Override Net::LDAP sockets for Rex::Socket

To flesh out Net::LDAP integration, client connections should be able to pivot over Meterpreter sessions and respect proxy settings for TCP sockets. This commit provides a basic override to the Connection class in Net::LDAP to establish their outbound connection using our sockets tier. Once a proper LDAP client is written for Rex, this hack can be dropped. Testing: Has worked for years in Semper Victus' repo TODO: Replace this with a real LDAP client tying into the datastore and proper Framework context
rapid7 · Dec 14, 2021 · a71b8e6 · a71b8e6
1 parent 360d662
commit a71b8e6
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/lib/rex/proto/ldap.rb b/lib/rex/proto/ldap.rb
@@ -0,0 +1,27 @@
+require 'net/ldap'
+require 'rex/socket'
+
+class Net::LDAP::Connection #:nodoc:
+  LdapVersion = 3
+  MaxSaslChallenges = 10
+
+  def initialize(server)
+    begin
+     @conn = Rex::Socket::Tcp.create(
+       'PeerHost' => server[:host],
+       'PeerPort' => server[:port],
+       'Proxies'  => server[:proxies]
+     )
+    rescue SocketError
+      raise Net::LDAP::LdapError, "No such address or other socket error."
+    rescue Errno::ECONNREFUSED
+      raise Net::LDAP::LdapError, "Server #{server[:host]} refused connection on port #{server[:port]}."
+    end
+
+    if server[:encryption]
+      setup_encryption server[:encryption]
+    end
+
+    yield self if block_given?
+  end
+end