When dealing with SMTP servers the communication needs to flow
a known protocol. To ensure the socket is in the correct state
after a send and receive it needs to be read until a line return
a response code followed by a `space` and additional data and `\r\n`
or the response code immediately followed by `\r\n` is returned.
When connecting to an SMTP server after `HELO` and auth
complete there can be additional data sent from the client
that sits in the socket queue. Adding a `get_once` after connection
has settled ensure any pending for extension responses are cleared.
Due to how this stack is being broken up into LDAP core, scanner
update, and exploit work, changes requested in #15972 actually
apply in this branch and get rebased to the remaining ones.
Address requests to clean up the textual messages, LDIF file read,
sourcing of LDAP methods from net-ldap, and YARD-related placement
of attr_* annotations.
In order to detect scan callbacks, serve payloads, and otherwise
interact with the LDAP protocol handler in JNDI, Metasploit needs
a native LDAP service properly exposed to various parts of the
Framework and users/consumers.
Implement Rex::Protocol::LDAP::Server with TCP and UDP socket
handlers abstracted to a common access pattern between L4 stacks.
Extend the socket clients to hold a state attibute for LDAP bind
authentication, and use the UDP client abstraction to implement
consistent callback semantics for data receipt from a client and
handling response on the other side. The server utilizes Rex'
native sockets, permitting full pivot and proxy support over the
Switchboard.
Implement the Msf::Exploit::Remote::LDAP::Server mixin to manage
service abstraction and shared methods exposed to Metasploit
modules.
Note: during implementation of this functionality, it was
discovered that the Scanner mixin's :replicant method resulted in
:dup calls to the Rex::ServiceManager service created by this new
mixin (and any others leveraging ServiceManager). As a result,
double-bind attempts created failures in service instantiation from
the duplicated MetasploitModules which also dropped the @service
instance variable reference to the actual running service; leaving
the socket inexorably bound until Framework was halted and Ruby
released the FDs. See https://github.com/rapid7/rex-core/pull/19
and the Issues/Pull Requests sections of R7's MSF GitHub.
Expose the new LDAP infrastructure to users by way of a basic LDAP
server MetasploitModule which consumes a tiny sample LDIF (provided)
and performs queries against it. This is intended to be a template
for future work such as LDAP authentication capture, protocol proxy
for MITM and intercept, and other more specific implementations for
exploits and auxiliary modules.
For feature completeness, provide a Rex::Socket override for
Net::LDAP::Connection until we have a proper, native to Rex, LDAP
client class implemented.
Testing:
Basic functionality only, this is an early effort which will be
extended for feature-completeness over time
Ruby 3 removed the `URI.escape` methods however access to
the a parse for the same RFC is stil available at `URI::DEFAULT_PARSER.escape`.
Per the Ruby forum [comment](https://bugs.ruby-lang.org/issues/17309#note-1) this should equal.
adfoster-r7