Class: Rex::Proto::LDAP::AuthAdapter::RexNTLM::Encryptor

Inherits:

Object

• Object
• Rex::Proto::LDAP::AuthAdapter::RexNTLM::Encryptor

Defined in:

lib/rex/proto/ldap/auth_adapter/rex_ntlm/encryptor.rb

Overview

Provide the ability to “wrap” LDAP comms in an NTLM encryption routine The methods herein are set up with the auth_context_setup call below, and are called when reading or writing needs to occur.

Instance Attribute Summary

• #ntlm_client ⇒ Object

  Returns the value of attribute ntlm_client.

Instance Method Summary

• #initialize(ntlm_client) ⇒ Encryptor constructor

  A new instance of Encryptor.

• #read(ciphertext) ⇒ Object

  Decrypt the provided ciphertext.

• #setup(ldap_connection) ⇒ Object

  Configure our encryption, and tell the LDAP connection object that we now want to intercept its calls to read and write.

• #write(data) ⇒ Object

  Encrypt the provided plaintext.

Constructor Details

#initialize(ntlm_client) ⇒ Encryptor

Returns a new instance of Encryptor.

# File 'lib/rex/proto/ldap/auth_adapter/rex_ntlm/encryptor.rb', line 12

def initialize(ntlm_client)
  self.ntlm_client = ntlm_client
end

Instance Attribute Details

#ntlm_client ⇒ Object

Returns the value of attribute ntlm_client.

# File 'lib/rex/proto/ldap/auth_adapter/rex_ntlm/encryptor.rb', line 51

def ntlm_client
  @ntlm_client
end

Instance Method Details

#read(ciphertext) ⇒ Object

Decrypt the provided ciphertext

Parameters:

• ciphertext (String)

# File 'lib/rex/proto/ldap/auth_adapter/rex_ntlm/encryptor.rb', line 25

def read(ciphertext)
  if (session = ntlm_client.session).nil?
    raise Rex::Proto::LDAP::LdapException.new('Can not unseal data (no NTLM session is established)')
  end

  message = session.unseal_message(ciphertext[16..-1])
  unless session.verify_signature(ciphertext[0..15], message)
    raise Rex::Proto::LDAP::LdapException.new('Received invalid message (NTLM signature verification failed)')
  end

  return message
end

#setup(ldap_connection) ⇒ Object

Configure our encryption, and tell the LDAP connection object that we now want to intercept its calls to read and write

Parameters:

• ldap_connection (Net::LDAP::Connection)

# File 'lib/rex/proto/ldap/auth_adapter/rex_ntlm/encryptor.rb', line 19

def setup(ldap_connection)
  ldap_connection.wrap_read_write(self.method(:read), self.method(:write))
end

#write(data) ⇒ Object

Encrypt the provided plaintext

Parameters:

• data (String)

# File 'lib/rex/proto/ldap/auth_adapter/rex_ntlm/encryptor.rb', line 40

def write(data)
  if (session = ntlm_client.session).nil?
    raise Rex::Proto::LDAP::LdapException.new('Can not seal data (no NTLM session is established)')
  end

  emessage = session.seal_message(data)
  signature = session.sign_message(data)

  signature + emessage
end