* RPC rpcinfo command PATCH
@ 2012-07-02 14:32 Leandro Meiners
2012-07-02 14:43 ` Chuck Lever
0 siblings, 1 reply; 5+ messages in thread
From: Leandro Meiners @ 2012-07-02 14:32 UTC (permalink / raw)
To: linux-nfs
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
Hi,
I have written a patch for the rpcinfo command that allows querying
the port-mapper via UDP instead of TCP. I added a new parameter
(upper-case P) for this functionality. It was helpful for me during a
penetration test and I thought it might be worth adding to the
project.
Signed-off-by: Leandro Meiners <lmeiners@gmail.com>
Thanks,
Leandro Meiners.-
--
Leandro Federico Meiners
[-- Attachment #2: rpcinfo-patch.txt --]
[-- Type: text/plain, Size: 4770 bytes --]
diff -uprN rpcbind-0.2.0-orig/man/rpcinfo.8 rpcbind-0.2.0/man/rpcinfo.8
--- rpcbind-0.2.0-orig/man/rpcinfo.8 2009-05-29 14:38:22.000000000 +0100
+++ rpcbind-0.2.0/man/rpcinfo.8 2012-07-02 15:25:31.406104938 +0100
@@ -14,6 +14,8 @@
.Nm "rpcinfo"
.Fl p Op Ar host
.Nm "rpcinfo"
+.Fl P Op Ar host
+.Nm "rpcinfo"
.Fl T Ar transport
.Ar host Ar prognum
.Op Ar versnum
@@ -239,7 +241,23 @@ on
.Ar host
using version 2 of the
.Nm rpcbind
-protocol,
+protocol with TCP as the transport protocol,
+and display a list of all registered RPC programs.
+If
+.Ar host
+is not specified, it defaults to the local host.
+Note: Version 2 of the
+.Nm rpcbind
+protocol was previously known as the portmapper protocol.
+.Pp
+.It Fl P
+Probe
+.Nm rpcbind
+on
+.Ar host
+using version 2 of the
+.Nm rpcbind
+protocol with UDP as the transport protocol,
and display a list of all registered RPC programs.
If
.Ar host
diff -uprN rpcbind-0.2.0-orig/src/rpcinfo.c rpcbind-0.2.0/src/rpcinfo.c
--- rpcbind-0.2.0-orig/src/rpcinfo.c 2009-05-29 14:38:22.000000000 +0100
+++ rpcbind-0.2.0/src/rpcinfo.c 2012-07-02 15:25:14.586186540 +0100
@@ -79,7 +79,7 @@
* Functions to be performed.
*/
#define NONE 0 /* no function */
-#define PMAPDUMP 1 /* dump portmapper registrations */
+#define PMAPDUMP_TCP 1 /* dump portmapper registrations using TCP*/
#define TCPPING 2 /* ping TCP service */
#define UDPPING 3 /* ping UDP service */
#define BROADCAST 4 /* ping broadcast service */
@@ -90,6 +90,7 @@
#define RPCBDUMP_SHORT 9 /* dump rpcbind registrations - short version */
#define RPCBADDRLIST 10 /* dump addr list about one prog */
#define RPCBGETSTAT 11 /* Get statistics */
+#define PMAPDUMP_UDP 13 /* dump portmapper registrations using UDP*/
struct netidlist
{
@@ -117,7 +118,7 @@ struct rpcbdump_short
static void ip_ping (u_short, char *, int, char **);
static CLIENT *clnt_com_create (struct sockaddr_in *, u_long, u_long, int *,
char *);
-static void pmapdump (int, char **);
+static void pmapdump (int, char **, char *);
static void get_inet_address (struct sockaddr_in *, char *);
#endif
@@ -161,7 +162,7 @@ main (int argc, char **argv)
function = NONE;
errflg = 0;
#ifdef PORTMAP
- while ((c = getopt (argc, argv, "a:bdlmn:pstT:u")) != -1)
+ while ((c = getopt (argc, argv, "a:bdlmn:pPstT:u")) != -1)
