< Summary

Class:SharpHoundCommonLib.Processors.DomainTrustProcessor
Assembly:SharpHoundCommonLib
File(s):D:\a\SharpHoundCommon\SharpHoundCommon\src\CommonLib\Processors\DomainTrustProcessor.cs
Covered lines:54
Uncovered lines:10
Coverable lines:64
Total lines:115
Line coverage:84.3% (54 of 64)
Covered branches:33
Total branches:51
Branch coverage:64.7% (33 of 51)

Metrics

MethodBranch coverage Cyclomatic complexity NPath complexity Sequence coverage
.ctor(...)100%20100%
EnumerateDomainTrusts()60.97%41081.25%
TrustAttributesToType(...)75%8090.9%

File(s)

D:\a\SharpHoundCommon\SharpHoundCommon\src\CommonLib\Processors\DomainTrustProcessor.cs

#LineLine coverage
 1using System.Collections.Generic;
 2using System.DirectoryServices.Protocols;
 3using System.Security.Principal;
 4using Microsoft.Extensions.Logging;
 5using SharpHoundCommonLib.Enums;
 6using SharpHoundCommonLib.LDAPQueries;
 7using SharpHoundCommonLib.OutputTypes;
 8
 9namespace SharpHoundCommonLib.Processors
 10{
 11    public class DomainTrustProcessor
 12    {
 13        private readonly ILogger _log;
 14        private readonly ILdapUtils _utils;
 15
 216        public DomainTrustProcessor(ILdapUtils utils, ILogger log = null)
 217        {
 218            _utils = utils;
 219            _log = log ?? Logging.LogProvider.CreateLogger("DomainTrustProc");
 220        }
 21
 22        /// <summary>
 23        ///     Processes domain trusts for a domain object
 24        /// </summary>
 25        /// <param name="domain"></param>
 26        /// <returns></returns>
 27        public async IAsyncEnumerable<DomainTrust> EnumerateDomainTrusts(string domain)
 228        {
 229            _log.LogDebug("Running trust enumeration for {Domain}", domain);
 1630            await foreach (var result in _utils.Query(new LdapQueryParameters {
 231                                   LDAPFilter = CommonFilters.TrustedDomains,
 232                                   Attributes = CommonProperties.DomainTrustProps,
 233                                   DomainName = domain
 234                               }))
 535            {
 536                if (!result.IsSuccess) {
 037                    yield break;
 38                }
 39
 540                var entry = result.Value;
 541                var trust = new DomainTrust();
 942                if (!entry.TryGetByteProperty(LDAPProperties.SecurityIdentifier, out var targetSidBytes) || targetSidByt
 443                    _log.LogDebug("Trust sid is null or empty for target: {Domain}", domain);
 444                    continue;
 45                }
 46
 47                string sid;
 48                try
 149                {
 150                    sid = new SecurityIdentifier(targetSidBytes, 0).Value;
 151                }
 052                catch
 053                {
 054                    _log.LogTrace("Failed to convert bytes to SID for target: {Domain}", domain);
 055                    continue;
 56                }
 57
 158                trust.TargetDomainSid = sid;
 59
 160                if (!entry.TryGetLongProperty(LDAPProperties.TrustDirection, out var td)) {
 061                    _log.LogTrace("Failed to convert trustdirection for target: {Domain}", domain);
 062                    continue;
 63                }
 64
 165                trust.TrustDirection = (TrustDirection) td;
 66
 67                TrustAttributes attributes;
 68
 169                if (!entry.TryGetLongProperty(LDAPProperties.TrustAttributes, out var ta)) {
 070                    _log.LogTrace("Failed to convert trustattributes for target: {Domain}", domain);
 071                    continue;
 72                }
 73
 174                trust.TrustAttributes = ta.ToString();
 175                attributes = (TrustAttributes) ta;
 76
 177                trust.IsTransitive = !attributes.HasFlag(TrustAttributes.NonTransitive);
 278                if (entry.TryGetProperty(LDAPProperties.CanonicalName, out var cn)) {
 179                    trust.TargetDomainName = cn.ToUpper();
 180                }
 81
 182                trust.SidFilteringEnabled =
 183                    attributes.HasFlag(TrustAttributes.QuarantinedDomain) ||
 184                    (attributes.HasFlag(TrustAttributes.ForestTransitive) &&
 185                    !attributes.HasFlag(TrustAttributes.TreatAsExternal));
 86
 187                trust.TGTDelegationEnabled =
 188                    !attributes.HasFlag(TrustAttributes.QuarantinedDomain) &&
 189                    (attributes.HasFlag(TrustAttributes.WithinForest) ||
 190                    attributes.HasFlag(TrustAttributes.CrossOrganizationEnableTGTDelegation));
 91
 192                trust.TrustType = TrustAttributesToType(attributes);
 93
 194                yield return trust;
 195            }
 296        }
 97
 98        public static TrustType TrustAttributesToType(TrustAttributes attributes)
 699        {
 100            TrustType trustType;
 101
 6102            if (attributes.HasFlag(TrustAttributes.WithinForest))
 2103                trustType = TrustType.ParentChild;
 4104            else if (attributes.HasFlag(TrustAttributes.ForestTransitive))
 1105                trustType = TrustType.Forest;
 3106            else if (!attributes.HasFlag(TrustAttributes.WithinForest) &&
 3107                     !attributes.HasFlag(TrustAttributes.ForestTransitive))
 3108                trustType = TrustType.External;
 109            else
 0110                trustType = TrustType.Unknown;
 111
 6112            return trustType;
 6113        }
 114    }
 115}
Generated by: ReportGenerator 4.8.9.0
10/18/2024 - 4:24:13 PM
GitHub | www.palmmedia.de

Methods/Properties

.ctor(SharpHoundCommonLib.ILdapUtils,Microsoft.Extensions.Logging.ILogger)
EnumerateDomainTrusts()
TrustAttributesToType(SharpHoundCommonLib.Enums.TrustAttributes)