Merge branch 'v3' into additionalOUACLs

SpecterOps · Jul 24, 2024 · e3ebe45 · e3ebe45
2 parents eb3af9a + ea6b097
commit e3ebe45
Show file tree

Hide file tree

Showing 19 changed files with 712 additions and 266 deletions.
diff --git a/src/CommonLib/Cache.cs b/src/CommonLib/Cache.cs
@@ -50,7 +50,7 @@ private Cache()
         /// </summary>
         /// <param name="key"></param>
         /// <param name="value"></param>
-        internal static void AddSidToDomain(string key, string value)
+        internal static void AddDomainSidMapping(string key, string value)
         {
             CacheInstance?.SIDToDomainCache.TryAdd(key, value);
         }

diff --git a/src/CommonLib/DomainInfo.cs b/src/CommonLib/DomainInfo.cs
@@ -0,0 +1,20 @@
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.DirectoryServices.Protocols;
+
+namespace SharpHoundCommonLib
+{
+    public class DomainInfo
+    {
+        public string DomainSID { get; set; }
+        public string DomainFQDN { get; set; }
+        public string DomainSearchBase { get; set; }
+        public string DomainConfigurationPath { get; set; }
+        public string DomainNetbiosName { get; set; }
+
+        public override string ToString()
+        {
+            return $"{nameof(DomainSID)}: {DomainSID}, {nameof(DomainFQDN)}: {DomainFQDN}, {nameof(DomainSearchBase)}: {DomainSearchBase}, {nameof(DomainConfigurationPath)}: {DomainConfigurationPath}, {nameof(DomainNetbiosName)}: {DomainNetbiosName}";
+        }
+    }
+}
diff --git a/src/CommonLib/Enums/LdapErrorCodes.cs b/src/CommonLib/Enums/LdapErrorCodes.cs
@@ -5,6 +5,7 @@ public enum LdapErrorCodes : int
         Success = 0,
         Busy = 51,
         ServerDown = 81,
-        LocalError = 82
+        LocalError = 82,
+        KerberosAuthType = 83
     }
 }
diff --git a/src/CommonLib/Exceptions/LdapAuthenticationException.cs b/src/CommonLib/Exceptions/LdapAuthenticationException.cs
@@ -0,0 +1,12 @@
+using System;
+using System.DirectoryServices.Protocols;
+
+namespace SharpHoundCommonLib.Exceptions
+{
+    public class LdapAuthenticationException : Exception
+    {
+        public LdapAuthenticationException(LdapException exception) : base("Error authenticating to LDAP", exception)
+        {
+        }
+    }
+}
diff --git a/src/CommonLib/Exceptions/LdapConnectionException.cs b/src/CommonLib/Exceptions/LdapConnectionException.cs
@@ -0,0 +1,14 @@
+using System;
+using System.DirectoryServices.Protocols;
+
+namespace SharpHoundCommonLib.Exceptions
+{
+    public class LdapConnectionException : Exception
+    {
+        public int ErrorCode { get; }
+        public LdapConnectionException(LdapException innerException) : base("Failed during ldap connection tests", innerException)
+        {
+            ErrorCode = innerException.ErrorCode;
+        }
+    }
+}
diff --git a/src/CommonLib/Exceptions/NoLdapDataException.cs b/src/CommonLib/Exceptions/NoLdapDataException.cs
@@ -0,0 +1,13 @@
+using System;
+
+namespace SharpHoundCommonLib.Exceptions
+{
+    public class NoLdapDataException : Exception
+    {
+        public int ErrorCode { get; set; }
+        public NoLdapDataException(int errorCode)
+        {
+            ErrorCode = errorCode;
+        }
+    }
+}
diff --git a/src/CommonLib/Extensions.cs b/src/CommonLib/Extensions.cs
@@ -9,6 +9,8 @@
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using SharpHoundCommonLib.Enums;
+using SharpHoundCommonLib.LDAPQueries;
+using SearchScope = System.DirectoryServices.Protocols.SearchScope;
 