#else
while ((c = getopt (argc, argv, "a:bdlmn:sT:")) != -1)
#endif
@@ -173,7 +174,14 @@ main (int argc, char **argv)
if (function != NONE)
errflg = 1;
else
- function = PMAPDUMP;
+ function = PMAPDUMP_TCP;
+ break;
+
+ case 'P':
+ if (function != NONE)
+ errflg = 1;
+ else
+ function = PMAPDUMP_UDP;
break;
case 't':
@@ -270,13 +278,22 @@ main (int argc, char **argv)
switch (function)
{
#ifdef PORTMAP
- case PMAPDUMP:
+ case PMAPDUMP_TCP:
if (portnum != 0)
{
usage ();
return 1;
}
- pmapdump (argc - optind, argv + optind);
+ pmapdump (argc - optind, argv + optind, "tcp");
+ break;
+
+ case PMAPDUMP_UDP:
+ if (portnum != 0)
+ {
+ usage ();
+ return 1;
+ }
+ pmapdump (argc - optind, argv + optind, "udp");
break;
case UDPPING:
@@ -344,7 +361,7 @@ local_rpcb (rpcprog_t prog, rpcvers_t ve
sock = socket (AF_LOCAL, SOCK_STREAM, 0);
if (sock < 0)
return NULL;
-
+
sun.sun_family = AF_LOCAL;
strcpy (sun.sun_path, _PATH_RPCBINDSOCK);
nbuf.len = SUN_LEN (&sun);
@@ -517,9 +534,10 @@ ip_ping (portnum, trans, argc, argv)
* Dump all the portmapper registerations
*/
static void
-pmapdump (argc, argv)
+pmapdump (argc, argv, trans)
int argc;
char **argv;
+ char *trans;
{
struct sockaddr_in server_addr;
struct pmaplist *head = NULL;
@@ -541,8 +559,20 @@ pmapdump (argc, argv)
host = argv[0];
get_inet_address (&server_addr, host);
server_addr.sin_port = htons (PMAPPORT);
- client = clnttcp_create (&server_addr, PMAPPROG, PMAPVERS,
- &socket, 50, 500);
+ if (strcmp (trans, "tcp") == 0)
+ {
+ client = clnttcp_create (&server_addr, PMAPPROG, PMAPVERS,
+ &socket, 50, 500);
+ }
+ else
+ {
+ struct timeval to;
+
+ to.tv_sec = 5;
+ to.tv_usec = 0;
+ client = clntudp_create (&server_addr, PMAPPROG, PMAPVERS,
+ to, &socket);
+ }
}
else
client = local_rpcb (PMAPPROG, PMAPVERS);
@@ -1714,6 +1744,7 @@ usage ()
fprintf (stderr, "Usage: rpcinfo [-m | -s] [host]\n");
#ifdef PORTMAP
fprintf (stderr, " rpcinfo -p [host]\n");
+ fprintf (stderr, " rpcinfo -P [host]\n");
#endif
fprintf (stderr, " rpcinfo -T netid host prognum [versnum]\n");
fprintf (stderr, " rpcinfo -l host prognum versnum\n");
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: RPC rpcinfo command PATCH
2012-07-02 14:32 RPC rpcinfo command PATCH Leandro Meiners
@ 2012-07-02 14:43 ` Chuck Lever
[not found] ` <CAC+fKpJtKcYXGS7LNBTjZwN_fDJN6K+6EoNa+acPHHY4hNCMxQ@mail.gmail.com>
0 siblings, 1 reply; 5+ messages in thread
From: Chuck Lever @ 2012-07-02 14:43 UTC (permalink / raw)
To: Leandro Meiners; +Cc: linux-nfs
On Jul 2, 2012, at 10:32 AM, Leandro Meiners wrote:
> Hi,
>
> I have written a patch for the rpcinfo command that allows querying
> the port-mapper via UDP instead of TCP. I added a new parameter
> (upper-case P) for this functionality. It was helpful for me during a
> penetration test and I thought it might be worth adding to the
> project.
> Signed-off-by: Leandro Meiners <lmeiners@gmail.com>
Instead of passing a string ("tcp") to pmapdump(), why not use IPPROTO_TCP and IPPROTO_UDP ?
