Merge branch 'goliath' into add_https

Author: mkienow-r7

lib/metasploit/framework/data_service/proxy/core.rb

@@ -1,8 +1,6 @@
-require 'singleton'
 require 'open3'
 require 'rex/ui'
 require 'rex/logging'
-require 'msf/core/db_manager'
 require 'metasploit/framework/data_service/remote/http/core'
 require 'metasploit/framework/data_service/proxy/data_proxy_auto_loader'
 
@@ -14,11 +12,17 @@ module Metasploit
 module Framework
 module DataService
 class DataProxy
-  include Singleton
   include DataProxyAutoLoader
 
   attr_reader :usable
 
+  def initialize(opts = {})
+    @data_services = {}
+    @data_service_id = 0
+    @usable = false
+    setup(opts)
+  end
+
   #
   # Returns current error state
   #
@@ -47,34 +51,6 @@ def active
     return false
   end
 
-  #
-  # Initializes the data service to be used - primarily on startup
-  #
-  def init(framework, opts)
-    @mutex.synchronize {
-      if (@initialized)
-        return
-      end
-
-      begin
-        if (opts['DisableDatabase'])
-          @error = 'disabled'
-          return
-        elsif (opts['DatabaseRemoteProcess'])
-          run_remote_db_process(opts)
-        else
-          run_local_db_process(framework, opts)
-        end
-        @usable = true
-        @initialized = true
-      rescue Exception => e
-        puts "Unable to initialize a dataservice #{e.message}"
-        return
-      end
-    }
-
-  end
-
   #
   # Registers a data service with the proxy and immediately
   # set as primary if online
@@ -130,6 +106,14 @@ def method_missing(method, *args, &block)
     end
   end
 
+  def respond_to?(method_name, include_private=false)
+    unless @data_service.nil?
+      return @data_service.respond_to?(method_name, include_private)
+    end
+
+    false
+  end
+
   #
   # Attempt to shutdown the local db process if it exists
   #
@@ -144,10 +128,6 @@ def exit_called
     end
   end
 
-  #########
-  protected
-  #########
-
   def get_data_service
     raise 'No registered data_service' unless @data_service
     return @data_service
@@ -157,12 +137,21 @@ def get_data_service
   private
   #######
 
-  def initialize
-    @data_services = {}
-    @data_service_id = 0
-    @usable = false
-    @initialized = false
-    @mutex = Mutex.new()
+  def setup(opts)
+    begin
+      db_manager = opts.delete(:db_manager)
+      if !db_manager.nil?
+        register_data_service(db_manager, true)
+        @usable = true
+      elsif opts['DatabaseRemoteProcess']
+        run_remote_db_process(opts)
+        @usable = true
+      else
+        @error = 'disabled'
+      end
+    rescue Exception => e
+      puts "Unable to initialize a dataservice #{e.message}"
+    end
   end
 
   def validate(data_service)
@@ -182,15 +171,6 @@ def data_service_exist?(data_service)
   end
 
 
-  def run_local_db_process(framework, opts)
-    puts 'Initializing local db process'
-    db_manager = Msf::DBManager.new(framework)
-    if (db_manager.usable and not opts['SkipDatabaseInit'])
-        register_data_service(db_manager, true)
-        db_manager.init_db(opts)
-    end
-  end
-
   def run_remote_db_process(opts)
     # started with no signal to prevent ctrl-c from taking out db
     db_script = File.join( Msf::Config.install_root, "msfdb -ns")

lib/metasploit/framework/data_service/remote/http/core.rb

@@ -2,6 +2,7 @@
 require 'metasploit/framework/data_service/remote/http/data_service_auto_loader'
 require 'net/http'
 require 'net/https'
+require 'uri'
 
 #
 # Parent data service for managing metasploit data in/on a separate process/machine over HTTP(s)
@@ -13,7 +14,7 @@ class RemoteHTTPDataService
   include Metasploit::Framework::DataService
   include DataServiceAutoLoader
 
-  ONLINE_TEST_URL = "/api/1/msf/online"
+  ONLINE_TEST_URL = "/api/v1/online"
   EXEC_ASYNC = { :exec_async => true }
   GET_REQUEST = 'GET'
   POST_REQUEST = 'POST'
@@ -30,71 +31,94 @@ def initialize(endpoint, https_opts = {})
   end
 
   #
-  # POST data and don't wait for the endpoint to process the data before getting a response
+  # POST data to the HTTP endpoint and don't wait for the endpoint to process the data before getting a response
   #
-  def post_data_async(path, data_hash)
-    make_request(POST_REQUEST, path, data_hash.merge(EXEC_ASYNC))
+  # @param path - The URI path to send the request
+  # @param data_hash - A hash representation of the object to be posted. Cannot be nil or empty.
+  # @param query - A hash representation of the URI query data. Key-value pairs will be URL-encoded.
+  #
+  # @return A wrapped response (ResponseWrapper), see below.
+  #
+  def post_data_async(path, data_hash, query = nil)
+    make_request(POST_REQUEST, path, data_hash.merge(EXEC_ASYNC), query)
   end
 
