* RPC rpcinfo command PATCH @ 2012-07-02 14:32 Leandro Meiners 2012-07-02 14:43 ` Chuck Lever 0 siblings, 1 reply; 5+ messages in thread From: Leandro Meiners @ 2012-07-02 14:32 UTC (permalink / raw) To: linux-nfs [-- Attachment #1: Type: text/plain, Size: 389 bytes --] Hi, I have written a patch for the rpcinfo command that allows querying the port-mapper via UDP instead of TCP. I added a new parameter (upper-case P) for this functionality. It was helpful for me during a penetration test and I thought it might be worth adding to the project. Signed-off-by: Leandro Meiners <lmeiners@gmail.com> Thanks, Leandro Meiners.- -- Leandro Federico Meiners [-- Attachment #2: rpcinfo-patch.txt --] [-- Type: text/plain, Size: 4770 bytes --] diff -uprN rpcbind-0.2.0-orig/man/rpcinfo.8 rpcbind-0.2.0/man/rpcinfo.8 --- rpcbind-0.2.0-orig/man/rpcinfo.8 2009-05-29 14:38:22.000000000 +0100 +++ rpcbind-0.2.0/man/rpcinfo.8 2012-07-02 15:25:31.406104938 +0100 @@ -14,6 +14,8 @@ .Nm "rpcinfo" .Fl p Op Ar host .Nm "rpcinfo" +.Fl P Op Ar host +.Nm "rpcinfo" .Fl T Ar transport .Ar host Ar prognum .Op Ar versnum @@ -239,7 +241,23 @@ on .Ar host using version 2 of the .Nm rpcbind -protocol, +protocol with TCP as the transport protocol, +and display a list of all registered RPC programs. +If +.Ar host +is not specified, it defaults to the local host. +Note: Version 2 of the +.Nm rpcbind +protocol was previously known as the portmapper protocol. +.Pp +.It Fl P +Probe +.Nm rpcbind +on +.Ar host +using version 2 of the +.Nm rpcbind +protocol with UDP as the transport protocol, and display a list of all registered RPC programs. If .Ar host diff -uprN rpcbind-0.2.0-orig/src/rpcinfo.c rpcbind-0.2.0/src/rpcinfo.c --- rpcbind-0.2.0-orig/src/rpcinfo.c 2009-05-29 14:38:22.000000000 +0100 +++ rpcbind-0.2.0/src/rpcinfo.c 2012-07-02 15:25:14.586186540 +0100 @@ -79,7 +79,7 @@ * Functions to be performed. */ #define NONE 0 /* no function */ -#define PMAPDUMP 1 /* dump portmapper registrations */ +#define PMAPDUMP_TCP 1 /* dump portmapper registrations using TCP*/ #define TCPPING 2 /* ping TCP service */ #define UDPPING 3 /* ping UDP service */ #define BROADCAST 4 /* ping broadcast service */ @@ -90,6 +90,7 @@ #define RPCBDUMP_SHORT 9 /* dump rpcbind registrations - short version */ #define RPCBADDRLIST 10 /* dump addr list about one prog */ #define RPCBGETSTAT 11 /* Get statistics */ +#define PMAPDUMP_UDP 13 /* dump portmapper registrations using UDP*/ struct netidlist { @@ -117,7 +118,7 @@ struct rpcbdump_short static void ip_ping (u_short, char *, int, char **); static CLIENT *clnt_com_create (struct sockaddr_in *, u_long, u_long, int *, char *); -static void pmapdump (int, char **); +static void pmapdump (int, char **, char *); static void get_inet_address (struct sockaddr_in *, char *); #endif @@ -161,7 +162,7 @@ main (int argc, char **argv) function = NONE; errflg = 0; #ifdef PORTMAP - while ((c = getopt (argc, argv, "a:bdlmn:pstT:u")) != -1) + while ((c = getopt (argc, argv, "a:bdlmn:pPstT:u")) != -1) #else while ((c = getopt (argc, argv, "a:bdlmn:sT:")) != -1) #endif @@ -173,7 +174,14 @@ main (int argc, char **argv) if (function != NONE) errflg = 1; else - function = PMAPDUMP; + function = PMAPDUMP_TCP; + break; + + case 'P': + if (function != NONE) + errflg = 1; + else + function = PMAPDUMP_UDP; break; case 't': @@ -270,13 +278,22 @@ main (int argc, char **argv) switch (function) { #ifdef PORTMAP - case PMAPDUMP: + case PMAPDUMP_TCP: if (portnum != 0) { usage (); return 1; } - pmapdump (argc - optind, argv + optind); + pmapdump (argc - optind, argv + optind, "tcp"); + break; + + case PMAPDUMP_UDP: + if (portnum != 0) + { + usage (); + return 1; + } + pmapdump (argc - optind, argv + optind, "udp"); break; case UDPPING: @@ -344,7 +361,7 @@ local_rpcb (rpcprog_t prog, rpcvers_t ve sock = socket (AF_LOCAL, SOCK_STREAM, 0); if (sock < 0) return NULL; - + sun.sun_family = AF_LOCAL; strcpy (sun.sun_path, _PATH_RPCBINDSOCK); nbuf.len = SUN_LEN (&sun); @@ -517,9 +534,10 @@ ip_ping (portnum, trans, argc, argv) * Dump all the portmapper registerations */ static void -pmapdump (argc, argv) +pmapdump (argc, argv, trans) int argc; char **argv; + char *trans; { struct sockaddr_in server_addr; struct pmaplist *head = NULL; @@ -541,8 +559,20 @@ pmapdump (argc, argv) host = argv[0]; get_inet_address (&server_addr, host); server_addr.sin_port = htons (PMAPPORT); - client = clnttcp_create (&server_addr, PMAPPROG, PMAPVERS, - &socket, 50, 500); + if (strcmp (trans, "tcp") == 0) + { + client = clnttcp_create (&server_addr, PMAPPROG, PMAPVERS, + &socket, 50, 500); + } + else + { + struct timeval to; + + to.tv_sec = 5; + to.tv_usec = 0; + client = clntudp_create (&server_addr, PMAPPROG, PMAPVERS, + to, &socket); + } } else client = local_rpcb (PMAPPROG, PMAPVERS); @@ -1714,6 +1744,7 @@ usage () fprintf (stderr, "Usage: rpcinfo [-m | -s] [host]\n"); #ifdef PORTMAP fprintf (stderr, " rpcinfo -p [host]\n"); + fprintf (stderr, " rpcinfo -P [host]\n"); #endif fprintf (stderr, " rpcinfo -T netid host prognum [versnum]\n"); fprintf (stderr, " rpcinfo -l host prognum versnum\n"); ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: RPC rpcinfo command PATCH 2012-07-02 14:32 RPC rpcinfo command PATCH Leandro Meiners @ 2012-07-02 14:43 ` Chuck Lever [not found] ` <CAC+fKpJtKcYXGS7LNBTjZwN_fDJN6K+6EoNa+acPHHY4hNCMxQ@mail.gmail.com> 0 siblings, 1 reply; 5+ messages in thread From: Chuck Lever @ 2012-07-02 14:43 UTC (permalink / raw) To: Leandro Meiners; +Cc: linux-nfs On Jul 2, 2012, at 10:32 AM, Leandro Meiners wrote: > Hi, > > I have written a patch for the rpcinfo command that allows querying > the port-mapper via UDP instead of TCP. I added a new parameter > (upper-case P) for this functionality. It was helpful for me during a > penetration test and I thought it might be worth adding to the > project. > Signed-off-by: Leandro Meiners <lmeiners@gmail.com> Instead of passing a string ("tcp") to pmapdump(), why not use IPPROTO_TCP and IPPROTO_UDP ? Can you say a little bit more about how UDP helped you? ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <CAC+fKpJtKcYXGS7LNBTjZwN_fDJN6K+6EoNa+acPHHY4hNCMxQ@mail.gmail.com>]