 namespace SharpHoundCommonLib
 {

diff --git a/src/CommonLib/ILDAPUtils.cs b/src/CommonLib/ILDAPUtils.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using System.DirectoryServices.ActiveDirectory;
 using System.DirectoryServices.Protocols;
+using System.Security.Principal;
 using System.Threading;
 using System.Threading.Tasks;
 using SharpHoundCommonLib.Enums;
@@ -41,6 +42,9 @@ public interface ILDAPUtils
         string GetSidFromDomainName(string domainName);
         string ConvertWellKnownPrincipal(string sid, string domain);
         bool GetWellKnownPrincipal(string sid, string domain, out TypedPrincipal commonPrincipal);
+
+        bool ConvertLocalWellKnownPrincipal(SecurityIdentifier sid, string computerDomainSid, string computerDomain,
+            out TypedPrincipal principal);
         Domain GetDomain(string domainName = null);
         void AddDomainController(string domainControllerSID);
         IEnumerable<OutputBase> GetWellKnownPrincipalOutput(string domain);

diff --git a/src/CommonLib/LDAPConfig.cs b/src/CommonLib/LDAPConfig.cs
@@ -8,14 +8,25 @@ public class LDAPConfig
         public string Password { get; set; } = null;
         public string Server { get; set; } = null;
         public int Port { get; set; } = 0;
-        public bool SSL { get; set; } = false;
+        public bool ForceSSL { get; set; } = false;
         public bool DisableSigning { get; set; } = false;
         public bool DisableCertVerification { get; set; } = false;
         public AuthType AuthType { get; set; } = AuthType.Kerberos;
 
-        public int GetPort()
+        //Returns the port for connecting to LDAP. Will always respect a user's overridden config over anything else
+        public int GetPort(bool ssl)
         {
-            return Port == 0 ? SSL ? 636 : 389 : Port;
+            if (Port != 0)
+            {
+                return Port;
+            }
+
+            return ssl ? 636 : 389;
+        }
+
+        public int GetGCPort(bool ssl)
+        {
+            return ssl ? 3269 : 3268;
         }
     }
 }
diff --git a/src/CommonLib/LDAPConnectionCacheKey.cs b/src/CommonLib/LDAPConnectionCacheKey.cs
@@ -0,0 +1,36 @@
+namespace SharpHoundCommonLib
+{
+    public class LDAPConnectionCacheKey
+    {
+        public bool GlobalCatalog { get; }
+        public string Domain { get; }
+        public string Server { get; set; }
+
+        public LDAPConnectionCacheKey(string domain, bool globalCatalog)
+        {
+            GlobalCatalog = globalCatalog;
+            Domain = domain;
+        }
+
+        protected bool Equals(LDAPConnectionCacheKey other)
+        {
+            return GlobalCatalog == other.GlobalCatalog && Domain == other.Domain;
+        }
+
+        public override bool Equals(object obj)
+        {
+            if (ReferenceEquals(null, obj)) return false;
+            if (ReferenceEquals(this, obj)) return true;
+            if (obj.GetType() != this.GetType()) return false;
+            return Equals((LDAPConnectionCacheKey)obj);
+        }
+
+        public override int GetHashCode()
+        {
+            unchecked
+            {
+                return (GlobalCatalog.GetHashCode() * 397) ^ (Domain != null ? Domain.GetHashCode() : 0);
+            }
+        }
+    }
+}
diff --git a/src/CommonLib/LDAPProperties.cs b/src/CommonLib/LDAPProperties.cs
@@ -69,5 +69,10 @@ public static class LDAPProperties
         public const string CertificateTemplates = "certificatetemplates";
         public const string CrossCertificatePair = "crosscertificatepair";
         public const string Flags = "flags";
+        public const string RootDomainNamingContext = "rootdomainnamingcontext";
+        public const string ConfigurationNamingContext = "configurationnamingcontext";
+        public const string NetbiosName = "netbiosName";
+        public const string DnsRoot = "dnsroot";
+        public const string ServerName = "servername";
     }
 }