Monkey patch #modify to accept controls

2023-04-28 13:21:28 -04:00 · 2023-04-28 13:21:28 -04:00 · d23f407c44
parent dcbc6d19c5
commit d23f407c44
1 changed files with 27 additions and 1 deletions
--- a/lib/rex/proto/ldap.rb
+++ b/lib/rex/proto/ldap.rb
@ -57,7 +57,7 @@ class Net::LDAP::Connection # :nodoc:
    yield self if block_given?
  end

-  # Monkeypatch upstream library for now to support :control
+  # Monkeypatch upstream library for now to support :controls
  # hash option in `args` so that we can provide controls within
  # searches. Needed so we can specify the LDAP_SERVER_SD_FLAGS_OID
  # flag for searches to prevent getting the SACL when querying for
@ -283,6 +283,32 @@ class Net::LDAP::Connection # :nodoc:
                 message_id: message_id, messages: messages
    end
  end
+
+  # Another monkeypatch to support :controls
+  def modify(args)
+    modify_dn = args[:dn] or raise "Unable to modify empty DN"
+    ops = self.class.modify_ops args[:operations]
+
+    message_id = next_msgid
+    request    = [
+      modify_dn.to_ber,
+      ops.to_ber_sequence,
+    ].to_ber_appsequence(Net::LDAP::PDU::ModifyRequest)
+
+    controls = args.fetch(:controls, nil)
+    unless controls.nil?
+      controls = controls.to_ber_contextspecific(0)
+    end
+
+    write(request, controls, message_id)
+    pdu = queued_read(message_id)
+
+    if !pdu || pdu.app_tag != Net::LDAP::PDU::ModifyResponse
+      raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid"
+    end
+
+    pdu
+  end
 end

 module Rex