refactor: 重构SMB和LDAP插件使用统一发包控制

- 修改SMB插件，在testCredential和identifyService中添加发包控制 - 修改LDAP插件，在connectLDAP中添加发包控制和包计数 - 统一包计数逻辑，确保TCP连接成功和失败都正确计数 - 保持现有功能不变，提升网络操作一致性
2025-09-14 14:06:44 +08:00 · 2025-09-02 11:48:52 +00:00 · 2025-09-02 11:48:52 +00:00 · 1febb54fe6
commit 1febb54fe6
parent f8c8f3d1eb
2 changed files with 50 additions and 2 deletions
--- a/plugins/services/ldap.go
+++ b/plugins/services/ldap.go
@ -84,17 +84,46 @@ func (p *LDAPPlugin) testCredential(ctx context.Context, info *common.HostInfo,
 }

 func (p *LDAPPlugin) connectLDAP(ctx context.Context, info *common.HostInfo, creds plugins.Credential) (*ldaplib.Conn, error) {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("LDAP连接 %s:%s 受限: %s", info.Host, info.Ports, reason))
+		return nil, fmt.Errorf("发包受限: %s", reason)
+	}
+	
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
 	
+	var conn *ldaplib.Conn
+	var err error
+	
 	if info.Ports == "636" {
-		return ldaplib.DialTLS("tcp", target, nil)
+		conn, err = ldaplib.DialTLS("tcp", target, nil)
+	} else {
+		conn, err = ldaplib.Dial("tcp", target)
 	}
-	return ldaplib.Dial("tcp", target)
+	
+	// 统计包数量
+	if err != nil {
+		common.IncrementTCPFailedPacketCount()
+	} else {
+		common.IncrementTCPSuccessPacketCount()
+	}
+	
+	return conn, err
 }

 func (p *LDAPPlugin) identifyService(ctx context.Context, info *common.HostInfo) *plugins.Result {
 	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)

+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("LDAP识别 %s 受限: %s", target, reason))
+		return &plugins.Result{
+			Success: false,
+			Service: "ldap",
+			Error:   fmt.Errorf("发包受限: %s", reason),
+		}
+	}
+
 	conn, err := p.connectLDAP(ctx, info, plugins.Credential{})
 	if err != nil {
 		return &plugins.Result{
--- a/plugins/services/smb.go
+++ b/plugins/services/smb.go
@ -105,6 +105,12 @@ func (p *SmbPlugin) Scan(ctx context.Context, info *common.HostInfo) *ScanResult

 // testCredential 测试单个凭据
 func (p *SmbPlugin) testCredential(ctx context.Context, info *common.HostInfo, cred Credential) bool {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		common.LogError(fmt.Sprintf("SMB连接 %s:%s 受限: %s", info.Host, info.Ports, reason))
+		return false
+	}
+	
 	options := smb.Options{
 		Host:        info.Host,
 		Port:        445,
@ -124,8 +130,10 @@ func (p *SmbPlugin) testCredential(ctx context.Context, info *common.HostInfo, c
 		session, err := smb.NewSession(options, false)
 		if err == nil {
 			defer session.Close()
+			common.IncrementTCPSuccessPacketCount()
 			resultChan <- session.IsAuthenticated
 		} else {
+			common.IncrementTCPFailedPacketCount()
 			resultChan <- false
 		}
 	}()
@ -199,6 +207,17 @@ func (p *SmbPlugin) testShareAccess(ctx context.Context, info *common.HostInfo,

 // identifyService 服务识别
 func (p *SmbPlugin) identifyService(ctx context.Context, info *common.HostInfo) *ScanResult {
+	// 检查发包限制
+	if canSend, reason := common.CanSendPacket(); !canSend {
+		target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+		common.LogError(fmt.Sprintf("SMB识别 %s 受限: %s", target, reason))
+		return &ScanResult{
+			Success: false,
+			Service: "smb",
+			Error:   fmt.Errorf("发包受限: %s", reason),
+		}
+	}
+	
 	if p.testCredential(ctx, info, Credential{Username: "", Password: ""}) {
 		target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
 		banner := "SMB文件共享服务"