Library ldap
Library methods for handling LDAP.
Author:
| Patrik Karlsson |
Copyright© Same as Nmap--See http://nmap.org/book/man-legal.html Credit goes out to Martin Swende who provided me with the initial code that got me started writing this. Version 0.6 Created 01/12/2010 - v0.1 - Created by Patrik Karlsson <patrik@cqure.net> Revised 01/28/2010 - v0.2 - Revised to fit better fit ASN.1 library Revised 02/02/2010 - v0.3 - Revised to fit OO ASN.1 Library Revised 09/05/2011 - v0.4 - Revised to include support for writing output to file, added decoding certain time formats Revised 10/29/2011 - v0.5 - Added support for performing wildcard searches via the substring filter. Revised 10/30/2011 - v0.6 - Added support for the ldap extensibleMatch filter type for searches
Source: http://nmap.org/svn/nselib/ldap.lua
Functions
| bindRequest (socket, params) |
Attempts to bind to the server using the credentials given |
| convertADTimeStamp (timestamp) |
Convert Microsoft Active Directory timestamp format to a human readable form These values store time values in 100 nanoseconds segments from 01-Jan-1601 |
| convertZuluTimeStamp (timestamp) |
Converts a non-delimited Zulu timestamp format to a human readable form For example 20110904003302.0Z becomes 2001/09/04 00:33:02 UTC |
| copyTable (targetTable) |
Creates a copy of a table |
| createFilter (filter) |
Creates an ASN1 structure from a filter table |
| decode (encStr, pos) |
Decodes an LDAP packet or a part of it according to ASN.1 basic encoding rules. |
| encode (val) |
Encodes a given value according to ASN.1 basic encoding rules for SNMP packet creation. |
| extractAttribute (searchEntries, attributeName) |
Extract naming context from a search response |
| searchRequest (socket, params) |
Performs an LDAP Search request |
| searchResultToFile (searchEntries, filename) |
Saves a search result as received from searchRequest to a file |
| searchResultToTable (searchEntries) |
Converts a search result as received from searchRequest to a "result" table |
| unbindRequest (socket) |
Performs an LDAP Unbind |
Functions
- bindRequest (socket, params)
-
Attempts to bind to the server using the credentials given
Parameters
- socket: socket already connected to the ldap server
-
params:
table containing
version,usernameandpassword
Return values:
- success true or false
- err string containing error message
- convertADTimeStamp (timestamp)
-
Convert Microsoft Active Directory timestamp format to a human readable form These values store time values in 100 nanoseconds segments from 01-Jan-1601
Parameters
- timestamp: Microsoft Active Directory timestamp value
Return value:
string containing human readable form - convertZuluTimeStamp (timestamp)
-
Converts a non-delimited Zulu timestamp format to a human readable form For example 20110904003302.0Z becomes 2001/09/04 00:33:02 UTC
Parameters
- timestamp: in Zulu format without seperators
Return value:
string containing human readable form - copyTable (targetTable)
-
Creates a copy of a table
Parameters
- targetTable: table object to copy
Return value:
table object containing copy of original - createFilter (filter)
-
Creates an ASN1 structure from a filter table
Parameters
- filter: table containing the filter to be created
Return value:
string containing the ASN1 byte sequence - decode (encStr, pos)
-
Decodes an LDAP packet or a part of it according to ASN.1 basic encoding rules.
Parameters
- encStr: Encoded string.
- pos: Current position in the string.
Return values:
- The position after decoding
- The decoded value(s).
- encode (val)
-
Encodes a given value according to ASN.1 basic encoding rules for SNMP packet creation.
Parameters
- val: Value to be encoded.
Return value:
Encoded value. - extractAttribute (searchEntries, attributeName)
-
Extract naming context from a search response
Parameters
- searchEntries: table containing searchEntries from a searchResponse
- attributeName: string containing the attribute to extract
Return value:
table containing the attribute values - searchRequest (socket, params)
-
Performs an LDAP Search request
This function has a concept of softerrors which populates the return tables error information while returning a true status. The reason for this is that LDAP may return a number of records and then finnish of with an error like SIZE LIMIT EXCEEDED. We still want to return the records that were received prior to the error. In order to achieve this and not terminating the script by returning a false status a true status is returned together with a table containing all searchentries. This table has the
errorMessageandresultCodeentries set with the error information. As atrywon't catch this error it's up to the script to do so. See ldap-search.nse for an example.Parameters
- socket: socket already connected to the ldap server
-
params:
table containing at least
scope,derefPolicy,baseObjectthe fieldmaxObjectsmay also be included to restrict the amount of records returned
Return values:
- success true or false.
- err string containing error message
- searchResultToFile (searchEntries, filename)
-
Saves a search result as received from searchRequest to a file
Does some limited decoding of LDAP attributes
TODO: Add decoding of missing attributes TODO: Add decoding of userParameters TODO: Add decoding of loginHours
Parameters
- searchEntries: table as returned from searchRequest
- filename: the name of a save to save results to
Return value:
table suitable forstdnse.format_output - searchResultToTable (searchEntries)
-
Converts a search result as received from searchRequest to a "result" table
Does some limited decoding of LDAP attributes
TODO: Add decoding of missing attributes TODO: Add decoding of userParameters TODO: Add decoding of loginHours
Parameters
- searchEntries: table as returned from searchRequest
Return value:
table suitable forstdnse.format_output - unbindRequest (socket)
-
Performs an LDAP Unbind
Parameters
- socket: socket already connected to the ldap server
Return values:
- success true or false
- err string containing error message