Skip to content

Commit

Permalink
Merge branch 'v4' into connectionpool-blacklist
Browse files Browse the repository at this point in the history
  • Loading branch information
@definitelynotagoblin
definitelynotagoblin authored Jan 9, 2025
2 parents d52dc02 + c953260 commit 599e0c9
Show file tree
Hide file tree
Showing 13 changed files with 298 additions and 128 deletions.
3 changes: 2 additions & 1 deletion src/CommonLib/Enums/LDAPProperties.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ public static class LDAPProperties
public const string ServicePack = "operatingsystemservicepack";
public const string DNSHostName = "dnshostname";
public const string LAPSExpirationTime = "mslaps-passwordexpirationtime";
public const string LAPSPassword = "mslaps-password";
public const string LAPSPlaintextPassword = "ms-laps-password";
public const string LAPSEncryptedPassword = "ms-laps-encryptedpassword";
public const string LegacyLAPSExpirationTime = "ms-mcs-admpwdexpirationtime";
public const string LegacyLAPSPassword = "ms-mcs-admpwd";
public const string Members = "member";
Expand Down
10 changes: 5 additions & 5 deletions src/CommonLib/LdapProducerQueryGenerator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,6 @@ public static GeneratedLdapParameters GenerateDefaultPartitionParameters(Collect
};
}

if (methods.HasFlag(CollectionMethod.Group)) {
filter = filter.AddGroups();
properties.AddRange(CommonProperties.GroupResolutionProps);
}

if (methods.IsComputerCollectionSet()) {
filter = filter.AddComputers();
properties.AddRange(CommonProperties.ComputerMethodProps);
Expand All @@ -89,6 +84,11 @@ public static GeneratedLdapParameters GenerateDefaultPartitionParameters(Collect
properties.AddRange(CommonProperties.ComputerMethodProps);
}

if (methods.HasFlag(CollectionMethod.Group)) {
filter = filter.AddGroups();
properties.AddRange(CommonProperties.GroupResolutionProps);
}

return new GeneratedLdapParameters {
Filter = filter,
Attributes = properties.Distinct().ToArray()
Expand Down
57 changes: 32 additions & 25 deletions src/CommonLib/LdapUtils.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,8 +168,8 @@ public IAsyncEnumerable<LdapResult<IDirectoryObject>> PagedQuery(LdapQueryParame
//pass
}

using (var ctx = new PrincipalContext(ContextType.Domain)) {
try {
try {
using (var ctx = new PrincipalContext(ContextType.Domain)) {
var principal = Principal.FindByIdentity(ctx, IdentityType.Sid, sid);
if (principal != null) {
var entry = ((DirectoryEntry)principal.GetUnderlyingObject()).ToDirectoryObject();
Expand All @@ -178,10 +178,11 @@ public IAsyncEnumerable<LdapResult<IDirectoryObject>> PagedQuery(LdapQueryParame
return (true, type);
}
}
} catch {
//pass
}
} catch {
//pass
}


return (false, Label.Base);
}
Expand Down Expand Up @@ -212,8 +213,8 @@ public IAsyncEnumerable<LdapResult<IDirectoryObject>> PagedQuery(LdapQueryParame
//pass
}

using (var ctx = new PrincipalContext(ContextType.Domain)) {
try {
try {
using (var ctx = new PrincipalContext(ContextType.Domain)) {
var principal = Principal.FindByIdentity(ctx, IdentityType.Guid, guid);
if (principal != null) {
var entry = ((DirectoryEntry)principal.GetUnderlyingObject()).ToDirectoryObject();
Expand All @@ -222,10 +223,11 @@ public IAsyncEnumerable<LdapResult<IDirectoryObject>> PagedQuery(LdapQueryParame
return (true, type);
}
}
} catch {
//pass
}
} catch {
//pass
}


return (false, Label.Base);
}
Expand Down Expand Up @@ -313,7 +315,7 @@ public IAsyncEnumerable<LdapResult<IDirectoryObject>> PagedQuery(LdapQueryParame
return (false, null);
}

public async Task<(bool Success, string DomainName)> GetDomainNameFromSid(string sid) {
public virtual async Task<(bool Success, string DomainName)> GetDomainNameFromSid(string sid) {
string domainSid;
try {
domainSid = new SecurityIdentifier(sid).AccountDomainSid?.Value.ToUpper();
Expand Down Expand Up @@ -345,8 +347,8 @@ public IAsyncEnumerable<LdapResult<IDirectoryObject>> PagedQuery(LdapQueryParame
return (true, domainName);
}

using (var ctx = new PrincipalContext(ContextType.Domain)) {
try {
try {
using (var ctx = new PrincipalContext(ContextType.Domain)) {
var principal = Principal.FindByIdentity(ctx, IdentityType.Sid, sid);
if (principal != null) {
var dn = principal.DistinguishedName;
Expand All @@ -355,10 +357,11 @@ public IAsyncEnumerable<LdapResult<IDirectoryObject>> PagedQuery(LdapQueryParame
return (true, Helpers.DistinguishedNameToDomain(dn));
}
}
} catch {
//pass
}
} catch {
//pass
}


