LdapLayer.h

Go to the documentation of this file.

#pragma once
 
#include "Layer.h"
#include "Asn1Codec.h"
#include <ostream>
#include <string>
#include <functional>
 
 
namespace pcpp
{
    class LdapOperationType
    {
    public:
        enum Value : uint8_t
        {
            BindRequest = 0,
            BindResponse = 1,
            UnbindRequest = 2,
            SearchRequest = 3,
            SearchResultEntry = 4,
            SearchResultDone = 5,
            ModifyRequest = 6,
            ModifyResponse = 7,
            AddRequest = 8,
            AddResponse = 9,
            DeleteRequest = 10,
            DeleteResponse = 11,
            ModifyDNRequest = 12,
            ModifyDNResponse = 13,
            CompareRequest = 14,
            CompareResponse = 15,
            AbandonRequest = 16,
            SearchResultReference = 19,
            ExtendedRequest = 23,
            ExtendedResponse = 24,
            IntermediateResponse = 25,
            Unknown = 255
        };
 
        LdapOperationType() = default;
 
        // cppcheck-suppress noExplicitConstructor
        constexpr LdapOperationType(Value value) : m_Value(value)
        {}
 
        std::string toString() const;
 
        static LdapOperationType fromUintValue(uint8_t value);
 
        // Allow switch and comparisons.
        constexpr operator Value() const
        {
            return m_Value;
        }
 
        // Prevent usage: if(LdapOperationType)
        explicit operator bool() const = delete;
 
    private:
        Value m_Value = LdapOperationType::Unknown;
    };
 
    class LdapResultCode
    {
    public:
        enum Value : uint8_t
        {
            Success = 0,
            OperationsError = 1,
            ProtocolError = 2,
            TimeLimitExceeded = 3,
            SizeLimitExceeded = 4,
            CompareFalse = 5,
            CompareTrue = 6,
            AuthMethodNotSupported = 7,
            StrongerAuthRequired = 8,
            Referral = 10,
            AdminLimitExceeded = 11,
            UnavailableCriticalExtension = 12,
            ConfidentialityRequired = 13,
            SaslBindInProgress = 14,
            NoSuchAttribute = 16,
            UndefinedAttributeType = 17,
            InappropriateMatching = 18,
            ConstraintViolation = 19,
            AttributeOrValueExists = 20,
            InvalidAttributeSyntax = 21,
            NoSuchObject = 32,
            AliasProblem = 33,
            InvalidDNSyntax = 34,
            AliasDereferencingProblem = 36,
            InappropriateAuthentication = 48,
            InvalidCredentials = 49,
            InsufficientAccessRights = 50,
            Busy = 51,
            Unavailable = 52,
            UnwillingToPerform = 53,
            LoopDetect = 54,
            NamingViolation = 64,
            ObjectClassViolation = 65,
            NotAllowedOnNonLeaf = 66,
            NotAllowedOnRDN = 67,
            EntryAlreadyExists = 68,
            ObjectClassModsProhibited = 69,
            AffectsMultipleDSAs = 71,
            Other = 80,
            Unknown = 255
        };
 
        LdapResultCode() = default;
 
        // cppcheck-suppress noExplicitConstructor
        constexpr LdapResultCode(Value value) : m_Value(value)
        {}
 
        std::string toString() const;
 
        static LdapResultCode fromUintValue(uint8_t value);
 
        // Allow switch and comparisons
        constexpr operator Value() const
        {
            return m_Value;
        }
 
        // Prevent usage: if(LdapResultCode)
        explicit operator bool() const = delete;
 
    private:
        Value m_Value = LdapResultCode::Unknown;
    };
 
    struct LdapControl
    {
        std::string controlType;
        std::string controlValue;
 
        bool operator==(const LdapControl& other) const
        {
            return controlType == other.controlType && controlValue == other.controlValue;
        }
    };
 
    struct LdapAttribute
    {
        std::string type;
        std::vector<std::string> values;
 
        bool operator==(const LdapAttribute& other) const
        {
            return type == other.type && values == other.values;
        }
    };
 
    class LdapLayer : public Layer
    {
    public:
        LdapLayer(uint16_t messageId, LdapOperationType operationType, const std::vector<Asn1Record*>& messageRecords,
                  const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        ~LdapLayer() override = default;
 
