Module: Net::LDAP::Connection::SocketSaslIO

Includes:
Rex::Proto::Sasl
Defined in:
lib/rex/proto/ldap.rb

Overview

Allow wrapping the socket to read and write SASL data

Instance Method Summary collapse

Methods included from Rex::Proto::Sasl

#unwrap_sasl, #wrap_sasl

Instance Method Details

#get_ber_length(data) ⇒ Object

This seems hacky, but we’re just fitting in with how net-ldap does it



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/rex/proto/ldap.rb', line 82

def get_ber_length(data)
  n = data[0].ord

  if n <= 0x7f
    [n, 1]
  elsif n == 0x80
    raise Net::BER::BerError,
        'Indeterminite BER content length not implemented.'
  elsif n == 0xff
    raise Net::BER::BerError, 'Invalid BER length 0xFF detected.'
  else
    v = 0
    extra_length = n & 0x7f
    data[1,n & 0x7f].each_byte do |b|
      v = (v << 8) + b
    end

    [v, extra_length + 1]
  end
end

#read_ber(syntax = nil) ⇒ Object



103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# File 'lib/rex/proto/ldap.rb', line 103

def read_ber(syntax = nil)
  unless @wrap_read.nil?
    if ber_cache.any?
      return ber_cache.shift
    end
    # SASL buffer length
    length_bytes = read(4)
    # The implementation in net-ldap returns nil if it doesn't read any data
    return nil unless length_bytes

    length = length_bytes.unpack('N')[0]

    # Now read the actual data
    data = read(length)

    # Decrypt it
    plaintext = @wrap_read.call(data)

    while plaintext.length > 0
      id = plaintext[0].ord
      ber_length, used_chars = get_ber_length(plaintext[1,plaintext.length])
      plaintext = plaintext[1+used_chars, plaintext.length]

      # We may receive several objects in the one packet
      # Ideally we'd refactor all of ruby-net-ldap to use
      # yields for this, but it's all a bit messy. So instead,
      # just store them all and return the next one each time
      # we're asked.
      ber_cache.append(parse_ber_object(syntax, id, plaintext[0,ber_length]))

      plaintext = plaintext[ber_length,plaintext.length]
    end

    return ber_cache.shift
  else
    super(syntax)
  end
end

#setup(wrap_read, wrap_write) ⇒ Object



154
155
156
157
158
# File 'lib/rex/proto/ldap.rb', line 154

def setup(wrap_read, wrap_write)
  @wrap_read = wrap_read
  @wrap_write = wrap_write
  @ber_cache = []
end

#write(data) ⇒ Object



142
143
144
145
146
147
148
149
150
151
152
# File 'lib/rex/proto/ldap.rb', line 142

def write(data)
  unless @wrap_write.nil?
    # Encrypt it
    data = @wrap_write.call(data)

    # Prepend the length bytes
    data = wrap_sasl(data)
  end

  super(data)
end