| | 1 | | using System; |
| | 2 | | using System.Collections.Generic; |
| | 3 | | using System.Linq; |
| | 4 | | using System.Security.Principal; |
| | 5 | | using Microsoft.Extensions.Logging; |
| | 6 | | using SharpHoundCommonLib.Enums; |
| | 7 | | using SharpHoundCommonLib.OutputTypes; |
| | 8 | |
|
| | 9 | | namespace SharpHoundCommonLib.Processors |
| | 10 | | { |
| | 11 | | public class GroupProcessor |
| | 12 | | { |
| | 13 | | private readonly ILogger _log; |
| | 14 | | private readonly ILDAPUtils _utils; |
| | 15 | |
|
| 7 | 16 | | public GroupProcessor(ILDAPUtils utils, ILogger log = null) |
| 7 | 17 | | { |
| 7 | 18 | | _utils = utils; |
| 7 | 19 | | _log = log ?? Logging.LogProvider.CreateLogger("GroupProc"); |
| 7 | 20 | | } |
| | 21 | |
|
| | 22 | | public IEnumerable<TypedPrincipal> ReadGroupMembers(ResolvedSearchResult result, ISearchResultEntry entry) |
| 0 | 23 | | { |
| 0 | 24 | | var members = entry.GetArrayProperty(LDAPProperties.Members); |
| 0 | 25 | | var name = result.DisplayName; |
| 0 | 26 | | var dn = entry.DistinguishedName; |
| | 27 | |
|
| 0 | 28 | | return ReadGroupMembers(dn, members, name); |
| 0 | 29 | | } |
| | 30 | |
|
| | 31 | | /// <summary> |
| | 32 | | /// Processes the "member" property of groups and converts the resulting list of distinguishednames to Typed |
| | 33 | | /// </summary> |
| | 34 | | /// <param name="distinguishedName"></param> |
| | 35 | | /// <param name="members"></param> |
| | 36 | | /// <param name="objectName"></param> |
| | 37 | | /// <returns></returns> |
| | 38 | | public IEnumerable<TypedPrincipal> ReadGroupMembers(string distinguishedName, string[] members, |
| | 39 | | string objectName = "") |
| 2 | 40 | | { |
| | 41 | | // If our returned array has a length of 0, one of two things is happening |
| | 42 | | // The first possibility we'll look at is we need to use ranged retrieval, because AD will not return |
| | 43 | | // more than a certain number of items. If we get nothing back from this, then the group is empty |
| 2 | 44 | | if (members.Length == 0) |
| 1 | 45 | | { |
| 1 | 46 | | _log.LogTrace("Member property for {ObjectName} is empty, trying range retrieval", |
| 1 | 47 | | objectName); |
| 11 | 48 | | foreach (var member in _utils.DoRangedRetrieval(distinguishedName, "member")) |
| 4 | 49 | | { |
| 4 | 50 | | _log.LogTrace("Got member {DN} for {ObjectName} from ranged retrieval", member, objectName); |
| 4 | 51 | | var res = _utils.ResolveDistinguishedName(member); |
| | 52 | |
|
| 4 | 53 | | if (res == null) |
| 1 | 54 | | yield return new TypedPrincipal |
| 1 | 55 | | { |
| 1 | 56 | | ObjectIdentifier = member.ToUpper(), |
| 1 | 57 | | ObjectType = Label.Base |
| 1 | 58 | | }; |
| | 59 | | else |
| 3 | 60 | | { |
| 3 | 61 | | if (!Helpers.IsSidFiltered(res.ObjectIdentifier)) |
| 3 | 62 | | yield return res; |
| 3 | 63 | | } |
| 4 | 64 | | } |
| 1 | 65 | | } |
| | 66 | | else |
| 1 | 67 | | { |
| | 68 | | //If we're here, we just read the data directly and life is good |
| 11 | 69 | | foreach (var member in members) |
| 4 | 70 | | { |
| 4 | 71 | | _log.LogTrace("Got member {DN} for {ObjectName}", member, objectName); |
| 4 | 72 | | var res = _utils.ResolveDistinguishedName(member); |
| | 73 | |
|
| 4 | 74 | | if (res == null) |
| 1 | 75 | | yield return new TypedPrincipal |
| 1 | 76 | | { |
| 1 | 77 | | ObjectIdentifier = member.ToUpper(), |
| 1 | 78 | | ObjectType = Label.Base |
| 1 | 79 | | }; |
| | 80 | | else |
| 3 | 81 | | { |
| 3 | 82 | | if (!Helpers.IsSidFiltered(res.ObjectIdentifier)) |
| 3 | 83 | | yield return res; |
| 3 | 84 | | } |
| 4 | 85 | | } |
| 1 | 86 | | } |
| 2 | 87 | | } |
| | 88 | |
|
| | 89 | | /// <summary> |
| | 90 | | /// Reads the primary group info from a user or computer object and massages it into the proper format. |
| | 91 | | /// </summary> |
| | 92 | | /// <param name="primaryGroupId"></param> |
| | 93 | | /// <param name="objectId"></param> |
| | 94 | | /// <returns></returns> |
| | 95 | | public static string GetPrimaryGroupInfo(string primaryGroupId, string objectId) |
| 3 | 96 | | { |
| 3 | 97 | | if (primaryGroupId == null) |
| 1 | 98 | | return null; |
| | 99 | |
|
| 2 | 100 | | if (objectId == null) |
| 0 | 101 | | return null; |
| | 102 | |
|
| | 103 | | try |
| 2 | 104 | | { |
| 2 | 105 | | var domainSid = new SecurityIdentifier(objectId).AccountDomainSid.Value; |
| 1 | 106 | | var primaryGroupSid = $"{domainSid}-{primaryGroupId}"; |
| 1 | 107 | | return primaryGroupSid; |
| | 108 | | } |
| 1 | 109 | | catch |
| 1 | 110 | | { |
| 1 | 111 | | return null; |
| | 112 | | } |
| 3 | 113 | | } |
| | 114 | | } |
| | 115 | | } |