        Asn1SequenceRecord* getRootAsn1Record() const;
 
        Asn1ConstructedRecord* getLdapOperationAsn1Record() const;
 
        uint16_t getMessageID() const;
 
        std::vector<LdapControl> getControls() const;
 
        virtual LdapOperationType getLdapOperationType() const;
 
        template <typename Method, typename ResultType> bool tryGet(Method method, ResultType& result)
        {
            return internalTryGet(this, method, result);
        }
 
        static bool isLdapPort(uint16_t port)
        {
            return port == 389;
        }
 
        static LdapLayer* parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        // implement abstract methods
 
        void parseNextLayer() override;
 
        size_t getHeaderLen() const override
        {
            return m_Asn1Record->getTotalLength();
        }
 
        void computeCalculateFields() override
        {}
 
        OsiModelLayer getOsiModelLayer() const override
        {
            return OsiModelApplicationLayer;
        }
 
        std::string toString() const override;
 
    protected:
        std::unique_ptr<Asn1Record> m_Asn1Record;
 
        LdapLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                  Packet* packet);
        LdapLayer() = default;
        void init(uint16_t messageId, LdapOperationType operationType, const std::vector<Asn1Record*>& messageRecords,
                  const std::vector<LdapControl>& controls);
        virtual std::string getExtendedInfoString() const
        {
            return "";
        }
 
        static constexpr int messageIdIndex = 0;
        static constexpr int operationTypeIndex = 1;
        static constexpr int controlsIndex = 2;
 
        static constexpr int controlTypeIndex = 0;
        static constexpr int controlValueIndex = 1;
 
        template <typename LdapClass, typename Method, typename ResultType>
        bool internalTryGet(LdapClass* thisPtr, Method method, ResultType& result)
        {
            try
            {
                result = std::mem_fn(method)(thisPtr);
                return true;
            }
            catch (...)
            {
                return false;
            }
        }
    };
 
    class LdapResponseLayer : public LdapLayer
    {
    public:
        LdapResultCode getResultCode() const;
 
        std::string getMatchedDN() const;
 
        std::string getDiagnosticMessage() const;
 
        std::vector<std::string> getReferral() const;
 
    protected:
        static constexpr int resultCodeIndex = 0;
        static constexpr int matchedDNIndex = 1;
        static constexpr int diagnotsticsMessageIndex = 2;
        static constexpr int referralIndex = 3;
 
        static constexpr uint8_t referralTagType = 3;
 
        LdapResponseLayer() = default;
        LdapResponseLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                          Packet* packet)
            : LdapLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
 
        LdapResponseLayer(uint16_t messageId, LdapOperationType operationType, LdapResultCode resultCode,
                          const std::string& matchedDN, const std::string& diagnosticMessage,
                          const std::vector<std::string>& referral = std::vector<std::string>(),
                          const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        void init(uint16_t messageId, LdapOperationType operationType, LdapResultCode resultCode,
                  const std::string& matchedDN, const std::string& diagnosticMessage,
                  const std::vector<std::string>& referral = std::vector<std::string>(),
                  const std::vector<Asn1Record*>& additionalRecords = std::vector<Asn1Record*>(),
                  const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        std::string getExtendedInfoString() const override;
    };
 
    class LdapBindRequestLayer : public LdapLayer
    {
    public:
        enum class AuthenticationType : uint8_t
        {
            Simple = 0,
            Sasl = 3,
            NotApplicable = 255
        };
 
        struct SaslAuthentication
        {
            std::string mechanism;
            std::vector<uint8_t> credentials;
 
            bool operator==(const SaslAuthentication& other) const
            {
                return mechanism == other.mechanism && credentials == other.credentials;
            }
 
            bool operator!=(const SaslAuthentication& other) const
            {
                return !operator==(other);
            }
        };
 