* Fwd: RPC rpcinfo command PATCH [not found] ` <CAC+fKpJtKcYXGS7LNBTjZwN_fDJN6K+6EoNa+acPHHY4hNCMxQ@mail.gmail.com> @ 2012-07-04 7:11 ` Leandro Meiners 2012-07-04 16:17 ` Myklebust, Trond 0 siblings, 1 reply; 5+ messages in thread From: Leandro Meiners @ 2012-07-04 7:11 UTC (permalink / raw) To: linux-nfs Sorry, I just noticed I replied to Chuck but forgot to CC the list. Cheers, Leandro ---------- Forwarded message ---------- From: Leandro Meiners <lmeiners@gmail.com> Date: Mon, Jul 2, 2012 at 3:52 PM Subject: Re: RPC rpcinfo command PATCH To: Chuck Lever <chuck.lever@oracle.com> Hi, Guess I did it to follow the same convention as clnt_com_create(), but for no other particular reason. Basically it was useful because I used it to determine that the firewall was not filtering UDP connections to the portmapper (111/udp) but was filtering connections to the TCP portmapper (111/tcp). This allowed me to enumerate the RPC services running on the host and determine that the firewall was not blocking everything it should. Cheers, Leandro.- On Mon, Jul 2, 2012 at 3:43 PM, Chuck Lever <chuck.lever@oracle.com> wrote: > > On Jul 2, 2012, at 10:32 AM, Leandro Meiners wrote: > >> Hi, >> >> I have written a patch for the rpcinfo command that allows querying >> the port-mapper via UDP instead of TCP. I added a new parameter >> (upper-case P) for this functionality. It was helpful for me during a >> penetration test and I thought it might be worth adding to the >> project. >> Signed-off-by: Leandro Meiners <lmeiners@gmail.com> > > Instead of passing a string ("tcp") to pmapdump(), why not use IPPROTO_TCP and IPPROTO_UDP ? > > Can you say a little bit more about how UDP helped you? -- Leandro Federico Meiners -- Leandro Federico Meiners ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Fwd: RPC rpcinfo command PATCH 2012-07-04 7:11 ` Fwd: " Leandro Meiners @ 2012-07-04 16:17 ` Myklebust, Trond 2012-07-05 9:46 ` Leandro Meiners 0 siblings, 1 reply; 5+ messages in thread From: Myklebust, Trond @ 2012-07-04 16:17 UTC (permalink / raw) To: Leandro Meiners; +Cc: linux-nfs T24gV2VkLCAyMDEyLTA3LTA0IGF0IDA4OjExICswMTAwLCBMZWFuZHJvIE1laW5lcnMgd3JvdGU6 DQo+IFNvcnJ5LCBJIGp1c3Qgbm90aWNlZCBJIHJlcGxpZWQgdG8gQ2h1Y2sgYnV0IGZvcmdvdCB0 byBDQyB0aGUgbGlzdC4NCj4gDQo+IENoZWVycywNCj4gTGVhbmRybw0KPiANCj4gDQo+IC0tLS0t LS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLQ0KPiBGcm9tOiBMZWFuZHJvIE1laW5l cnMgPGxtZWluZXJzQGdtYWlsLmNvbT4NCj4gRGF0ZTogTW9uLCBKdWwgMiwgMjAxMiBhdCAzOjUy IFBNDQo+IFN1YmplY3Q6IFJlOiBSUEMgcnBjaW5mbyBjb21tYW5kIFBBVENIDQo+IFRvOiBDaHVj ayBMZXZlciA8Y2h1Y2subGV2ZXJAb3JhY2xlLmNvbT4NCj4gDQo+IA0KPiBIaSwNCj4gDQo+IEd1 ZXNzIEkgZGlkIGl0IHRvIGZvbGxvdyB0aGUgc2FtZSBjb252ZW50aW9uIGFzIGNsbnRfY29tX2Ny