Can you say a little bit more about how UDP helped you?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Fwd: RPC rpcinfo command PATCH
[not found] ` <CAC+fKpJtKcYXGS7LNBTjZwN_fDJN6K+6EoNa+acPHHY4hNCMxQ@mail.gmail.com>
@ 2012-07-04 7:11 ` Leandro Meiners
2012-07-04 16:17 ` Myklebust, Trond
0 siblings, 1 reply; 5+ messages in thread
From: Leandro Meiners @ 2012-07-04 7:11 UTC (permalink / raw)
To: linux-nfs
Sorry, I just noticed I replied to Chuck but forgot to CC the list.
Cheers,
Leandro
---------- Forwarded message ----------
From: Leandro Meiners <lmeiners@gmail.com>
Date: Mon, Jul 2, 2012 at 3:52 PM
Subject: Re: RPC rpcinfo command PATCH
To: Chuck Lever <chuck.lever@oracle.com>
Hi,
Guess I did it to follow the same convention as clnt_com_create(), but
for no other particular reason. Basically it was useful because I used
it to determine that the firewall was not filtering UDP connections to
the portmapper (111/udp) but was filtering connections to the TCP
portmapper (111/tcp). This allowed me to enumerate the RPC services
running on the host and determine that the firewall was not blocking
everything it should.
Cheers,
Leandro.-
On Mon, Jul 2, 2012 at 3:43 PM, Chuck Lever <chuck.lever@oracle.com> wrote:
>
> On Jul 2, 2012, at 10:32 AM, Leandro Meiners wrote:
>
>> Hi,
>>
>> I have written a patch for the rpcinfo command that allows querying
>> the port-mapper via UDP instead of TCP. I added a new parameter
>> (upper-case P) for this functionality. It was helpful for me during a
>> penetration test and I thought it might be worth adding to the
>> project.
>> Signed-off-by: Leandro Meiners <lmeiners@gmail.com>
>
> Instead of passing a string ("tcp") to pmapdump(), why not use IPPROTO_TCP and IPPROTO_UDP ?
>
> Can you say a little bit more about how UDP helped you?
--
Leandro Federico Meiners
--
Leandro Federico Meiners
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Fwd: RPC rpcinfo command PATCH
2012-07-04 7:11 ` Fwd: " Leandro Meiners
@ 2012-07-04 16:17 ` Myklebust, Trond
2012-07-05 9:46 ` Leandro Meiners
0 siblings, 1 reply; 5+ messages in thread
From: Myklebust, Trond @ 2012-07-04 16:17 UTC (permalink / raw)
To: Leandro Meiners; +Cc: linux-nfs
T24gV2VkLCAyMDEyLTA3LTA0IGF0IDA4OjExICswMTAwLCBMZWFuZHJvIE1laW5lcnMgd3JvdGU6
DQo+IFNvcnJ5LCBJIGp1c3Qgbm90aWNlZCBJIHJlcGxpZWQgdG8gQ2h1Y2sgYnV0IGZvcmdvdCB0
byBDQyB0aGUgbGlzdC4NCj4gDQo+IENoZWVycywNCj4gTGVhbmRybw0KPiANCj4gDQo+IC0tLS0t
LS0tLS0gRm9yd2FyZGVkIG1lc3NhZ2UgLS0tLS0tLS0tLQ0KPiBGcm9tOiBMZWFuZHJvIE1laW5l
cnMgPGxtZWluZXJzQGdtYWlsLmNvbT4NCj4gRGF0ZTogTW9uLCBKdWwgMiwgMjAxMiBhdCAzOjUy
IFBNDQo+IFN1YmplY3Q6IFJlOiBSUEMgcnBjaW5mbyBjb21tYW5kIFBBVENIDQo+IFRvOiBDaHVj
ayBMZXZlciA8Y2h1Y2subGV2ZXJAb3JhY2xlLmNvbT4NCj4gDQo+IA0KPiBIaSwNCj4gDQo+IEd1
ZXNzIEkgZGlkIGl0IHRvIGZvbGxvdyB0aGUgc2FtZSBjb252ZW50aW9uIGFzIGNsbnRfY29tX2Ny
ZWF0ZSgpLCBidXQNCj4gZm9yIG5vIG90aGVyIHBhcnRpY3VsYXIgcmVhc29uLiBCYXNpY2FsbHkg