        LdapBindRequestLayer(uint16_t messageId, uint8_t version, const std::string& name,
                             const std::string& simpleAuthentication,
                             const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        LdapBindRequestLayer(uint16_t messageId, uint8_t version, const std::string& name,
                             const SaslAuthentication& saslAuthentication,
                             const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        uint32_t getVersion() const;
 
        std::string getName() const;
 
        AuthenticationType getAuthenticationType() const;
 
        std::string getSimpleAuthentication() const;
 
        SaslAuthentication getSaslAuthentication() const;
 
        template <typename Method, typename ResultType> bool tryGet(Method method, ResultType& result)
        {
            return internalTryGet(this, method, result);
        }
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        LdapBindRequestLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                             Packet* packet)
            : LdapLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
 
        std::string getExtendedInfoString() const override;
 
    private:
        static constexpr int versionIndex = 0;
        static constexpr int nameIndex = 1;
        static constexpr int credentialIndex = 2;
 
        static constexpr int saslMechanismIndex = 0;
        static constexpr int saslCredentialsIndex = 1;
    };
 
    class LdapBindResponseLayer : public LdapResponseLayer
    {
    public:
        LdapBindResponseLayer(uint16_t messageId, LdapResultCode resultCode, const std::string& matchedDN,
                              const std::string& diagnosticMessage,
                              const std::vector<std::string>& referral = std::vector<std::string>(),
                              const std::vector<uint8_t>& serverSaslCredentials = std::vector<uint8_t>(),
                              const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        std::vector<uint8_t> getServerSaslCredentials() const;
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        static constexpr int serverSaslCredentialsTagType = 7;
 
        LdapBindResponseLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                              Packet* packet)
            : LdapResponseLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
 
    class LdapUnbindRequestLayer : public LdapLayer
    {
    public:
        explicit LdapUnbindRequestLayer(uint16_t messageId,
                                        const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        // Unbind request has no operation record
        Asn1ConstructedRecord* getLdapOperationAsn1Record() const = delete;
 
        LdapOperationType getLdapOperationType() const override
        {
            return LdapOperationType::UnbindRequest;
        }
 
        template <typename Method, typename ResultType> bool tryGet(Method method, ResultType& result)
        {
            return internalTryGet(this, method, result);
        }
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        LdapUnbindRequestLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                               Packet* packet)
            : LdapLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
 
    class LdapSearchRequestLayer : public LdapLayer
    {
    public:
        class SearchRequestScope
        {
        public:
            enum Value : uint8_t
            {
                BaseObject = 0,
                SingleLevel = 1,
                WholeSubtree = 2,
                subordinateSubtree = 3,
                Unknown = 255
            };
 
            SearchRequestScope() = default;
 
            // cppcheck-suppress noExplicitConstructor
            constexpr SearchRequestScope(Value value) : m_Value(value)
            {}
 
            std::string toString() const;
 
            static SearchRequestScope fromUintValue(uint8_t value);
 
            // Allow switch and comparisons.
            constexpr operator Value() const
            {
                return m_Value;
            }
 
            // Prevent usage: if(LdapOperationType)
            explicit operator bool() const = delete;
 
        private:
            Value m_Value = SearchRequestScope::Unknown;
        };
 
        class DerefAliases
        {
        public:
            enum Value : uint8_t
            {
                NeverDerefAliases = 0,
                DerefInSearching = 1,
                DerefFindingBaseObj = 2,
                DerefAlways = 3,
                Unknown = 255
            };
 
            DerefAliases() = default;
 
            // cppcheck-suppress noExplicitConstructor
            constexpr DerefAliases(Value value) : m_Value(value)
            {}
 
            std::string toString() const;
 
            static DerefAliases fromUintValue(uint8_t value);
 
            // Allow switch and comparisons.
            constexpr operator Value() const
            {
                return m_Value;
            }
 
            // Prevent usage: if(LdapOperationType)
            explicit operator bool() const = delete;
 
        private:
            Value m_Value = DerefAliases::Unknown;
        };
 
        LdapSearchRequestLayer(uint16_t messageId, const std::string& baseObject, SearchRequestScope scope,
                               DerefAliases derefAliases, uint8_t sizeLimit, uint8_t timeLimit, bool typesOnly,
                               Asn1Record* filterRecord, const std::vector<std::string>& attributes,
                               const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        std::string getBaseObject() const;
 
        SearchRequestScope getScope() const;
 
        DerefAliases getDerefAlias() const;
 
        uint8_t getSizeLimit() const;
 
        uint8_t getTimeLimit() const;
 
        bool getTypesOnly() const;
 
        Asn1Record* getFilter() const;
 
        std::vector<std::string> getAttributes() const;
 
        template <typename Method, typename ResultType> bool tryGet(Method method, ResultType& result)
        {
            return internalTryGet(this, method, result);
        }
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        static constexpr int baseObjectIndex = 0;
        static constexpr int scopeIndex = 1;
        static constexpr int derefAliasIndex = 2;
        static constexpr int sizeLimitIndex = 3;
        static constexpr int timeLimitIndex = 4;
        static constexpr int typesOnlyIndex = 5;
        static constexpr int filterIndex = 6;
        static constexpr int attributesIndex = 7;
 
        LdapSearchRequestLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                               Packet* packet)
            : LdapLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
 
        std::string getExtendedInfoString() const override;
    };
 
    class LdapSearchResultEntryLayer : public LdapLayer
    {
    public:
        LdapSearchResultEntryLayer(uint16_t messageId, const std::string& objectName,
                                   const std::vector<LdapAttribute>& attributes,
                                   const std::vector<LdapControl>& controls = std::vector<LdapControl>());
 
        std::string getObjectName() const;
 
        std::vector<LdapAttribute> getAttributes() const;
 
        template <typename Method, typename ResultType> bool tryGet(Method method, ResultType& result)
        {
            return internalTryGet(this, method, result);
        }
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        static constexpr int objectNameIndex = 0;
        static constexpr int attributesIndex = 1;
        static constexpr int attributeTypeIndex = 0;
        static constexpr int attributeValueIndex = 1;
 
        LdapSearchResultEntryLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen,
                                   Layer* prevLayer, Packet* packet)
            : LdapLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
 
    class LdapSearchResultDoneLayer : public LdapResponseLayer
    {
    public:
        LdapSearchResultDoneLayer(uint16_t messageId, LdapResultCode resultCode, const std::string& matchedDN,
                                  const std::string& diagnosticMessage,
                                  const std::vector<std::string>& referral = std::vector<std::string>(),
                                  const std::vector<LdapControl>& controls = std::vector<LdapControl>())
            : LdapResponseLayer(messageId, LdapOperationType::SearchResultDone, resultCode, matchedDN,
                                diagnosticMessage, referral, controls)
        {}
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        LdapSearchResultDoneLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen,
                                  Layer* prevLayer, Packet* packet)
            : LdapResponseLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
 
    class LdapModifyResponseLayer : public LdapResponseLayer
    {
    public:
        LdapModifyResponseLayer(uint16_t messageId, LdapResultCode resultCode, const std::string& matchedDN,
                                const std::string& diagnosticMessage,
                                const std::vector<std::string>& referral = std::vector<std::string>(),
                                const std::vector<LdapControl>& controls = std::vector<LdapControl>())
            : LdapResponseLayer(messageId, LdapOperationType::ModifyResponse, resultCode, matchedDN, diagnosticMessage,
                                referral, controls)
        {}
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        LdapModifyResponseLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                                Packet* packet)
            : LdapResponseLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
 