return (false, string.Empty);
}
Expand Down Expand Up @@ -405,7 +408,7 @@ public IAsyncEnumerable<LdapResult<IDirectoryObject>> PagedQuery(LdapQueryParame
return (false, string.Empty);
}

public async Task<(bool Success, string DomainSid)> GetDomainSidFromDomainName(string domainName) {
public virtual async Task<(bool Success, string DomainSid)> GetDomainSidFromDomainName(string domainName) {
if (Cache.GetDomainSidMapping(domainName, out var domainSid)) return (true, domainSid);

try {
Expand Down Expand Up @@ -877,8 +880,8 @@ public async Task<bool> IsDomainController(string computerObjectId, string domai
return (true, principal);
}

using (var ctx = new PrincipalContext(ContextType.Domain)) {
try {
try {
using (var ctx = new PrincipalContext(ContextType.Domain)) {
var lookupPrincipal =
Principal.FindByIdentity(ctx, IdentityType.DistinguishedName, distinguishedName);
if (lookupPrincipal != null) {
Expand All @@ -895,12 +898,13 @@ public async Task<bool> IsDomainController(string computerObjectId, string domai
}
}

return (false, default);
} catch {
_unresolvablePrincipals.Add(distinguishedName);
return (false, default);
}
} catch {
_unresolvablePrincipals.Add(distinguishedName);
return (false, default);
}

}

public async Task<(bool Success, string DSHeuristics)> GetDSHueristics(string domain, string dn) {
Expand Down Expand Up @@ -934,7 +938,7 @@ public async IAsyncEnumerable<OutputBase> GetWellKnownPrincipalOutput() {
OutputBase output = principal.ObjectType switch {
Label.User => new User(),
Label.Computer => new Computer(),
Label.Group => new OutputTypes.Group(),
Label.Group => new Group(),
Label.GPO => new GPO(),
Label.Domain => new OutputTypes.Domain(),
Label.OU => new OU(),
Expand All @@ -957,7 +961,7 @@ public async IAsyncEnumerable<OutputBase> GetWellKnownPrincipalOutput() {
yield return entdc;
}
}

private async IAsyncEnumerable<Group> GetEnterpriseDCGroups() {
var grouped = new ConcurrentDictionary<string, List<string>>(StringComparer.OrdinalIgnoreCase);
var forestSidToName = new ConcurrentDictionary<string, string>(StringComparer.OrdinalIgnoreCase);
Expand All @@ -968,7 +972,7 @@ await GetForest(domainName) is (true, var forestName) &&
await GetDomainSidFromDomainName(forestName) is (true, var forestDomainSid)) {
forestSidToName.TryAdd(forestDomainSid, forestName);
if (!grouped.ContainsKey(forestDomainSid)) {
grouped[forestDomainSid] = new List<string>();
grouped[forestDomainSid] = [];
}

foreach (var k in domainSid) {
Expand All @@ -978,10 +982,13 @@ await GetDomainSidFromDomainName(forestName) is (true, var forestDomainSid)) {
}

foreach (var f in grouped) {
var group = new Group { ObjectIdentifier = $"{f.Key}-S-1-5-9" };
group.Properties.Add("name", $"ENTERPRISE DOMAIN CONTROLLERS@{forestSidToName[f.Key]}".ToUpper());
if (!forestSidToName.TryGetValue(f.Key, out var forestName)) {
continue;
}
var group = new Group { ObjectIdentifier = $"{forestName}-S-1-5-9" };
group.Properties.Add("name", $"ENTERPRISE DOMAIN CONTROLLERS@{forestName}".ToUpper());
group.Properties.Add("domainsid", f.Key);
group.Properties.Add("domain", forestSidToName[f.Key]);
group.Properties.Add("domain", forestName);
group.Members = f.Value.Select(x => new TypedPrincipal(x, Label.Computer)).ToArray();
yield return group;
}
Expand Down
1 change: 1 addition & 0 deletions src/CommonLib/OutputTypes/Computer.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ public class Computer : OutputBase
public DCRegistryData DCRegistryData { get; set; } = new();
public ComputerStatus Status { get; set; }
public bool IsDC { get; set; }
public bool UnconstrainedDelegation { get; set; }
public string DomainSID { get; set; }
}

Expand Down
2 changes: 1 addition & 1 deletion src/CommonLib/OutputTypes/DomainTrust.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ public class DomainTrust
public bool IsTransitive { get; set; }
public bool SidFilteringEnabled { get; set; }
public bool TGTDelegationEnabled { get; set; }
public string TrustAttributes { get; set; }
public long TrustAttributes { get; set; }
public TrustDirection TrustDirection { get; set; }
public TrustType TrustType { get; set; }
}
Expand Down
2 changes: 2 additions & 0 deletions src/CommonLib/OutputTypes/User.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,7 @@ public class User : OutputBase
public string PrimaryGroupSID { get; set; }
public TypedPrincipal[] HasSIDHistory { get; set; } = Array.Empty<TypedPrincipal>();
public SPNPrivilege[] SPNTargets { get; set; } = Array.Empty<SPNPrivilege>();
public bool UnconstrainedDelegation { get; set; }
public string DomainSID { get; set; }
}
}
Loading

0 comments on commit 599e0c9

Please sign in to comment.