| | 1 | | using System.Collections.Generic; |
| | 2 | | using System.DirectoryServices.Protocols; |
| | 3 | | using System.Security.Principal; |
| | 4 | | using Microsoft.Extensions.Logging; |
| | 5 | | using SharpHoundCommonLib.Enums; |
| | 6 | | using SharpHoundCommonLib.LDAPQueries; |
| | 7 | | using SharpHoundCommonLib.OutputTypes; |
| | 8 | |
|
| | 9 | | namespace SharpHoundCommonLib.Processors |
| | 10 | | { |
| | 11 | | public class DomainTrustProcessor |
| | 12 | | { |
| | 13 | | private readonly ILogger _log; |
| | 14 | | private readonly ILDAPUtils _utils; |
| | 15 | |
|
| 2 | 16 | | public DomainTrustProcessor(ILDAPUtils utils, ILogger log = null) |
| 2 | 17 | | { |
| 2 | 18 | | _utils = utils; |
| 2 | 19 | | _log = log ?? Logging.LogProvider.CreateLogger("DomainTrustProc"); |
| 2 | 20 | | } |
| | 21 | |
|
| | 22 | | /// <summary> |
| | 23 | | /// Processes domain trusts for a domain object |
| | 24 | | /// </summary> |
| | 25 | | /// <param name="domain"></param> |
| | 26 | | /// <returns></returns> |
| | 27 | | public IEnumerable<DomainTrust> EnumerateDomainTrusts(string domain) |
| 2 | 28 | | { |
| 2 | 29 | | var query = CommonFilters.TrustedDomains; |
| 16 | 30 | | foreach (var result in _utils.QueryLDAP(query, SearchScope.Subtree, CommonProperties.DomainTrustProps, |
| 2 | 31 | | domain)) |
| 5 | 32 | | { |
| 5 | 33 | | var trust = new DomainTrust(); |
| 5 | 34 | | var targetSidBytes = result.GetByteProperty(LDAPProperties.SecurityIdentifier); |
| 5 | 35 | | if (targetSidBytes == null || targetSidBytes.Length == 0) |
| 4 | 36 | | { |
| 4 | 37 | | _log.LogTrace("Trust sid is null or empty for target: {Domain}", domain); |
| 4 | 38 | | continue; |
| | 39 | | } |
| | 40 | |
|
| | 41 | | string sid; |
| | 42 | | try |
| 1 | 43 | | { |
| 1 | 44 | | sid = new SecurityIdentifier(targetSidBytes, 0).Value; |
| 1 | 45 | | } |
| 0 | 46 | | catch |
| 0 | 47 | | { |
| 0 | 48 | | _log.LogTrace("Failed to convert bytes to SID for target: {Domain}", domain); |
| 0 | 49 | | continue; |
| | 50 | | } |
| | 51 | |
|
| 1 | 52 | | trust.TargetDomainSid = sid; |
| | 53 | |
|
| 1 | 54 | | if (int.TryParse(result.GetProperty(LDAPProperties.TrustDirection), out var td)) |
| 1 | 55 | | { |
| 1 | 56 | | trust.TrustDirection = (TrustDirection) td; |
| 1 | 57 | | } |
| | 58 | | else |
| 0 | 59 | | { |
| 0 | 60 | | _log.LogTrace("Failed to convert trustdirection for target: {Domain}", domain); |
| 0 | 61 | | continue; |
| | 62 | | } |
| | 63 | |
|
| | 64 | |
|
| | 65 | | TrustAttributes attributes; |
| | 66 | |
|
| 1 | 67 | | if (int.TryParse(result.GetProperty(LDAPProperties.TrustAttributes), out var ta)) |
| 1 | 68 | | { |
| 1 | 69 | | attributes = (TrustAttributes) ta; |
| 1 | 70 | | } |
| | 71 | | else |
| 0 | 72 | | { |
| 0 | 73 | | _log.LogTrace("Failed to convert trustattributes for target: {Domain}", domain); |
| 0 | 74 | | continue; |
| | 75 | | } |
| | 76 | |
|
| 1 | 77 | | trust.IsTransitive = !attributes.HasFlag(TrustAttributes.NonTransitive); |
| 1 | 78 | | var name = result.GetProperty(LDAPProperties.CanonicalName)?.ToUpper(); |
| 1 | 79 | | if (name != null) |
| 1 | 80 | | trust.TargetDomainName = name; |
| | 81 | |
|
| 1 | 82 | | trust.SidFilteringEnabled = attributes.HasFlag(TrustAttributes.FilterSids); |
| 1 | 83 | | trust.TrustType = TrustAttributesToType(attributes); |
| | 84 | |
|
| 1 | 85 | | yield return trust; |
| 1 | 86 | | } |
| 2 | 87 | | } |
| | 88 | |
|
| | 89 | | public static TrustType TrustAttributesToType(TrustAttributes attributes) |
| 6 | 90 | | { |
| | 91 | | TrustType trustType; |
| | 92 | |
|
| 6 | 93 | | if (attributes.HasFlag(TrustAttributes.WithinForest)) |
| 2 | 94 | | trustType = TrustType.ParentChild; |
| 4 | 95 | | else if (attributes.HasFlag(TrustAttributes.ForestTransitive)) |
| 1 | 96 | | trustType = TrustType.Forest; |
| 3 | 97 | | else if (!attributes.HasFlag(TrustAttributes.WithinForest) && |
| 3 | 98 | | !attributes.HasFlag(TrustAttributes.ForestTransitive)) |
| 3 | 99 | | trustType = TrustType.External; |
| | 100 | | else |
| 0 | 101 | | trustType = TrustType.Unknown; |
| | 102 | |
|
| 6 | 103 | | return trustType; |
| 6 | 104 | | } |
| | 105 | | } |
| | 106 | | } |