wip: implement IDirectoryObject for cleanliness and testability

SpecterOps · Jul 10, 2024 · c535e29 · c535e29
1 parent 1dcccde
commit c535e29
Show file tree

Hide file tree

Showing 35 changed files with 1,625 additions and 1,683 deletions.
diff --git a/src/CommonLib/ConnectionPoolManager.cs b/src/CommonLib/ConnectionPoolManager.cs
@@ -84,11 +84,8 @@ private bool GetDomainSidFromDomainName(string domainName, out string domainSid)
             if (Cache.GetDomainSidMapping(domainName, out domainSid)) return true;
 
             try {
-                var entry = new DirectoryEntry($"LDAP://{domainName}");
-                //Force load objectsid into the object cache
-                entry.RefreshCache(new[] { "objectSid" });
-                var sid = entry.GetSid();
-                if (sid != null) {
+                var entry = new DirectoryEntryWrapper(new DirectoryEntry($"LDAP://{domainName}"));
+                if (entry.TryGetSecurityIdentifier(out var sid)) {
                     Cache.AddDomainSidMapping(domainName, sid);
                     domainSid = sid;
                     return true;

diff --git a/src/CommonLib/DirectoryEntryExtensions.cs b/src/CommonLib/DirectoryEntryExtensions.cs
diff --git a/src/CommonLib/DirectoryObjects/DirectoryEntryExtensions.cs b/src/CommonLib/DirectoryObjects/DirectoryEntryExtensions.cs
@@ -0,0 +1,125 @@
+using System;
+using System.Collections.Generic;
+using System.DirectoryServices;
+using System.Security.Principal;
+using System.Text;
+using SharpHoundCommonLib.Enums;
+using SharpHoundCommonLib.LDAPQueries;
+using SharpHoundCommonLib.OutputTypes;
+
+namespace SharpHoundCommonLib {
+    public static class DirectoryEntryExtensions {
+        public static string GetProperty(this DirectoryEntry entry, string propertyName) {
+            try {
+                if (!entry.Properties.Contains(propertyName))
+                    entry.RefreshCache(new[] { propertyName });
+
+                if (!entry.Properties.Contains(propertyName))
+                    return null;
+            }
+            catch {
+                return null;
+            }
+
+            var s = entry.Properties[propertyName][0];
+            return s switch {
+                string st => st,
+                _ => null
+            };
+        }
+
+        public static string[] GetPropertyAsArray(this DirectoryEntry entry, string propertyName) {
+            try {
+                if (!entry.Properties.Contains(propertyName))
+                    entry.RefreshCache(new[] { propertyName });
+
+                if (!entry.Properties.Contains(propertyName))
+                    return null;
+            }
+            catch {
+                return null;
+            }
+
+            var dest = new List<string>();
+            foreach (var val in entry.Properties[propertyName]) {
+                if (val is string s) {
+                    dest.Add(s);
+                }
+            }
+
+            return dest.ToArray();
+        }
+
+        public static bool GetTypedPrincipal(this DirectoryEntry entry, out TypedPrincipal principal) {
+            var identifier = entry.GetObjectIdentifier();
+            var success = entry.GetLabel(out var label);
+            principal = new TypedPrincipal(identifier, label);
+            return (success && !string.IsNullOrWhiteSpace(identifier));
+        }
+
+        public static string GetObjectIdentifier(this DirectoryEntry entry) {
+            return entry.GetSid() ?? entry.GetGuid();
+        }
+
+        public static string GetSid(this DirectoryEntry entry) {
+            try {
+                if (!entry.Properties.Contains(LDAPProperties.ObjectSID))
+                    entry.RefreshCache(new[] { LDAPProperties.ObjectSID });
+
+                if (!entry.Properties.Contains(LDAPProperties.ObjectSID))
+                    return null;
+            }
+            catch {
+                return null;
+            }
+
+            var s = entry.Properties[LDAPProperties.ObjectSID][0];
+            return s switch {
+                byte[] b => new SecurityIdentifier(b, 0).ToString(),
+                string st => new SecurityIdentifier(Encoding.ASCII.GetBytes(st), 0).ToString(),
+                _ => null
+            };
+        }
+
+        public static string GetGuid(this DirectoryEntry entry) {
+            try {
+                //Attempt to refresh the props first
+                if (!entry.Properties.Contains(LDAPProperties.ObjectGUID))
+                    entry.RefreshCache(new[] { LDAPProperties.ObjectGUID });
+
+                if (!entry.Properties.Contains(LDAPProperties.ObjectGUID))
+                    return null;
+            }
+            catch {
+                return null;
+            }
+
+            var s = entry.Properties[LDAPProperties.ObjectGUID][0];
+            return s switch {
+                byte[] b => new Guid(b).ToString(),
+                string st => st,
+                _ => null
+            };
+        }
+
+
+        public static bool GetLabel(this DirectoryEntry entry, out Label type) {
+            try {
+                entry.RefreshCache(CommonProperties.TypeResolutionProps);
+            }
+            catch {
+                //pass
+            }
+
+            var flagString = entry.GetProperty(LDAPProperties.Flags);
+            if (!int.TryParse(flagString, out var flags)) {
+                flags = 0;
+            }
+
+            return LdapUtils.ResolveLabel(entry.GetObjectIdentifier(),
+                entry.GetProperty(LDAPProperties.DistinguishedName),
+                entry.GetProperty(LDAPProperties.SAMAccountType),
+                entry.GetPropertyAsArray(LDAPProperties.SAMAccountType), flags, out type);
+        }
+    }
+}