   #
   # POST data to the HTTP endpoint
   #
+  # @param path - The URI path to send the request
   # @param data_hash - A hash representation of the object to be posted. Cannot be nil or empty.
-  # @param path - The URI path to post to
+  # @param query - A hash representation of the URI query data. Key-value pairs will be URL-encoded.
   #
   # @return A wrapped response (ResponseWrapper), see below.
   #
-  def post_data(path, data_hash)
-    make_request(POST_REQUEST, path, data_hash)
+  def post_data(path, data_hash, query = nil)
+    make_request(POST_REQUEST, path, data_hash, query)
   end
 
   #
   # GET data from the HTTP endpoint
   #
-  # @param path - The URI path to post to
-  # @param data_hash - A hash representation of the object to be posted. Can be nil or empty.
+  # @param path - The URI path to send the request
+  # @param data_hash - A hash representation of the object to be included. Can be nil or empty.
+  # @param query - A hash representation of the URI query data. Key-value pairs will be URL-encoded.
   #
   # @return A wrapped response (ResponseWrapper), see below.
   #
-  def get_data(path, data_hash = nil)
-    make_request(GET_REQUEST, path, data_hash)
+  def get_data(path, data_hash = nil, query = nil)
+    make_request(GET_REQUEST, path, data_hash, query)
   end
 
   #
   # Send DELETE request to delete the specified resource from the HTTP endpoint
   #
-  # @param path - The URI path to send the delete
+  # @param path - The URI path to send the request
   # @param data_hash - A hash representation of the object to be deleted. Cannot be nil or empty.
+  # @param query - A hash representation of the URI query data. Key-value pairs will be URL-encoded.
   #
   # @return A wrapped response (ResponseWrapper), see below.
   #
-  def delete_data(path, data_hash)
-    make_request(DELETE_REQUEST, path, data_hash)
+  def delete_data(path, data_hash, query = nil)
+    make_request(DELETE_REQUEST, path, data_hash, query)
   end
 
-  def make_request(request_type, path, data_hash = nil)
+  #
+  # Make the specified request_type
+  #
+  # @param request_type - A string representation of the HTTP method
+  # @param path - The URI path to send the request
+  # @param data_hash - A hash representation of the object to be included in the request. Cannot be nil or empty.
+  # @param query - A hash representation of the URI query data. Key-value pairs will be URL-encoded.
+  #
+  # @return A wrapped response (ResponseWrapper)
+  #
+  def make_request(request_type, path, data_hash = nil, query = nil)
     begin
-      puts "#{Time.now} - HTTP #{request_type} request to #{path} with #{data_hash ? data_hash : "nil"}"
+      query_str = (!query.nil? && !query.empty?) ? URI.encode_www_form(query) : nil
+      uri = URI::HTTP::build({path: path, query: query_str})
+      puts "#{Time.now} - HTTP #{request_type} request to #{uri.request_uri} with #{data_hash ? data_hash : "nil"}"
+
       client = @client_pool.pop()
       case request_type
         when GET_REQUEST
-          request = Net::HTTP::Get.new(path)
+          request = Net::HTTP::Get.new(uri.request_uri)
         when POST_REQUEST
-          request = Net::HTTP::Post.new(path)
+          request = Net::HTTP::Post.new(uri.request_uri)
         when DELETE_REQUEST
-          request = Net::HTTP::Delete.new(path)
+          request = Net::HTTP::Delete.new(uri.request_uri)
         else
           raise Exception, 'A request_type must be specified'
       end
       built_request = build_request(request, data_hash)
       response = client.request(built_request)
 
-      if response.code == "200"
-        # puts 'request sent successfully'
-        return SuccessResponse.new(response)
-      else
-        puts "HTTP #{request_type} request: #{path} failed with code: #{response.code} message: #{response.body}"
-        return FailedResponse.new(response)
+      case response
+        when Net::HTTPOK
+          # puts 'request sent successfully'
+          return SuccessResponse.new(response)
+        else
+          puts "HTTP #{request_type} request: #{uri.request_uri} failed with code: #{response.code} message: #{response.body}"
+          return FailedResponse.new(response)
       end
     rescue EOFError => e
       puts "ERROR: No data was returned from the server."
@@ -147,9 +171,7 @@ def name
   end
 
   def set_header(key, value)
-    if (@headers.nil?)
-      @headers = Hash.new()
-    end
+    @headers = Hash.new() if @headers.nil?
 
