Ruby XDR parser

XDR, as specified in rfc-4506, forms the underpinnings of Mount, NFS, NFS4 and a host of other protocols. Broadly all of this can be grouped under Sun RPC for implementing Remote Procedure Calls.

The XDR is truly an IDL (Interface Definition Language) for a Sun RPC service. On most *nix operating systems you will find a set of .x files located in:

/usr/include/rpcsvc/

that specify how to talk to these services.

Since the RPC services are named using program’s, the portmap plays a role in resolving these program numbers into UDP/TCP port numbers so that the communications can be initiated. This is very similar to UDDI for SOAP or endpoint mapper for Microsoft RPC. The latter is much more based on DCERPC which is Y.A.RPC mechanism. Fundamentally, it’s about marshaling integers, strings, choices, etc in a certain way. In addition, all of these RPC definitions include a way to identify the function that’s being invoked remotely. In the case of XDR, it happens to be called as procedures.

In any case, attached is the racc parser for properly parsing XDR files. It doesn’t include the various actions, but is thorough. And yes, it can parse NFS4. rpcgen is a parser like this that generates the C code necessary to programmatically invoke these services. The common workflow for designing a new service is to first build the XDR specification, run it through rpcgen to generate the client/server stubs and then fill in the details.

Incidentally, the RPC-runtime advisory we released some time ago was to do with the encoding of strings using XDR and it affected all RPC services on OSX.

We are releasing the parser under BEER license, so please use it at will and wait around the bar. And don’t drink and code. ;-)

Download the code here.

How does this fit broadly into what we do? All I can say is the Solaris 10 ypupdated vulnerability. Find out at CanSecWest! I’ll post my slides when I’m back from Vancouver.