Class: Rex::Proto::LDAP::Server

Inherits:

Object

• Object
• Rex::Proto::LDAP::Server

Includes:

IO::GramServer

Defined in:

lib/rex/proto/ldap/server.rb

Defined Under Namespace

Modules: LdapClient Classes: MockLdapClient

Instance Attribute Summary

• #ldif ⇒ Object readonly

  Returns the value of attribute ldif.

• #serve_tcp ⇒ Object readonly

  Returns the value of attribute serve_tcp.

• #serve_udp ⇒ Object readonly

  Returns the value of attribute serve_udp.

• #sock_options ⇒ Object readonly

  Returns the value of attribute sock_options.

• #syntax ⇒ Object readonly

  Returns the value of attribute syntax.

• #tcp_sock ⇒ Object readonly

  Returns the value of attribute tcp_sock.

• #udp_sock ⇒ Object readonly

  Returns the value of attribute udp_sock.

Attributes included from IO::GramServer

#dispatch_request_proc, #listener_thread, #send_response_proc

Class Method Summary

• .hardcore_alias(*args) ⇒ Object

  Returns the hardcore alias for the LDAP service.

Instance Method Summary

• #alias ⇒ Object

  LDAP server.

• #default_dispatch_request(cli, data) ⇒ Object

  Default LDAP request dispatcher.

• #dispatch_request(cli, data) ⇒ Object

  Process client request, handled with dispatch_request_proc if set.

• #encode_ldap_response(msgid, code, dn, msg, tag) ⇒ Net::BER::BerIdentifiedOid

  Encode response for LDAP client consumption.

• #initialize(lhost = '0.0.0.0', lport = 389, udp = true, tcp = true, ldif = nil, comm = nil, ctx = {}, dblock = nil, sblock = nil) ⇒ Rex::Proto::LDAP::Server constructor

  Create LDAP Server.

• #monitor_listener ⇒ Object protected

  This method monitors the listener socket for new connections and calls the on_client_connect callback routine.

• #on_client_connect(cli) ⇒ Object protected

  Extend client for LDAP state.

• #on_client_data(cli) ⇒ Object protected

  Processes request coming from client.

• #running? ⇒ Boolean

  Check if server is running.

• #search_ldif(filter, msgid, attrflt = :all) ⇒ Array

  Search provided ldif data for query information.

• #start ⇒ Object

  Start the LDAP server.

• #stop ⇒ Object

  Stop the LDAP server.

Methods included from IO::GramServer

#send_response, #wait

Constructor Details

#initialize(lhost = '0.0.0.0', lport = 389, udp = true, tcp = true, ldif = nil, comm = nil, ctx = {}, dblock = nil, sblock = nil) ⇒ Rex::Proto::LDAP::Server

Create LDAP Server

Parameters:

• lhost (String) (defaults to: '0.0.0.0') —

  Listener address

• lport (Fixnum) (defaults to: 389) —

  Listener port

• udp (TrueClass, FalseClass) (defaults to: true) —

  Listen on UDP socket

• tcp (TrueClass, FalseClass) (defaults to: true) —

  Listen on TCP socket

• ldif (String) (defaults to: nil) —

  LDIF data

• ctx (Hash) (defaults to: {}) —

  Framework context for sockets

• dblock (Proc) (defaults to: nil) —

  Handler for :dispatch_request flow control interception

• sblock (Proc) (defaults to: nil) —

  Handler for :send_response flow control interception

# File 'lib/rex/proto/ldap/server.rb', line 64

def initialize(lhost = '0.0.0.0', lport = 389, udp = true, tcp = true, ldif = nil, comm = nil, ctx = {}, dblock = nil, sblock = nil)
  @serve_udp = udp
  @serve_tcp = tcp
  @sock_options = {
    'LocalHost' => lhost,
    'LocalPort' => lport,
    'Context' => ctx,
    'Comm' => comm
  }
  @ldif = ldif
  self.listener_thread = nil
  self.dispatch_request_proc = dblock
  self.send_response_proc = sblock
end

Instance Attribute Details

#ldif ⇒ Object (readonly)

Returns the value of attribute ldif.

# File 'lib/rex/proto/ldap/server.rb', line 10

def ldif
  @ldif
end

#serve_tcp ⇒ Object (readonly)

Returns the value of attribute serve_tcp.

# File 'lib/rex/proto/ldap/server.rb', line 10

def serve_tcp
  @serve_tcp
end

#serve_udp ⇒ Object (readonly)

Returns the value of attribute serve_udp.

