Skip to content

Commit

Permalink
Refactor the LDAP injection servlet
Browse files Browse the repository at this point in the history
  • Loading branch information
@k-tamura
k-tamura committed Feb 16, 2017
1 parent cd3c8ed commit 8c84f60
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 47 deletions.
53 changes: 9 additions & 44 deletions src/main/java/org/t246osslab/easybuggy/servers/EmbeddedADS.java
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,11 @@
package org.t246osslab.easybuggy.servers;

import java.util.HashSet;

import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.DefaultDirectoryService;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.entry.ServerEntry;
import org.apache.directory.server.core.partition.Partition;
import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex;
import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
import org.apache.directory.server.xdbm.Index;
import org.apache.directory.shared.ldap.name.LdapDN;

/**
Expand All @@ -32,21 +28,17 @@ public EmbeddedADS() throws Exception {
service.getChangeLog().setEnabled(false);
service.setDenormalizeOpAttrsEnabled(true);

// then the system partition
// this is a MANDATORY partition
// Add system partition
Partition systemPartition = addPartition("system", ServerDNConstants.SYSTEM_DN);
service.setSystemPartition(systemPartition);

// Now we can create as many partitions as we need
// Add root partition
Partition t246osslabPartition = addPartition("t246osslab", "dc=t246osslab,dc=org");

// Index some attributes on the apache partition
addIndex(t246osslabPartition, "objectClass", "ou", "uid");

// Start up the service
service.startup();

// Inject the foo root entry if it does not already exist
// Add the root entry if it does not exist
try {
service.getAdminSession().lookup(t246osslabPartition.getSuffixDn());
} catch (Exception lnnfe) {
Expand All @@ -58,7 +50,7 @@ public EmbeddedADS() throws Exception {
service.getAdminSession().add(entryBar);
}

// add the people and groups entries
// add the people entries
LdapDN peopleDn = new LdapDN("ou=people,dc=t246osslab,dc=org");
if (!service.getAdminSession().exists(peopleDn)) {
ServerEntry e = service.newEntry(peopleDn);
Expand All @@ -67,14 +59,6 @@ public EmbeddedADS() throws Exception {
service.getAdminSession().add(e);
}

LdapDN groupsDn = new LdapDN("ou=groups,dc=t246osslab,dc=org");
if (!service.getAdminSession().exists(groupsDn)) {
ServerEntry e = service.newEntry(groupsDn);
e.add("objectClass", "organizationalUnit");
e.add("ou", "groups");
service.getAdminSession().add(e);
}

// add sample users
addUser("Mark", "password", "57249037993");
addUser("David", "p@s2w0rd", "42368923031");
Expand All @@ -83,11 +67,11 @@ public EmbeddedADS() throws Exception {
}

/**
* Add a new partition to the server
* Add a partition to the server
*
* @param partitionId The partition Id
* @param partitionDn The partition DN
* @return The newly added partition
* @return The added partition
* @throws Exception If the partition can't be added
*/
private Partition addPartition(String partitionId, String partitionDn) throws Exception {
Expand All @@ -96,41 +80,22 @@ private Partition addPartition(String partitionId, String partitionDn) throws Ex
partition.setId(partitionId);
partition.setSuffix(partitionDn);
service.addPartition(partition);

return partition;
}

/**
* Add a new set of index on the given attributes
*
* @param partition The partition on which we want to add index
* @param attrs The list of attributes to index
*/
private void addIndex(Partition partition, String... attrs) {
// Index some attributes on the apache partition
HashSet<Index<?, ServerEntry>> indexedAttributes = new HashSet<Index<?, ServerEntry>>();

for (String attribute : attrs) {
indexedAttributes.add(new JdbmIndex<String, ServerEntry>(attribute));
}

((JdbmPartition) partition).setIndexedAttributes(indexedAttributes);
}

private void addUser(String username, String passwd, String secretNumber) throws Exception {
LdapDN dn = new LdapDN("uid=" + username + ",ou=people,dc=t246osslab,dc=org");
if (!service.getAdminSession().exists(dn)) {
ServerEntry e = service.newEntry(dn);
e.add("objectClass", "person", "inetOrgPerson");
e.add("uid", username);
e.add("givenName", username);
e.add("sn", username);
e.add("cn", username);
e.add("displayName", username);
e.add("userPassword", passwd.getBytes());
e.add("employeeNumber", secretNumber);
e.add("sn", "Not use");
e.add("cn", "Not use");
e.add("givenName", "Not use");
service.getAdminSession().add(e);
}
}

}
13 changes: 10 additions & 3 deletions src/main/java/org/t246osslab/easybuggy/vulnerabilities/LDAPInjectionServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,17 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
new LdapDN("ou=people,dc=t246osslab,dc=org"), SearchScope.SUBTREE,
FilterParser.parse("(&(uid=" + name.trim() + ")(userPassword=" + password.trim() + "))"),
AliasDerefMode.NEVER_DEREF_ALIASES, null);
bodyHtml.append(MessageUtils.getMsg("user.table.column.names", req.getLocale()) + "<BR>");
boolean isExist = false;
for (ClonedServerEntry e : cursor) {
bodyHtml.append( e.get("displayName").getString() + ", " + e.get("employeeNumber").getString() + "<BR>");
if (!isExist) {
isExist = true;
bodyHtml.append(MessageUtils.getMsg("user.table.column.names", req.getLocale()) + "<BR>");
}
bodyHtml.append(e.get("displayName").getString() + ", " + e.get("employeeNumber").getString()
+ "<BR>");
}
if (!isExist) {
bodyHtml.append(MessageUtils.getMsg("msg.error.user.not.exist", req.getLocale()));
}
cursor.close();
} else {
Expand All @@ -81,4 +89,3 @@ protected void service(HttpServletRequest req, HttpServletResponse res) throws S
}
}
}

0 comments on commit 8c84f60

Please sign in to comment.