Class: Rex::Proto::LDAP::Server

Inherits:
Object
  • Object
show all
Includes:
IO::GramServer
Defined in:
lib/rex/proto/ldap/server.rb

Defined Under Namespace

Modules: LdapClient Classes: MockLdapClient

Instance Attribute Summary collapse

Attributes included from IO::GramServer

#dispatch_request_proc, #listener_thread, #send_response_proc

Class Method Summary collapse

Instance Method Summary collapse

Methods included from IO::GramServer

#send_response, #wait

Constructor Details

#initialize(lhost = '0.0.0.0', lport = 389, udp = true, tcp = true, ldif = nil, comm = nil, ctx = {}, dblock = nil, sblock = nil) ⇒ Rex::Proto::LDAP::Server

Create LDAP Server

Parameters:

  • lhost (String) (defaults to: '0.0.0.0')

    Listener address

  • lport (Fixnum) (defaults to: 389)

    Listener port

  • udp (TrueClass, FalseClass) (defaults to: true)

    Listen on UDP socket

  • tcp (TrueClass, FalseClass) (defaults to: true)

    Listen on TCP socket

  • ldif (String) (defaults to: nil)

    LDIF data

  • ctx (Hash) (defaults to: {})

    Framework context for sockets

  • dblock (Proc) (defaults to: nil)

    Handler for :dispatch_request flow control interception

  • sblock (Proc) (defaults to: nil)

    Handler for :send_response flow control interception


64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/rex/proto/ldap/server.rb', line 64

def initialize(lhost = '0.0.0.0', lport = 389, udp = true, tcp = true, ldif = nil, comm = nil, ctx = {}, dblock = nil, sblock = nil)
  @serve_udp = udp
  @serve_tcp = tcp
  @sock_options = {
    'LocalHost' => lhost,
    'LocalPort' => lport,
    'Context' => ctx,
    'Comm' => comm
  }
  @ldif = ldif
  self.listener_thread = nil
  self.dispatch_request_proc = dblock
  self.send_response_proc = sblock
end

Instance Attribute Details

#ldifObject (readonly)

Returns the value of attribute ldif.


10
11
12
# File 'lib/rex/proto/ldap/server.rb', line 10

def ldif
  @ldif
end

#serve_tcpObject (readonly)

Returns the value of attribute serve_tcp.


10
11
12
# File 'lib/rex/proto/ldap/server.rb', line 10

def serve_tcp
  @serve_tcp
end

#serve_udpObject (readonly)

Returns the value of attribute serve_udp.


10
11
12
# File 'lib/rex/proto/ldap/server.rb', line 10

def serve_udp
  @serve_udp
end

#sock_optionsObject (readonly)

Returns the value of attribute sock_options.


10
11
12
# File 'lib/rex/proto/ldap/server.rb', line 10

def sock_options
  @sock_options
end

#syntaxObject (readonly)

Returns the value of attribute syntax.


10
11
12
# File 'lib/rex/proto/ldap/server.rb', line 10

def syntax
  @syntax
end

#tcp_sockObject (readonly)

Returns the value of attribute tcp_sock.


10
11
12
# File 'lib/rex/proto/ldap/server.rb', line 10

def tcp_sock
  @tcp_sock
end

#udp_sockObject (readonly)

Returns the value of attribute udp_sock.


10
11
12
# File 'lib/rex/proto/ldap/server.rb', line 10

def udp_sock
  @udp_sock
end

Class Method Details

.hardcore_alias(*args) ⇒ Object

Returns the hardcore alias for the LDAP service


253
254
255
# File 'lib/rex/proto/ldap/server.rb', line 253

def self.hardcore_alias(*args)
  "#{args[0] || ''}-#{args[1] || ''}-#{args[4] || ''}"
end

Instance Method Details

#aliasObject

LDAP server.


260
261
262
# File 'lib/rex/proto/ldap/server.rb', line 260

def alias
  'LDAP Server'
end

#default_dispatch_request(cli, data) ⇒ Object

Default LDAP request dispatcher

Parameters:

  • cli (Rex::Socket::Tcp, Rex::Socket::Udp)

    Client sending the request

  • data (String)

    raw LDAP request data


154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
# File 'lib/rex/proto/ldap/server.rb', line 154

def default_dispatch_request(cli, data)
  return if data.strip.empty?

  data.extend(Net::BER::Extensions::String)
  begin
    pdu = Net::LDAP::PDU.new(data.read_ber!(Net::LDAP::AsnSyntax))
    wlog("LDAP request has remaining data: #{data}") if !data.empty?
    resp = case pdu.app_tag
           when Net::LDAP::PDU::BindRequest # bind request
             cli.authenticated = true
             encode_ldap_response(
               pdu.message_id,
               Net::LDAP::ResultCodeSuccess,
               '',
               '',
               Net::LDAP::PDU::BindResult
             )
           when Net::LDAP::PDU::SearchRequest # search request
             if cli.authenticated
               # Perform query against some loaded LDIF structure
               treebase = pdu.search_parameters[:base_object].to_s
               # ... search, build packet, send to client
               encode_ldap_response(
                 pdu.message_id,
                 Net::LDAP::ResultCodeNoSuchObject, '',
                 Net::LDAP::ResultStrings[Net::LDAP::ResultCodeNoSuchObject],
                 Net::LDAP::PDU::SearchResult
               )
             else
               service.encode_ldap_response(pdu.message_id, 50, '', 'Not authenticated', Net::LDAP::PDU::SearchResult)
             end
           else
             service.encode_ldap_response(
               pdu.message_id,
               Net::LDAP::ResultCodeUnwillingToPerform,
               '',
               Net::LDAP::ResultStrings[Net::LDAP::ResultCodeUnwillingToPerform],
               Net::LDAP::PDU::SearchResult
             ) end
    resp.nil? ? cli.close : send_response(cli, resp)
  rescue StandardError => e
    elog(e)
    cli.close
    raise e
  end
end