# File 'lib/rex/proto/ldap/server.rb', line 10

def serve_udp
  @serve_udp
end

#sock_options ⇒ Object (readonly)

Returns the value of attribute sock_options.

# File 'lib/rex/proto/ldap/server.rb', line 10

def sock_options
  @sock_options
end

#syntax ⇒ Object (readonly)

Returns the value of attribute syntax.

# File 'lib/rex/proto/ldap/server.rb', line 10

def syntax
  @syntax
end

#tcp_sock ⇒ Object (readonly)

Returns the value of attribute tcp_sock.

# File 'lib/rex/proto/ldap/server.rb', line 10

def tcp_sock
  @tcp_sock
end

#udp_sock ⇒ Object (readonly)

Returns the value of attribute udp_sock.

# File 'lib/rex/proto/ldap/server.rb', line 10

def udp_sock
  @udp_sock
end

Class Method Details

.hardcore_alias(*args) ⇒ Object

Returns the hardcore alias for the LDAP service

# File 'lib/rex/proto/ldap/server.rb', line 255

def self.hardcore_alias(*args)
  "#{args[0] || ''}-#{args[1] || ''}-#{args[4] || ''}"
end

Instance Method Details

#alias ⇒ Object

LDAP server.

# File 'lib/rex/proto/ldap/server.rb', line 262

def alias
  'LDAP Server'
end

#default_dispatch_request(cli, data) ⇒ Object

Default LDAP request dispatcher

Parameters:

• cli (Rex::Socket::Tcp, Rex::Socket::Udp) —

  Client sending the request

• data (String) —

  raw LDAP request data

# File 'lib/rex/proto/ldap/server.rb', line 154

def default_dispatch_request(cli, data)
  return if data.strip.empty?

  data.extend(Net::BER::Extensions::String)
  begin
    pdu = Net::LDAP::PDU.new(data.read_ber!(Net::LDAP::AsnSyntax))
    wlog("LDAP request has remaining data: #{data}") if !data.empty?
    resp = case pdu.app_tag
           when Net::LDAP::PDU::BindRequest # bind request
             cli.authenticated = true
             encode_ldap_response(
               pdu.message_id,
               Net::LDAP::ResultCodeSuccess,
               '',
               '',
               Net::LDAP::PDU::BindResult
             )
           when Net::LDAP::PDU::SearchRequest # search request
             if cli.authenticated
               # Perform query against some loaded LDIF structure
               treebase = pdu.search_parameters[:base_object].to_s
               # ... search, build packet, send to client
               encode_ldap_response(
                 pdu.message_id,
                 Net::LDAP::ResultCodeNoSuchObject, '',
                 Net::LDAP::ResultStrings[Net::LDAP::ResultCodeNoSuchObject],
                 Net::LDAP::PDU::SearchResult
               )
             else
               service.encode_ldap_response(pdu.message_id, 50, '', 'Not authenticated', Net::LDAP::PDU::SearchResult)
             end
           when Net::LDAP::PDU::UnbindRequest
             nil # close client, no response can be sent over unbound comm
           else
             service.encode_ldap_response(
               pdu.message_id,
               Net::LDAP::ResultCodeUnwillingToPerform,
               '',
               Net::LDAP::ResultStrings[Net::LDAP::ResultCodeUnwillingToPerform],
               Net::LDAP::PDU::SearchResult
             ) end
    resp.nil? ? cli.close : send_response(cli, resp)
  rescue StandardError => e
    elog(e)
    cli.close
    raise e
  end
end

#dispatch_request(cli, data) ⇒ Object

Process client request, handled with dispatch_request_proc if set

Parameters:

• cli (Rex::Socket::Tcp, Rex::Socket::Udp) —

  Client sending the request

• data (String) —

  raw LDAP request data

# File 'lib/rex/proto/ldap/server.rb', line 141

def dispatch_request(cli, data)
  if dispatch_request_proc
    dispatch_request_proc.call(cli, data)
  else
    default_dispatch_request(cli, data)
  end
end

#encode_ldap_response(msgid, code, dn, msg, tag) ⇒ Net::BER::BerIdentifiedOid

Encode response for LDAP client consumption

Parameters:

• msgid (Integer) —

  LDAP message identifier

• code (Integer) —

  LDAP message code

• dn (String) —

  LDAP distinguished name

• msg (String) —

  LDAP response message

• tag (Integer) —

  LDAP response tag

Returns:

• (Net::BER::BerIdentifiedOid) —

  LDAP query response

# File 'lib/rex/proto/ldap/server.rb', line 213

def encode_ldap_response(msgid, code, dn, msg, tag)
  [
    msgid.to_ber,
    [
      code.to_ber_enumerated,
      dn.to_ber,
      msg.to_ber
    ].to_ber_appsequence(tag)
  ].to_ber_sequence
end

#monitor_listener ⇒ Object (protected)

This method monitors the listener socket for new connections and calls the on_client_connect callback routine.

