)
|
cli.send_response(res)
|
||||||
end
|
end
|
||||||
|
|
||||||
def add_handler(group, handler)
|
def add_handler(group, handler)
|
||||||
self.handlers[group] = handler
|
self.handlers[group] = handler
|
||||||
end
|
end
|
||||||
|
|
||||||
def process(req)
|
def process(req)
|
||||||
msg = nil
|
msg = nil
|
||||||
|
|
||||||
|
@ -107,26 +107,26 @@ class Service
|
||||||
raise ArgumentError, "Invalid Request: `#{req.inspect}'"
|
raise ArgumentError, "Invalid Request: `#{req.inspect}'"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if not (req.headers["Content-Type"] and req.headers["Content-Type"] == "binary/message-pack")
|
if not (req.headers["Content-Type"] and req.headers["Content-Type"] == "binary/message-pack")
|
||||||
raise ArgumentError, "Invalid Content Type"
|
raise ArgumentError, "Invalid Content Type"
|
||||||
end
|
end
|
||||||
|
|
||||||
msg = MessagePack.unpack(req.body)
|
msg = MessagePack.unpack(req.body)
|
||||||
|
|
||||||
if not (msg and msg.kind_of?(::Array) and msg.length > 0)
|
if not (msg and msg.kind_of?(::Array) and msg.length > 0)
|
||||||
raise ArgumentError, "Invalid Message Format"
|
raise ArgumentError, "Invalid Message Format"
|
||||||
end
|
end
|
||||||
|
|
||||||
group, funct = msg.shift.split(".", 2)
|
group, funct = msg.shift.split(".", 2)
|
||||||
|
|
||||||
if not self.handlers[group]
|
if not self.handlers[group]
|
||||||
raise ArgumentError, "Unknown API Group: `#{group.inspect}'"
|
raise ArgumentError, "Unknown API Group: `#{group.inspect}'"
|
||||||
end
|
end
|
||||||
|
|
||||||
doauth = true
|
doauth = true
|
||||||
mname = 'rpc_' + funct
|
mname = 'rpc_' + funct
|
||||||
|
|
||||||
if self.handlers[group].respond_to?(mname + '_noauth')
|
if self.handlers[group].respond_to?(mname + '_noauth')
|
||||||
doauth = false
|
doauth = false
|
||||||
mname << '_noauth'
|
mname << '_noauth'
|
||||||
|
@ -135,50 +135,50 @@ class Service
|
||||||
if not self.handlers[group].respond_to?(mname)
|
if not self.handlers[group].respond_to?(mname)
|
||||||
raise ArgumentError, "Unknown API Call: `#{mname.inspect}'"
|
raise ArgumentError, "Unknown API Call: `#{mname.inspect}'"
|
||||||
end
|
end
|
||||||
|
|
||||||
if doauth
|
if doauth
|
||||||
token = msg.shift
|
token = msg.shift
|
||||||
if not authenticate(token)
|
if not authenticate(token)
|
||||||
raise ::Msf::RPC::Exception.new(401, "Invalid Authentication Token")
|
raise ::Msf::RPC::Exception.new(401, "Invalid Authentication Token")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
::Timeout.timeout(self.dispatcher_timeout) { self.handlers[group].send(mname, *msg) }
|
::Timeout.timeout(self.dispatcher_timeout) { self.handlers[group].send(mname, *msg) }
|
||||||
|
|
||||||
rescue ::Exception => e
|
rescue ::Exception => e
|
||||||
elog("RPC Exception: #{e.class} #{e.to_s} #{e.backtrace} #{msg.inspect} #{req.inspect}")
|
elog("RPC Exception: #{e.class} #{e.to_s} #{e.backtrace} #{msg.inspect} #{req.inspect}")
|
||||||
process_exception(e)
|
process_exception(e)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def process_exception(e)
|
def process_exception(e)
|
||||||
r = {
|
r = {
|
||||||
:error => true,
|
:error => true,
|
||||||
:error_class => e.class.to_s,
|
:error_class => e.class.to_s,
|
||||||
:error_string => e.to_s,
|
:error_string => e.to_s,
|
||||||
:error_backtrace => e.backtrace
|
:error_backtrace => e.backtrace.map{|x| x.gsub(/^.*lib\//, 'lib/'} # Dont expose the install path
|
||||||
}
|
}
|
||||||
|
|
||||||
if e.respond_to?(:message)
|
if e.respond_to?(:message)
|
||||||
r[:error_message] = e.message
|
r[:error_message] = e.message
|
||||||
end
|
end
|
||||||
|
|
||||||
if e.respond_to?(:code)
|
if e.respond_to?(:code)
|
||||||
r[:error_code] = e.code
|
r[:error_code] = e.code
|
||||||
end
|
end
|
||||||
|
|
||||||
r
|
r
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def add_token(token)
|
def add_token(token)
|
||||||
self.tokens[token] = [nil, nil, nil, true]
|
self.tokens[token] = [nil, nil, nil, true]
|
||||||
end
|
end
|
||||||
|
|
||||||
def remove_token
|
def remove_token
|
||||||
self.tokens.delete(token)
|
self.tokens.delete(token)
|
||||||
end
|
end
|
||||||
|
|
||||||
def add_user(user, pass)
|
def add_user(user, pass)
|
||||||
self.users.each do |r|
|
self.users.each do |r|
|
||||||
if r[0] == user
|
if r[0] == user
|
||||||
|
@ -188,17 +188,17 @@ class Service
|
||||||
end
|
end
|
||||||
self.users << [user, pass]
|
self.users << [user, pass]
|
||||||
end
|
end
|
||||||
|
|
||||||
def remove_user(user)
|
def remove_user(user)
|
||||||
self.users = self.users.select{|r| r[0] != user }
|
self.users = self.users.select{|r| r[0] != user }
|
||||||
end
|
end
|
||||||
|
|
||||||
def authenticate(token)
|
def authenticate(token)
|
||||||
stale = []
|
stale = []
|
||||||
|
|
||||||
# Force the encoding to ASCII-8BIT
|
# Force the encoding to ASCII-8BIT
|
||||||
token = token.unpack("C*").pack("C*")
|
token = token.unpack("C*").pack("C*")
|
||||||
|
|
||||||
self.tokens.each_key do |t|
|
self.tokens.each_key do |t|
|
||||||
user,ctime,mtime,perm = self.tokens[t]
|
user,ctime,mtime,perm = self.tokens[t]
|
||||||
if ! perm and mtime + self.token_timeout < Time.now.to_i
|
if ! perm and mtime + self.token_timeout < Time.now.to_i
|
||||||
|
@ -209,14 +209,14 @@ class Service
|
||||||
stale.each { |t| self.tokens.delete(t) }
|
stale.each { |t| self.tokens.delete(t) }
|
||||||
|
|
||||||
if not self.tokens[token]
|
if not self.tokens[token]
|
||||||
|
|
||||||
begin
|
begin
|
||||||
if framework.db.active and Msf::DBManager::ApiKey.find_by_token(token)
|
if framework.db.active and Msf::DBManager::ApiKey.find_by_token(token)
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
rescue ::Exception => e
|
rescue ::Exception => e
|
||||||
end
|
end
|
||||||
|
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue