overflow_discovery/service/matcher/ldap/ldap.go
crusader 3dd6cb79ca ing
2017-11-21 21:47:55 +09:00

181 lines
3.0 KiB
Go

package ldap
import (
"bytes"
"encoding/binary"
"git.loafle.net/overflow/overflow_discovery/service/matcher"
)
const (
LDAP_MESSAGE_ID = 0x99
LDAP_MESSAGE_ID_QUIT = 0x89
LDAP_VERSION3 = 3
LDAP_SUCCESS = 0x00
LDAP_REQ_BIND = 0x60
LDAP_REQ_UNBIND = 0x42
LDAP_RES_BIND = 0x61
LDAP_AUTH_SIMPLE = 0x80
)
type LDAP_SEND struct {
DefaultCode uint8
PacketLength uint8
NextType1 uint8
NextTypeLength1 uint8
MessageId uint8
ProtocolOp uint8
ProtocolOpLength uint8
NextType2 uint8
NextTypeLength2 uint8
Version uint8
NextType3 uint8
NextTypeLength3 uint8
Auth uint8
AuthLength uint8
}
type LDAP_RECV struct {
DefaultCode uint8
UnknwonCode1 uint8
EndCode11 uint8
EndCode12 uint8
MessageId uint8
ProtocolOp uint8
UnknwonCode2 uint8
EndCode21 uint8
EndCode22 uint8
ResultCode uint8
UnknwonCode3 uint8
UnknwonCode4 uint8
Auth uint8
UnknwonCode5 uint8
}
type LDAP_QUIT struct {
DefaultCode uint8
UnknwonCode1 uint8
PacketLength uint32
NextType1 uint8
NextTypeLength1 uint8
MessageId uint8
ProtocolOp uint8
protocolOpLength uint8
}
type LDAPMatcher struct {
matcher.Matchers
}
func (l *LDAPMatcher) ServiceName() string {
return "LDAP"
}
func (l *LDAPMatcher) IsPrePacket() bool {
return false
}
func (l *LDAPMatcher) IsError(info matcher.MatchInfo, index int, packet *matcher.Packet) bool {
return false
}
func (l *LDAPMatcher) Match(info matcher.MatchInfo, index int, packet *matcher.Packet) bool {
if packet == nil {
return false
}
buf := new(bytes.Buffer)
buf.Write(packet.Buffer)
ldapRecv := LDAP_RECV{}
binary.Read(buf, binary.LittleEndian, &ldapRecv)
if ldapRecv.MessageId != LDAP_MESSAGE_ID {
return false
}
if ldapRecv.ProtocolOp != LDAP_RES_BIND {
return false
}
if ldapRecv.ResultCode != LDAP_SUCCESS {
return false
}
return true
}
func NewMatcher() matcher.Matcher {
ls := LDAP_SEND{
DefaultCode: 0x30,
PacketLength: 0x0c, // size -2
NextType1: 0x02,
NextTypeLength1: 0x01,
MessageId: LDAP_MESSAGE_ID,
ProtocolOp: LDAP_REQ_BIND,
ProtocolOpLength: 0x07,
NextType2: 0x02,
NextTypeLength2: 0x01,
Version: LDAP_VERSION3,
NextType3: 0x04,
NextTypeLength3: 0x00,
Auth: LDAP_AUTH_SIMPLE,
AuthLength: 0x00,
}
mCache := new(bytes.Buffer)
binary.Write(mCache, binary.LittleEndian, ls)
sendByte1 := mCache.Bytes()
m := &LDAPMatcher{
//sendPackets: make([][]byte, 2),
}
m.AddPacket(matcher.NewPacket(sendByte1, len(sendByte1)))
lq := LDAP_QUIT{
DefaultCode: 0x30,
UnknwonCode1: 0x84,
PacketLength: 0x05,
NextType1: 0x02,
NextTypeLength1: 0x01,
MessageId: LDAP_MESSAGE_ID_QUIT,
ProtocolOp: LDAP_REQ_UNBIND,
protocolOpLength: 0x00,
}
lqBuffer := new(bytes.Buffer)
binary.Write(lqBuffer, binary.BigEndian, lq)
sendByte2 := lqBuffer.Bytes()
m.AddPacket(matcher.NewPacket(sendByte2, len(sendByte2)))
return m
}