Use railties to load Metasploit::Credential correctly

MSP-9606

In order to support Metasploit::Credential correctly,
metasploit-framework needs to support Metasploit::Concern, which does
all its magic using a Rails::Engine initializer, so the easiest path is
to make metasploit-framework be able to use Rails::Engines.  To make
Rails::Engine use Rails::Engine, make a dummy Rails::Application
subclass so that all the initializers will be run when anything requires
msfenv.

.gitignore

@@ -50,6 +50,9 @@ tags
 *.opensdf
 *.user
 
+# Rails log directory
+/log
+
 # ignore release/debug folders for exploits
 external/source/exploits/**/Debug
 external/source/exploits/**/Release

Gemfile

@@ -12,16 +12,21 @@ gem 'msgpack'
 gem 'nokogiri'
 # Needed by db.rb and Msf::Exploit::Capture
 gem 'packetfu', '1.1.9'
+# Run initializers for metasploit-concern, metasploit-credential, metasploit_data_models Rails::Engines
+gem 'railties'
 # Needed by JSObfu
 gem 'rkelly-remix', '0.0.6'
 # Needed by anemone crawler
 gem 'robots'
 
+
 group :db do
   # Needed for Msf::DbManager
   gem 'activerecord', '>= 3.0.0', '< 4.0.0'
+  # Metasploit::Creential database models
+  gem 'metasploit-credential', git: 'github-metasploit-credential:rapid7/metasploit-credential.git', tag: 'v0.1.2-metasploit-credential'
   # Database models shared between framework and Pro.
-  gem 'metasploit_data_models', '~> 0.17.0'
+  gem 'metasploit_data_models', '~> 0.17.1'
   # Needed for module caching in Mdm::ModuleDetails
   gem 'pg', '>= 0.11'
 end
@@ -38,10 +43,17 @@ group :development, :test do
   # Version 4.1.0 or newer is needed to support generate calls without the
   # 'FactoryGirl.' in factory definitions syntax.
   gem 'factory_girl', '>= 4.1.0'
+  # automatically include factories from spec/factories
+  gem 'factory_girl_rails'
   # Make rspec output shorter and more useful
   gem 'fivemat', '1.2.1'
   # running documentation generation tasks and rspec tasks
   gem 'rake', '>= 10.0.0'
+  # testing framework
+  gem 'rspec', '>= 2.12'
+  # Define `rake spec`.  Must be in development AND test so that its available by default as a rake test when the
+  # environment is development
+  gem 'rspec-rails'
 end
 
 group :pcap do
@@ -55,8 +67,6 @@ group :test do
   # transactional fixtures because multiple connections are in use so
   # transactions won't work.
   gem 'database_cleaner'
-  # testing framework
-  gem 'rspec', '>= 2.12'
   gem 'shoulda-matchers'
   # code coverage for tests
   # any version newer than 0.5.4 gives an Encoding error when trying to read the source files.

Gemfile.lock

@@ -1,6 +1,26 @@
+GIT
+  remote: github-metasploit-credential:rapid7/metasploit-credential.git
+  revision: 2f8384cd5f7d0124e276a6e4b7fa8193dd96f56c
+  tag: v0.1.2-metasploit-credential
+  specs:
+    metasploit-credential (0.1.2.pre.metasploit.pre.credential)
+      metasploit-concern (~> 0.0.4)
+      metasploit_data_models (~> 0.17.0)
+      rubyntlm
+
 GEM
   remote: https://rubygems.org/
   specs:
+    actionpack (3.2.17)
+      activemodel (= 3.2.17)
+      activesupport (= 3.2.17)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
     activemodel (3.2.17)
       activesupport (= 3.2.17)
       builder (~> 3.0.0)
@@ -17,13 +37,21 @@ GEM
     builder (3.0.4)
     database_cleaner (1.2.0)
     diff-lcs (1.2.5)
+    erubis (2.7.0)
     factory_girl (4.4.0)
       activesupport (>= 3.0.0)
+    factory_girl_rails (4.4.1)
+      factory_girl (~> 4.4.0)
+      railties (>= 3.0.0)
     fivemat (1.2.1)
+    hike (1.2.3)
     i18n (0.6.9)
+    journey (1.0.4)
     json (1.8.1)
-    metasploit_data_models (0.17.0)
-      activerecord (>= 3.2.13)
+    metasploit-concern (0.0.4)
+      activesupport (~> 3.0, >= 3.0.0)
+    metasploit_data_models (0.17.1)
+      activerecord (>= 3.2.13, < 4.0.0)
       activesupport
       pg
     mini_portile (0.5.3)
@@ -35,7 +63,23 @@ GEM
     packetfu (1.1.9)
     pcaprub (0.11.3)
     pg (0.17.1)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    railties (3.2.17)
+      actionpack (= 3.2.17)
+      activesupport (= 3.2.17)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
     rake (10.3.1)
+    rdoc (3.12.2)
+      json (~> 1.4)
     redcarpet (3.1.1)
     rkelly-remix (0.0.6)
     robots (0.10.1)
@@ -47,12 +91,28 @@ GEM
     rspec-expectations (2.14.5)
       diff-lcs (>= 1.1.3, < 2.0)
     rspec-mocks (2.14.6)
+    rspec-rails (2.14.2)
+      actionpack (>= 3.0)
+      activemodel (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rubyntlm (0.4.0)
     shoulda-matchers (2.6.0)
       activesupport (>= 3.0.0)
     simplecov (0.5.4)
       multi_json (~> 1.0.3)
       simplecov-html (~> 0.5.3)
     simplecov-html (0.5.3)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.19.1)
+    tilt (1.4.1)
     timecop (0.7.1)
     tzinfo (0.3.39)
     yard (0.8.7.4)
@@ -66,20 +126,24 @@ DEPENDENCIES
   bcrypt
   database_cleaner
   factory_girl (>= 4.1.0)
+  factory_girl_rails
   fivemat (= 1.2.1)
   json
-  metasploit_data_models (~> 0.17.0)
+  metasploit-credential!
+  metasploit_data_models (~> 0.17.1)
   msgpack
   network_interface (~> 0.0.1)
   nokogiri
   packetfu (= 1.1.9)
   pcaprub
   pg (>= 0.11)
+  railties
   rake (>= 10.0.0)
   redcarpet
   rkelly-remix (= 0.0.6)
   robots
   rspec (>= 2.12)
+  rspec-rails
   shoulda-matchers
   simplecov (= 0.5.4)
   timecop