aXQgd2FzIHVzZWZ1bCBiZWNhdXNlIEkgdXNlZA0KPiBpdCB0byBkZXRlcm1pbmUgdGhhdCB0aGUg
ZmlyZXdhbGwgd2FzIG5vdCBmaWx0ZXJpbmcgVURQIGNvbm5lY3Rpb25zIHRvDQo+IHRoZSBwb3J0
bWFwcGVyICgxMTEvdWRwKSBidXQgd2FzIGZpbHRlcmluZyBjb25uZWN0aW9ucyB0byB0aGUgVENQ
DQo+IHBvcnRtYXBwZXIgKDExMS90Y3ApLiBUaGlzIGFsbG93ZWQgbWUgdG8gZW51bWVyYXRlIHRo
ZSBSUEMgc2VydmljZXMNCj4gcnVubmluZyBvbiB0aGUgaG9zdCBhbmQgZGV0ZXJtaW5lIHRoYXQg
dGhlIGZpcmV3YWxsIHdhcyBub3QgYmxvY2tpbmcNCj4gZXZlcnl0aGluZyBpdCBzaG91bGQuDQoN
CidycGNpbmZvIC1UIHVkcCBob3N0bmFtZSBzdW5ycGMnIHNob3VsZCBzdWZmaWNlIGFzIGEgZmly
ZXdhbGwgcHJvYmUuDQonbm1hcCcgaGFzIHNpbWlsYXIgZnVuY3Rpb25hbGl0eS4NCg0KQ2hlZXJz
DQogIFRyb25kDQotLSANClRyb25kIE15a2xlYnVzdA0KTGludXggTkZTIGNsaWVudCBtYWludGFp
bmVyDQoNCk5ldEFwcA0KVHJvbmQuTXlrbGVidXN0QG5ldGFwcC5jb20NCnd3dy5uZXRhcHAuY29t
DQoNCg==
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Fwd: RPC rpcinfo command PATCH
2012-07-04 16:17 ` Myklebust, Trond
@ 2012-07-05 9:46 ` Leandro Meiners
0 siblings, 0 replies; 5+ messages in thread
From: Leandro Meiners @ 2012-07-05 9:46 UTC (permalink / raw)
To: Myklebust, Trond; +Cc: linux-nfs
Hi,
I was unaware of the rcpinfo option. I knew nmap does RPC, but it is
sometimes more comfortable to run it from rpcinfo than nmap.
Cheers,
On Wed, Jul 4, 2012 at 5:17 PM, Myklebust, Trond
<Trond.Myklebust@netapp.com> wrote:
> On Wed, 2012-07-04 at 08:11 +0100, Leandro Meiners wrote:
>> Sorry, I just noticed I replied to Chuck but forgot to CC the list.
>>
>> Cheers,
>> Leandro
>>
>>
>> ---------- Forwarded message ----------
>> From: Leandro Meiners <lmeiners@gmail.com>
>> Date: Mon, Jul 2, 2012 at 3:52 PM
>> Subject: Re: RPC rpcinfo command PATCH
>> To: Chuck Lever <chuck.lever@oracle.com>
>>
>>
>> Hi,
>>
>> Guess I did it to follow the same convention as clnt_com_create(), but
>> for no other particular reason. Basically it was useful because I used
>> it to determine that the firewall was not filtering UDP connections to
>> the portmapper (111/udp) but was filtering connections to the TCP
>> portmapper (111/tcp). This allowed me to enumerate the RPC services
>> running on the host and determine that the firewall was not blocking
>> everything it should.
>
> 'rpcinfo -T udp hostname sunrpc' should suffice as a firewall probe.
> 'nmap' has similar functionality.
>
> Cheers
> Trond
> --
> Trond Myklebust
> Linux NFS client maintainer
>
> NetApp
> Trond.Myklebust@netapp.com
> www.netapp.com
>
--
Leandro Federico Meiners
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-07-05 9:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-02 14:32 RPC rpcinfo command PATCH Leandro Meiners
2012-07-02 14:43 ` Chuck Lever
[not found] ` <CAC+fKpJtKcYXGS7LNBTjZwN_fDJN6K+6EoNa+acPHHY4hNCMxQ@mail.gmail.com>
2012-07-04 7:11 ` Fwd: " Leandro Meiners
2012-07-04 16:17 ` Myklebust, Trond
2012-07-05 9:46 ` Leandro Meiners
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.