     @headers[key] = value
   end
@@ -199,24 +221,20 @@ def validate_endpoint(endpoint)
 
   def append_workspace(data_hash)
     workspace = data_hash[:workspace]
-    unless (workspace)
-      workspace = data_hash.delete(:wspace)
-    end
+    workspace = data_hash.delete(:wspace) unless workspace
 
-    if (workspace && (workspace.is_a?(OpenStruct) || workspace.is_a?(::Mdm::Workspace)))
+    if workspace && (workspace.is_a?(OpenStruct) || workspace.is_a?(::Mdm::Workspace))
       data_hash[:workspace] = workspace.name
     end
 
-    if (workspace.nil?)
-      data_hash[:workspace] = current_workspace_name
-    end
+    data_hash[:workspace] = current_workspace_name if workspace.nil?
 
     data_hash
   end
 
   def build_request(request, data_hash)
     request.content_type = 'application/json'
-    if (!data_hash.nil? && !data_hash.empty?)
+    if !data_hash.nil? && !data_hash.empty?
       data_hash.each do |k,v|
         if v.is_a?(Msf::Session)
           puts "#{Time.now} - DEBUG: Dropping Msf::Session object before converting to JSON."
@@ -230,7 +248,7 @@ def build_request(request, data_hash)
       request.body = json_body
     end
 
-    if (!@headers.nil? && !@headers.empty?)
+    if !@headers.nil? && !@headers.empty?
       @headers.each do |key, value|
         request[key] = value
       end

lib/metasploit/framework/data_service/remote/http/remote_credential_data_service.rb

@@ -3,7 +3,7 @@
 module RemoteCredentialDataService
   include ResponseDataHelper
 
-  CREDENTIAL_API_PATH = '/api/1/msf/credential'
+  CREDENTIAL_API_PATH = '/api/v1/credentials'
   # "MDM_CLASS" is a little misleading since it is not in that repo but trying to keep naming consistent across DataServices
   CREDENTIAL_MDM_CLASS = 'Metasploit::Credential::Core'
 

lib/metasploit/framework/data_service/remote/http/remote_event_data_service.rb

@@ -1,5 +1,5 @@
 module RemoteEventDataService
-  EVENT_API_PATH = '/api/1/msf/event'
+  EVENT_API_PATH = '/api/v1/events'
 
   def report_event(opts)
     self.post_data_async(EVENT_API_PATH, opts)

lib/metasploit/framework/data_service/remote/http/remote_exploit_data_service.rb

@@ -1,5 +1,5 @@
 module RemoteExploitDataService
-  EXPLOIT_API_PATH = '/api/1/msf/exploit'
+  EXPLOIT_API_PATH = '/api/v1/exploits'
 
   def report_exploit_attempt(host, opts)
     opts[:host] = host

lib/metasploit/framework/data_service/remote/http/remote_host_data_service.rb

@@ -3,7 +3,7 @@
 module RemoteHostDataService
   include ResponseDataHelper
 
-  HOST_API_PATH = '/api/1/msf/host'
+  HOST_API_PATH = '/api/v1/hosts'
   HOST_SEARCH_PATH = HOST_API_PATH + "/search"
   HOST_MDM_CLASS = 'Mdm::Host'
 

lib/metasploit/framework/data_service/remote/http/remote_loot_data_service.rb

@@ -3,7 +3,7 @@
 module RemoteLootDataService
   include ResponseDataHelper
 
-  LOOT_API_PATH = '/api/1/msf/loot'
+  LOOT_API_PATH = '/api/v1/loots'
   LOOT_MDM_CLASS = 'Mdm::Loot'
 
   def loot(opts = {})

lib/metasploit/framework/data_service/remote/http/remote_nmap_data_service.rb

@@ -3,7 +3,7 @@
 module RemoteNmapDataService
   include ResponseDataHelper
 
-  NMAP_PATH = '/api/1/msf/nmap'
+  NMAP_PATH = '/api/v1/nmaps'
 
   def import_nmap_xml_file(opts)
     filename = opts[:filename]

lib/metasploit/framework/data_service/remote/http/remote_note_data_service.rb

@@ -3,7 +3,7 @@
 module RemoteNoteDataService
   include ResponseDataHelper
 
-  NOTE_API_PATH = '/api/1/msf/note'
+  NOTE_API_PATH = '/api/v1/notes'
 
   def report_note(opts)
     self.post_data_async(NOTE_API_PATH, opts)

lib/metasploit/framework/data_service/remote/http/remote_service_data_service.rb

@@ -1,5 +1,5 @@
 module RemoteServiceDataService
-  SERVICE_API_PATH = '/api/1/msf/service'
+  SERVICE_API_PATH = '/api/v1/services'
 
   def report_service(opts)
     self.post_data_async(SERVICE_API_PATH, opts)