Add and use a generic LDAP entry cache

Author: zeroSteiner

Gemfile.lock

@@ -41,6 +41,7 @@ PATH
       irb (~> 1.7.4)
       jsobfu
       json
+      lru_redux
       metasm
       metasploit-concern
       metasploit-credential
@@ -303,6 +304,7 @@ GEM
     loofah (2.24.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
+    lru_redux (1.1.0)
     memory_profiler (1.1.0)
     metasm (1.0.5)
     metasploit-concern (5.0.4)

lib/msf/core/exploit/remote/ldap/active_directory.rb

@@ -7,6 +7,7 @@ module Msf
   module Exploit::Remote::LDAP
     module ActiveDirectory
       include Msf::Exploit::Remote::LDAP
+      include Msf::Exploit::Remote::LDAP::EntryCache
 
       LDAP_CAP_ACTIVE_DIRECTORY_OID = '1.2.840.113556.1.4.800'.freeze
       LDAP_SERVER_SD_FLAGS_OID = '1.2.840.113556.1.4.801'.freeze
@@ -174,41 +175,38 @@ def adds_query_member_groups(ldap, member_dn, base_dn: nil, inherited: true)
       end
 
       def adds_get_object_by_dn(ldap, object_dn)
-        @ldap_objects ||= []
-        object = @ldap_objects.find { |o| o[:dN]&.first == object_dn }
+        object = ldap_entry_cache.get_by_dn(object_dn)
         return object if object
 
         object = ldap.search(base: object_dn, controls: [adds_build_ldap_sd_control], scope: Net::LDAP::SearchScope_BaseObject)&.first
         validate_query_result!(ldap.get_operation_result.table)
 
-        @ldap_objects << object if object
+        ldap_entry_cache << object if object
         object
       end
 
       def adds_get_object_by_samaccountname(ldap, object_samaccountname)
-        @ldap_objects ||= []
-        object = @ldap_objects.find { |o| o[:sAMAccountName]&.first == object_samaccountname }
+        object = ldap_entry_cache.get_by_samaccountname(object_samaccountname)
         return object if object
 
         filter = "(sAMAccountName=#{ldap_escape_filter(object_samaccountname)})"
         object = ldap.search(base: ldap.base_dn, controls: [adds_build_ldap_sd_control], filter: filter)&.first
         validate_query_result!(ldap.get_operation_result.table, filter)
 
-        @ldap_objects << object if object
+        ldap_entry_cache << object if object
         object
       end
 
       def adds_get_object_by_sid(ldap, object_sid)
-        @ldap_objects ||= []
         object_sid = Rex::Proto::MsDtyp::MsDtypSid.new(object_sid)
-        object = @ldap_objects.find { |o| o[:objectSid]&.first == object_sid.to_binary_s }
+        object = ldap_entry_cache.get_by_sid(object_sid)
         return object if object
 
         filter = "(objectSID=#{ldap_escape_filter(object_sid.to_s)})"
         object = ldap.search(base: ldap.base_dn, controls: [adds_build_ldap_sd_control], filter: filter)&.first
         validate_query_result!(ldap.get_operation_result.table, filter)
 
-        @ldap_objects << object if object
+        ldap_entry_cache << object if object
         object
       end
 
@@ -228,11 +226,10 @@ def adds_get_current_user(ldap)
       # @param [Net::LDAP::Connection] ldap The LDAP connection to use for querying.
       # @rtype [Hash]
       def adds_get_domain_info(ldap)
-        @ldap_objects ||= []
         domain_object = ldap.search(base: ldap.base_dn, filter: '(objectClass=domain)', return_result: true)&.first
         return nil unless domain_object
 
-        @ldap_objects << domain_object
+        ldap_entry_cache << domain_object
         domain_sid = Rex::Proto::MsDtyp::MsDtypSid.read(domain_object[:objectSid].first)
 
         root_dse = ldap.search(
@@ -249,7 +246,7 @@ def adds_get_domain_info(ldap)
         return nil unless xrefs&.length == 1
 
         xref = xrefs.first
-        @ldap_objects << xref
+        ldap_entry_cache << xref
 
         {
           netbios_name: xref[:nETBIOSName].first.to_s,

lib/msf/core/exploit/remote/ldap/entry_cache.rb

@@ -0,0 +1,42 @@
+require 'lru_redux'
+
+module Msf
+  ###
+  #
+  # This module exposes methods for querying a remote LDAP service
+  #
+  ###
+  module Exploit::Remote::LDAP
+    module EntryCache
+      class LDAPEntryCache < LruRedux::Cache
+        def <<(entry)
+          raise TypeError unless entry.is_a? Net::LDAP::Entry
+
+          self[entry.dn] = entry
+        end
+
+        def get_by_dn(dn)
+          self[dn]
+        end
+
+        def get_by_samaccountname(samaccountname)
+          entry = @data.values.reverse_each.find { _1[:sAMAccountName]&.first == samaccountname }
+          @data[entry.dn] = entry if entry # update it as recently used
+          entry
+        end
+
+        def get_by_sid(sid)
+          sid = Rex::Proto::MsDtyp::MsDtypSid.new(sid)
+
+          entry = @data.values.reverse_each.find { _1[:objectSid]&.first == sid.to_binary_s  }
+          @data[entry.dn] = entry if entry # update it as recently used
+          entry
+        end
+      end
+
+      def ldap_entry_cache
+        @ldap_entry_cache ||= LDAPEntryCache.new(1000)
+      end
+    end
+  end
+end

metasploit-framework.gemspec

@@ -258,6 +258,9 @@ Gem::Specification.new do |spec|
   # Needed to parse sections of ELF files in order to retrieve symbols
   spec.add_runtime_dependency 'elftools'
 
+  # Needed for generic in-memory cachine
+  spec.add_runtime_dependency 'lru_redux'
+
   # Standard libraries: https://www.ruby-lang.org/en/news/2023/12/25/ruby-3-3-0-released/
   %w[
     abbrev