[LDAP] Add custom cbt_value

impacket/ldap/ldap.py

@@ -104,6 +104,7 @@ def __init__(self, url, baseDN='', dstIp=None, signing=True):
             raise LDAPSessionError(errorString="Unknown URL prefix: '%s'" % url)
 
         self.__binded = False
+        self.__channel_binding_value = None
 
         ### SASL Auth LDAP Signing arguments
         self.sequenceNumber = 0
@@ -141,26 +142,25 @@ def __init__(self, url, baseDN='', dstIp=None, signing=True):
             self._socket.connect(sa)
             self._socket.do_handshake()
 
-    def generateChannelBindingValue(self):
-        # From: https://github.com/ly4k/ldap3/commit/87f5760e5a68c2f91eac8ba375f4ea3928e2b9e0#diff-c782b790cfa0a948362bf47d72df8ddd6daac12e5757afd9d371d89385b27ef6R1383
-        from hashlib import md5
-        # Ugly but effective, to get the digest of the X509 DER in bytes
-        peer_cert_digest_str = self._socket.get_peer_certificate().digest('sha256').decode()
-        peer_cert_digest_bytes = bytes.fromhex(peer_cert_digest_str.replace(':', ''))
-
-        channel_binding_struct = b''
-        initiator_address = b'\x00'*8
-        acceptor_address = b'\x00'*8
-
-        # https://datatracker.ietf.org/doc/html/rfc5929#section-4
-        application_data_raw = b'tls-server-end-point:' + peer_cert_digest_bytes
-        len_application_data = len(application_data_raw).to_bytes(4, byteorder='little', signed = False)
-        application_data = len_application_data
-        application_data += application_data_raw
-        channel_binding_struct += initiator_address
-        channel_binding_struct += acceptor_address
-        channel_binding_struct += application_data
-        return md5(channel_binding_struct).digest()
+            # From: https://github.com/ly4k/ldap3/commit/87f5760e5a68c2f91eac8ba375f4ea3928e2b9e0#diff-c782b790cfa0a948362bf47d72df8ddd6daac12e5757afd9d371d89385b27ef6R1383
+            from hashlib import md5
+            # Ugly but effective, to get the digest of the X509 DER in bytes
+            peer_cert_digest_str = self._socket.get_peer_certificate().digest('sha256').decode()
+            peer_cert_digest_bytes = bytes.fromhex(peer_cert_digest_str.replace(':', ''))
+
+            channel_binding_struct = b''
+            initiator_address = b'\x00'*8
+            acceptor_address = b'\x00'*8
+
+            # https://datatracker.ietf.org/doc/html/rfc5929#section-4
+            application_data_raw = b'tls-server-end-point:' + peer_cert_digest_bytes
+            len_application_data = len(application_data_raw).to_bytes(4, byteorder='little', signed = False)
+            application_data = len_application_data
+            application_data += application_data_raw
+            channel_binding_struct += initiator_address
+            channel_binding_struct += acceptor_address
+            channel_binding_struct += application_data
+            self.__channel_binding_value = md5(channel_binding_struct).digest()
 
     def kerberosLogin(self, user, password, domain='', lmhash='', nthash='', aesKey='', kdcHost=None, TGT=None,
                       TGS=None, useCache=True):
@@ -268,8 +268,8 @@ def kerberosLogin(self, user, password, domain='', lmhash='', nthash='', aesKey=
 
         # If TLS is used, setup channel binding
 
-        if self._SSL:
-            chkField['Bnd'] = self.generateChannelBindingValue()
+        if self._SSL and self.__channel_binding_value is not None:
+            chkField['Bnd'] = self.__channel_binding_value
         if self.__signing:
             chkField['Flags'] |= GSS_C_CONF_FLAG
             chkField['Flags'] |= GSS_C_INTEG_FLAG
@@ -372,8 +372,8 @@ def login(self, user='', password='', domain='', lmhash='', nthash='', authentic
 
             # If TLS is used, setup channel binding
             channel_binding_value = b''
-            if self._SSL:
-                channel_binding_value = self.generateChannelBindingValue()
+            if self._SSL and self.__channel_binding_value is not None:
+                channel_binding_value = self.__channel_binding_value
 
             # NTLM Auth
             type3, exportedSessionKey = getNTLMSSPType3(negotiate, bytes(type2), user, password, domain, lmhash, nthash, channel_binding_value=channel_binding_value)
@@ -418,8 +418,8 @@ def login(self, user='', password='', domain='', lmhash='', nthash='', authentic
 
             # channel binding
             channel_binding_value = b''
-            if self._SSL:
-                channel_binding_value = self.generateChannelBindingValue()
+            if self._SSL and self.__channel_binding_value is not None:
+                channel_binding_value = self.__channel_binding_value
 
             # NTLM Auth
             type3, exportedSessionKey = getNTLMSSPType3(negotiate, type2, user, password, domain, lmhash, nthash, service='ldap', version=self.version, use_ntlmv2=True, channel_binding_value=channel_binding_value)