Rakefile

@@ -1,81 +1,4 @@
-require 'bundler/setup'
+#!/usr/bin/env rake
+require File.expand_path('../config/application', __FILE__)
 
-pathname = Pathname.new(__FILE__)
-root = pathname.parent
-
-# add metasploit-framework/lib to load paths so rake files can just require
-# files normally without having to use __FILE__ and recalculating root and the
-# path to lib
-lib_pathname = root.join('lib')
-$LOAD_PATH.unshift(lib_pathname.to_s)
-
-#
-# load rake files like a rails engine
-#
-
-rakefile_glob = root.join('lib', 'tasks', '**', '*.rake').to_path
-
-Dir.glob(rakefile_glob) do |rakefile|
-  # Skip database tasks, will load them later if MDM is present
-  next if rakefile =~ /database\.rake$/
-  load rakefile
-end
-
-print_without = false
-
-begin
-	require 'rspec/core/rake_task'
-rescue LoadError
-	puts "rspec not in bundle, so can't set up spec tasks.  " \
-	     "To run specs ensure to install the development and test groups."
-
-	print_without = true
-else
-	RSpec::Core::RakeTask.new(:spec => 'db:test:prepare')
-
-	task :default => :spec
-end
-
-# Require yard before loading metasploit_data_models rake tasks as the yard tasks won't be defined if
-# YARD is not defined when yard.rake is loaded.
-begin
-  require 'yard'
-rescue LoadError
-	puts "yard not in bundle, so can't set up yard tasks.  " \
-	     "To generate documentation ensure to install the development group."
-
-	print_without = true
-end
-
-begin
-	require 'metasploit_data_models'
-rescue LoadError
-	puts "metasploit_data_models not in bundle, so can't set up db tasks.  " \
-	     "To run database tasks, ensure to install the db bundler group."
-
-	print_without = true
-else
-	load 'lib/tasks/database.rake'
-	metasploit_data_models_task_glob = MetasploitDataModels.root.join(
-			'lib',
-			'tasks',
-			'**',
-			'*.rake'
-	).to_s
-	# include tasks from metasplioit_data_models, such as `rake yard`.
-	# metasploit-framework specific yard options are in .yardopts
-	Dir.glob(metasploit_data_models_task_glob) do |path|
-		load path
-	end
-end
-
-
-
-if print_without
-	puts "Bundle currently installed " \
-	     "'--without #{Bundler.settings.without.join(' ')}'."
-	puts "To clear the without option do `bundle install --without ''` " \
-	     "(the --without flag with an empty string) or " \
-	     "`rm -rf .bundle` to remove the .bundle/config manually and " \
-	     "then `bundle install`"
-end
+Metasploit::Framework::Application.load_tasks

config/application.rb

@@ -0,0 +1,33 @@
+require 'rails'
+require File.expand_path('../boot', __FILE__)
+
+# only the parts of 'rails/all' that metasploit-framework actually uses
+require 'active_record/railtie'
+
+all_environments = [
+    :development,
+    :production,
+    :test
+]
+
+Bundler.require(
+    *Rails.groups(
+        db: all_environments,
+        pcap: all_environments
+    )
+)
+
+require 'msf/base/config'
+
+module Metasploit
+  module Framework
+    class Application < Rails::Application
+      user_config_root = Pathname.new(Msf::Config.get_config_root)
+      user_database_yaml = user_config_root.join('database.yml')
+
+      if user_database_yaml.exist?
+        config.paths['config/database'] = [user_database_yaml.to_path]
+      end
+    end
+  end
+end

config/boot.rb

@@ -0,0 +1,33 @@
+require 'pathname'
+require 'rubygems'
+
+bundle_gemfile = ENV['BUNDLE_GEMFILE']
+
+config_pathname = Pathname.new(__FILE__).expand_path.parent
+root = config_pathname.parent
+
+if bundle_gemfile
+  bundle_gemfile = Pathname.new(bundle_gemfile)
+else
+  bundle_gemfile = root.join('Gemfile')
+end
+
+if bundle_gemfile.exist?
+  ENV['BUNDLE_GEMFILE'] = bundle_gemfile.to_path
+
+  begin
+    require 'bundler'
+  rescue LoadError
+    $stderr.puts "[*] Metasploit requires the Bundler gem to be installed"
+    $stderr.puts "    $ gem install bundler"
+    exit(0)
+  end
+end
+
+Bundler.setup
+
+lib_path = root.join('lib').to_path
+
+unless $LOAD_PATH.include? lib_path
+  $LOAD_PATH.unshift lib_path
+end

config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Metasploit::Framework::Application.initialize!