# File 'lib/rex/proto/ldap/server.rb', line 272

def monitor_listener
  loop do
    rds = [udp_sock]
    wds = []
    eds = [udp_sock]

    r, = ::IO.select(rds, wds, eds, 1)

    next unless (!r.nil? && (r[0] == udp_sock))

    buf, host, port = udp_sock.recvfrom(65535)
    # Mock up a client object for sending back data
    cli = MockLdapClient.new(host, port, r[0])
    cli.extend(LdapClient)
    cli.init_ldap_client
    dispatch_request(cli, buf)
  end
end

#on_client_connect(cli) ⇒ Object (protected)

Extend client for LDAP state

# File 'lib/rex/proto/ldap/server.rb', line 309

def on_client_connect(cli)
  cli.extend(LdapClient)
  cli.init_ldap_client
end

#on_client_data(cli) ⇒ Object (protected)

Processes request coming from client

Parameters:

• cli (Rex::Socket::Tcp) —

  Client sending request

# File 'lib/rex/proto/ldap/server.rb', line 295

def on_client_data(cli)
  data = cli.read(65535)
  raise ::EOFError if !data
  raise ::EOFError if data.empty?

  dispatch_request(cli, data)
rescue EOFError => e
  tcp_socket.close_client(cli) if cli
  raise e
end

#running? ⇒ Boolean

Check if server is running

Returns:

• (Boolean)

# File 'lib/rex/proto/ldap/server.rb', line 82

def running?
  listener_thread and listener_thread.alive?
end

#search_ldif(filter, msgid, attrflt = :all) ⇒ Array

Search provided ldif data for query information

Parameters:

• filter (Net::LDAP::Filter) —

  LDAP query filter

• attrflt (Array, Symbol) (defaults to: :all) —

  LDAP attribute filter

Returns:

• (Array) —

  Query matches

# File 'lib/rex/proto/ldap/server.rb', line 231

def search_ldif(filter, msgid, attrflt = :all)
  return [] if @ldif.nil? || @ldif.empty?

  ldif.map do |dn, entry|
    next unless filter.match(entry)

    attrs = []
    entry.each do |k, v|
      if attrflt == :all || attrflt.include?(k.downcase)
        attrvals = v.map(&:to_ber).to_ber_set
        attrs << [k.to_ber, attrvals].to_ber_sequence
      end
    end
    appseq = [
      dn.to_ber,
      attrs.to_ber_sequence
    ].to_ber_appsequence(Net::LDAP::PDU::SearchReturnedData)
    [msgid.to_ber, appseq].to_ber_sequence
  end.compact
end

#start ⇒ Object

Start the LDAP server

# File 'lib/rex/proto/ldap/server.rb', line 89

def start
  if serve_udp
    @udp_sock = Rex::Socket::Udp.create(sock_options)
    self.listener_thread = Rex::ThreadFactory.spawn('UDPLDAPServerListener', false) do
      monitor_listener
    end
  end

  if serve_tcp
    @tcp_sock = Rex::Socket::TcpServer.create(sock_options)
    tcp_sock.on_client_connect_proc = proc do |cli|
      on_client_connect(cli)
    end
    tcp_sock.on_client_data_proc = proc do |cli|
      on_client_data(cli)
    end
    # Close UDP socket if TCP socket fails
    begin
      tcp_sock.start
    rescue StandardError => e
      stop
      raise e
    end
    if !serve_udp
      self.listener_thread = tcp_sock.listener_thread
    end
  end

  self
end

#stop ⇒ Object

Stop the LDAP server

# File 'lib/rex/proto/ldap/server.rb', line 123

def stop
  ensure_close = [udp_sock, tcp_sock].compact
  begin
    listener_thread.kill if listener_thread.respond_to?(:kill)
    self.listener_thread = nil
  ensure
    while csock = ensure_close.shift
      csock.stop if csock.respond_to?(:stop)
      csock.close unless csock.respond_to?(:close) && csock.closed?
    end
  end
end