#dispatch_request(cli, data) ⇒ Object

Process client request, handled with dispatch_request_proc if set

Parameters:

  • cli (Rex::Socket::Tcp, Rex::Socket::Udp)

    Client sending the request

  • data (String)

    raw LDAP request data


141
142
143
144
145
146
147
# File 'lib/rex/proto/ldap/server.rb', line 141

def dispatch_request(cli, data)
  if dispatch_request_proc
    dispatch_request_proc.call(cli, data)
  else
    default_dispatch_request(cli, data)
  end
end

#encode_ldap_response(msgid, code, dn, msg, tag) ⇒ Net::BER::BerIdentifiedOid

Encode response for LDAP client consumption

Parameters:

  • msgid (Integer)

    LDAP message identifier

  • code (Integer)

    LDAP message code

  • dn (String)

    LDAP distinguished name

  • msg (String)

    LDAP response message

  • tag (Integer)

    LDAP response tag

Returns:

  • (Net::BER::BerIdentifiedOid)

    LDAP query response


211
212
213
214
215
216
217
218
219
220
# File 'lib/rex/proto/ldap/server.rb', line 211

def encode_ldap_response(msgid, code, dn, msg, tag)
  [
    msgid.to_ber,
    [
      code.to_ber_enumerated,
      dn.to_ber,
      msg.to_ber
    ].to_ber_appsequence(tag)
  ].to_ber_sequence
end

#monitor_listenerObject (protected)

This method monitors the listener socket for new connections and calls the on_client_connect callback routine.


270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
# File 'lib/rex/proto/ldap/server.rb', line 270

def monitor_listener
  loop do
    rds = [udp_sock]
    wds = []
    eds = [udp_sock]

    r, = ::IO.select(rds, wds, eds, 1)

    next unless (!r.nil? && (r[0] == udp_sock))

    buf, host, port = udp_sock.recvfrom(65535)
    # Mock up a client object for sending back data
    cli = MockLdapClient.new(host, port, r[0])
    cli.extend(LdapClient)
    cli.init_ldap_client
    dispatch_request(cli, buf)
  end
end

#on_client_connect(cli) ⇒ Object (protected)

Extend client for LDAP state


307
308
309
310
# File 'lib/rex/proto/ldap/server.rb', line 307

def on_client_connect(cli)
  cli.extend(LdapClient)
  cli.init_ldap_client
end

#on_client_data(cli) ⇒ Object (protected)

Processes request coming from client

Parameters:

  • cli (Rex::Socket::Tcp)

    Client sending request


293
294
295
296
297
298
299
300
301
302
# File 'lib/rex/proto/ldap/server.rb', line 293

def on_client_data(cli)
  data = cli.read(65535)
  raise ::EOFError if !data
  raise ::EOFError if data.empty?

  dispatch_request(cli, data)
rescue EOFError => e
  tcp_socket.close_client(cli) if cli
  raise e
end

#running?Boolean

Check if server is running

Returns:

  • (Boolean)

82
83
84
# File 'lib/rex/proto/ldap/server.rb', line 82

def running?
  listener_thread and listener_thread.alive?
end

#search_ldif(filter, msgid, attrflt = :all) ⇒ Array

Search provided ldif data for query information

Parameters:

  • filter (Net::LDAP::Filter)

    LDAP query filter

  • attrflt (Array, Symbol) (defaults to: :all)

    LDAP attribute filter

Returns:

  • (Array)

    Query matches


229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
# File 'lib/rex/proto/ldap/server.rb', line 229

def search_ldif(filter, msgid, attrflt = :all)
  return [] if @ldif.nil? || @ldif.empty?

  ldif.map do |dn, entry|
    next unless filter.match(entry)

    attrs = []
    entry.each do |k, v|
      if attrflt == :all || attrflt.include?(k.downcase)
        attrvals = v.map(&:to_ber).to_ber_set
        attrs << [k.to_ber, attrvals].to_ber_sequence
      end
    end
    appseq = [
      dn.to_ber,
      attrs.to_ber_sequence
    ].to_ber_appsequence(Net::LDAP::PDU::SearchReturnedData)
    [msgid.to_ber, appseq].to_ber_sequence
  end.compact
end

#startObject

Start the LDAP server


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# File 'lib/rex/proto/ldap/server.rb', line 89

def start
  if serve_udp
    @udp_sock = Rex::Socket::Udp.create(sock_options)
    self.listener_thread = Rex::ThreadFactory.spawn('UDPLDAPServerListener', false) do
      monitor_listener
    end
  end

  if serve_tcp
    @tcp_sock = Rex::Socket::TcpServer.create(sock_options)
    tcp_sock.on_client_connect_proc = proc do |cli|
      on_client_connect(cli)
    end
    tcp_sock.on_client_data_proc = proc do |cli|
      on_client_data(cli)
    end
    # Close UDP socket if TCP socket fails
    begin
      tcp_sock.start
    rescue StandardError => e
      stop
      raise e
    end
    if !serve_udp
      self.listener_thread = tcp_sock.listener_thread
    end
  end

  self
end

#stopObject

Stop the LDAP server


123
124
125
126
127
128
129
130
131
132
133
134
# File 'lib/rex/proto/ldap/server.rb', line 123

def stop
  ensure_close = [udp_sock, tcp_sock].compact
  begin
    listener_thread.kill if listener_thread.respond_to?(:kill)
    self.listener_thread = nil
  ensure
    while csock = ensure_close.shift
      csock.stop if csock.respond_to?(:stop)
      csock.close unless csock.respond_to?(:close) && csock.closed?
    end
  end
end