    class LdapAddResponseLayer : public LdapResponseLayer
    {
    public:
        LdapAddResponseLayer(uint16_t messageId, LdapResultCode resultCode, const std::string& matchedDN,
                             const std::string& diagnosticMessage,
                             const std::vector<std::string>& referral = std::vector<std::string>(),
                             const std::vector<LdapControl>& controls = std::vector<LdapControl>())
            : LdapResponseLayer(messageId, LdapOperationType::AddResponse, resultCode, matchedDN, diagnosticMessage,
                                referral, controls)
        {}
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        LdapAddResponseLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                             Packet* packet)
            : LdapResponseLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
 
    class LdapDeleteResponseLayer : public LdapResponseLayer
    {
    public:
        LdapDeleteResponseLayer(uint16_t messageId, LdapResultCode resultCode, const std::string& matchedDN,
                                const std::string& diagnosticMessage,
                                const std::vector<std::string>& referral = std::vector<std::string>(),
                                const std::vector<LdapControl>& controls = std::vector<LdapControl>())
            : LdapResponseLayer(messageId, LdapOperationType::DeleteResponse, resultCode, matchedDN, diagnosticMessage,
                                referral, controls)
        {}
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        LdapDeleteResponseLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen, Layer* prevLayer,
                                Packet* packet)
            : LdapResponseLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
 
    class LdapModifyDNResponseLayer : public LdapResponseLayer
    {
    public:
        LdapModifyDNResponseLayer(uint16_t messageId, LdapResultCode resultCode, const std::string& matchedDN,
                                  const std::string& diagnosticMessage,
                                  const std::vector<std::string>& referral = std::vector<std::string>(),
                                  const std::vector<LdapControl>& controls = std::vector<LdapControl>())
            : LdapResponseLayer(messageId, LdapOperationType::ModifyDNResponse, resultCode, matchedDN,
                                diagnosticMessage, referral, controls)
        {}
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        LdapModifyDNResponseLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen,
                                  Layer* prevLayer, Packet* packet)
            : LdapResponseLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
 
    class LdapCompareResponseLayer : public LdapResponseLayer
    {
    public:
        LdapCompareResponseLayer(uint16_t messageId, LdapResultCode resultCode, const std::string& matchedDN,
                                 const std::string& diagnosticMessage,
                                 const std::vector<std::string>& referral = std::vector<std::string>(),
                                 const std::vector<LdapControl>& controls = std::vector<LdapControl>())
            : LdapResponseLayer(messageId, LdapOperationType::CompareResponse, resultCode, matchedDN, diagnosticMessage,
                                referral, controls)
        {}
 
    protected:
        friend LdapLayer* LdapLayer::parseLdapMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        LdapCompareResponseLayer(std::unique_ptr<Asn1Record> asn1Record, uint8_t* data, size_t dataLen,
                                 Layer* prevLayer, Packet* packet)
            : LdapResponseLayer(std::move(asn1Record), data, dataLen, prevLayer, packet)
        {}
    };
}  // namespace pcpp
 
inline std::ostream& operator<<(std::ostream& os, const pcpp::LdapControl& control)
{
    os << "{" << control.controlType << ", " << control.controlValue << "}";
    return os;
}
 
inline std::ostream& operator<<(std::ostream& os, const pcpp::LdapAttribute& attr)
{
    os << "{" << attr.type << ", {";
 
    std::string separator;
    for (const auto& value : attr.values)
    {
        os << separator << value;
        if (separator.empty())
        {
            separator = ", ";
        }
    }
 
    os << "}}";
    return os;
}
 
inline std::ostream& operator<<(std::ostream& os,
                                const pcpp::LdapBindRequestLayer::SaslAuthentication& saslAuthentication)
{
    os << "{" << saslAuthentication.mechanism << ", {";
 
    std::string separator;
    for (const auto& value : saslAuthentication.credentials)
    {
        os << separator << "0x" << std::hex << static_cast<int>(value) << std::dec;
        if (separator.empty())
        {
            separator = ", ";
        }
    }
 
    os << "}}";
    return os;
}