ZWF0ZSgpLCBidXQNCj4gZm9yIG5vIG90aGVyIHBhcnRpY3VsYXIgcmVhc29uLiBCYXNpY2FsbHkg aXQgd2FzIHVzZWZ1bCBiZWNhdXNlIEkgdXNlZA0KPiBpdCB0byBkZXRlcm1pbmUgdGhhdCB0aGUg ZmlyZXdhbGwgd2FzIG5vdCBmaWx0ZXJpbmcgVURQIGNvbm5lY3Rpb25zIHRvDQo+IHRoZSBwb3J0 bWFwcGVyICgxMTEvdWRwKSBidXQgd2FzIGZpbHRlcmluZyBjb25uZWN0aW9ucyB0byB0aGUgVENQ DQo+IHBvcnRtYXBwZXIgKDExMS90Y3ApLiBUaGlzIGFsbG93ZWQgbWUgdG8gZW51bWVyYXRlIHRo ZSBSUEMgc2VydmljZXMNCj4gcnVubmluZyBvbiB0aGUgaG9zdCBhbmQgZGV0ZXJtaW5lIHRoYXQg dGhlIGZpcmV3YWxsIHdhcyBub3QgYmxvY2tpbmcNCj4gZXZlcnl0aGluZyBpdCBzaG91bGQuDQoN CidycGNpbmZvIC1UIHVkcCBob3N0bmFtZSBzdW5ycGMnIHNob3VsZCBzdWZmaWNlIGFzIGEgZmly ZXdhbGwgcHJvYmUuDQonbm1hcCcgaGFzIHNpbWlsYXIgZnVuY3Rpb25hbGl0eS4NCg0KQ2hlZXJz DQogIFRyb25kDQotLSANClRyb25kIE15a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWludGFp bmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0QG5ldGFwcC5jb20NCnd3dy5uZXRhcHAuY29t DQoNCg== ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Fwd: RPC rpcinfo command PATCH 2012-07-04 16:17 ` Myklebust, Trond @ 2012-07-05 9:46 ` Leandro Meiners 0 siblings, 0 replies; 5+ messages in thread From: Leandro Meiners @ 2012-07-05 9:46 UTC (permalink / raw) To: Myklebust, Trond; +Cc: linux-nfs Hi, I was unaware of the rcpinfo option. I knew nmap does RPC, but it is sometimes more comfortable to run it from rpcinfo than nmap. Cheers, On Wed, Jul 4, 2012 at 5:17 PM, Myklebust, Trond <Trond.Myklebust@netapp.com> wrote: > On Wed, 2012-07-04 at 08:11 +0100, Leandro Meiners wrote: >> Sorry, I just noticed I replied to Chuck but forgot to CC the list. >> >> Cheers, >> Leandro >> >> >> ---------- Forwarded message ---------- >> From: Leandro Meiners <lmeiners@gmail.com> >> Date: Mon, Jul 2, 2012 at 3:52 PM >> Subject: Re: RPC rpcinfo command PATCH >> To: Chuck Lever <chuck.lever@oracle.com> >> >> >> Hi, >> >> Guess I did it to follow the same convention as clnt_com_create(), but >> for no other particular reason. Basically it was useful because I used >> it to determine that the firewall was not filtering UDP connections to >> the portmapper (111/udp) but was filtering connections to the TCP >> portmapper (111/tcp). This allowed me to enumerate the RPC services >> running on the host and determine that the firewall was not blocking >> everything it should. > > 'rpcinfo -T udp hostname sunrpc' should suffice as a firewall probe. > 'nmap' has similar functionality. > > Cheers > Trond > -- > Trond Myklebust > Linux NFS client maintainer > > NetApp > Trond.Myklebust@netapp.com > www.netapp.com > -- Leandro Federico Meiners ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-07-05 9:46 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-07-02 14:32 RPC rpcinfo command PATCH Leandro Meiners 2012-07-02 14:43 ` Chuck Lever [not found] ` <CAC+fKpJtKcYXGS7LNBTjZwN_fDJN6K+6EoNa+acPHHY4hNCMxQ@mail.gmail.com> 2012-07-04 7:11 ` Fwd: " Leandro Meiners 2012-07-04 16:17 ` Myklebust, Trond 2012-07-05 9:46 ` Leandro Meiners
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.