Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] rpc library; errors during nfsd startup

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 22 Apr 2010 22:29:18 +0200
I've just commited Djalal's patches and a fix for the errors your experiencing as r17374.
This revision also changes/corrects the error message:
ERROR: rpc.Helper.GetAttributes: Mount: Reply state was not Accepted(0) as expected
to
ERROR: Mount: RPC Authentication Failed

//Patrik
On 22 apr 2010, at 03.17, David Fifield wrote:


This is related to your patch, Djalal, but it affects the current code
and your patched code so I'm replying here.

I get errors if I run the nfs and rpc scripts quickly after restarting
nfsd on the remote. This is what I see with the current code if I run
the scan up to about 3 seconds after restarting nfsd.

PORT    STATE SERVICE REASON
111/tcp open  rpcbind syn-ack
| rpcinfo:
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100021  0,1,3,4      877/udp  nlockmgr
|   100021  0,1,3,4     1022/tcp  nlockmgr
|   100024  1            905/udp  status
|_  100024  1           1021/tcp  status
| nfs-acls:
|_  Failed to list mount points
| nfs-dirlist:
|_  Failed to list mount points
| nfs-showmount:
|_  Failed to list mount points
| nfs-statfs:
|_  Failed to list mount points

Compare this to the output if I run later:

PORT    STATE SERVICE REASON
111/tcp open  rpcbind syn-ack
| rpcinfo:
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100003  2,3         2049/tcp  nfs
|   100003  2,3         2049/udp  nfs
|   100005  1,3          821/udp  mountd
|   100005  1,3         1009/tcp  mountd
|   100011  1,2          658/udp  rquotad
|   100021  0,1,3,4      877/udp  nlockmgr
|   100021  0,1,3,4     1022/tcp  nlockmgr
|   100024  1            905/udp  status
|_  100024  1           1021/tcp  status
| nfs-showmount:
|_  /Users/david 192.168.0.0
| nfs-statfs:
|   /Users/david
|_    ERROR: Mount failed
| nfs-acls:
|   /Users/david
|_    ERROR: Mount failed
| nfs-dirlist:
|   /Users/david
|_    ERROR: Mount failed

The change is even more obvious with the patched library. If I scan
within 3 seconds of restarting nfsd I get lots of errors.

NSE: 'nfs-dirlist' (thread: 0xa00ff70) against 192.168.0.190:111 threw an error!
./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil)
stack traceback:
       [C]: in function 'format'
       ./nselib/rpc.lua:1280: in function 'ShowMounts'
       ./scripts/nfs-dirlist.nse:47: in function <./scripts/nfs-dirlist.nse:40>
       (tail call): ?

NSE: 'nfs-statfs' (thread: 0xa018d00) against 192.168.0.190:111 threw an error!
./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil)
stack traceback:
       [C]: in function 'format'
       ./nselib/rpc.lua:1280: in function 'ShowMounts'
       ./scripts/nfs-statfs.nse:40: in function <./scripts/nfs-statfs.nse:37>
       (tail call): ?

NSE: 'nfs-showmount' (thread: 0xa0303f8) against 192.168.0.190:111 threw an error!
./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil)
stack traceback:
       [C]: in function 'format'
       ./nselib/rpc.lua:1280: in function 'ShowMounts'
       ./scripts/nfs-showmount.nse:39: in function <./scripts/nfs-showmount.nse:34>
       (tail call): ?

NSE: Finished 'rpcinfo' (thread: 0xa01a250) against 192.168.0.190:111.
NSE: 'nfs-acls' (thread: 0xa00e9d8) against 192.168.0.190:111 threw an error!
./nselib/rpc.lua:1280: bad argument #2 to 'format' (string expected, got nil)
stack traceback:
       [C]: in function 'format'
       ./nselib/rpc.lua:1280: in function 'ShowMounts'
       ./scripts/nfs-acls.nse:42: in function <./scripts/nfs-acls.nse:37>
       (tail call): ?

Completed NSE at 19:16, 0.11s elapsed
NSE: Script Scanning completed.
Nmap scan report for 192.168.0.190
Fetchfile found ./nmap-mac-prefixes
MAC prefix 0001C8 is duplicated in ./nmap-mac-prefixes; ignoring duplicates.
MAC prefix 080030 is duplicated in ./nmap-mac-prefixes; ignoring duplicates.
MAC prefix 080030 is duplicated in ./nmap-mac-prefixes; ignoring duplicates.
Host is up, received arp-response (0.00022s latency).
Scanned at 2010-04-21 19:16:52 MDT for 0s
PORT    STATE SERVICE REASON
111/tcp open  rpcbind syn-ack
| rpcinfo:
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100021  0,1,3,4      877/udp  nlockmgr
|   100021  0,1,3,4     1022/tcp  nlockmgr
|   100024  1            905/udp  status
|_  100024  1           1021/tcp  status

The expected output is this.

PORT    STATE SERVICE REASON
111/tcp open  rpcbind syn-ack
| rpcinfo:
|   100000  2            111/tcp  rpcbind
|   100000  2            111/udp  rpcbind
|   100003  2,3         2049/tcp  nfs
|   100003  2,3         2049/udp  nfs
|   100005  1,3          915/udp  mountd
|   100005  1,3         1008/tcp  mountd
|   100011  1,2          652/udp  rquotad
|   100021  0,1,3,4      877/udp  nlockmgr
|   100021  0,1,3,4     1022/tcp  nlockmgr
|   100024  1            905/udp  status
|_  100024  1           1021/tcp  status
| nfs-showmount:
|_  /Users/david 192.168.0.0
| nfs-dirlist:
|   /Users/david
|_    ERROR: rpc.Helper.Dir: Mount: Reply state was not Accepted(0) as expected
| nfs-statfs:
|   /Users/david
|_    ERROR: rpc.Helper.ExportStats: Mount: Reply state was not Accepted(0) as expected
| nfs-acls:
|   /Users/david
|_    ERROR: rpc.Helper.GetAttributes: Mount: Reply state was not Accepted(0) as expected

This is with the Mac OS X nfsd.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: