LdapUtils refactor

Dockerfile

@@ -1,7 +1,7 @@
 FROM mono:6.12.0
 
 # Install .NET SDK
-ENV DOTNET_VERSION=5.0
+ENV DOTNET_VERSION=7.0
 
 RUN curl -sSL https://dot.net/v1/dotnet-install.sh  \
     | bash -s -- -Channel $DOTNET_VERSION -InstallDir /usr/share/dotnet \

src/CommonLib/AsyncEnumerable.cs

@@ -0,0 +1,23 @@
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace SharpHoundCommonLib;
+
+public static class AsyncEnumerable {
+    public static IAsyncEnumerable<T> Empty<T>() => EmptyAsyncEnumerable<T>.Instance;
+
+    private sealed class EmptyAsyncEnumerable<T> : IAsyncEnumerable<T> {
+        public static readonly EmptyAsyncEnumerable<T> Instance = new();
+        private readonly IAsyncEnumerator<T> _enumerator = new EmptyAsyncEnumerator<T>(); 
+        public IAsyncEnumerator<T> GetAsyncEnumerator(CancellationToken cancellationToken = new CancellationToken()) {
+            return _enumerator;
+        }
+    }
+
+    private sealed class EmptyAsyncEnumerator<T> : IAsyncEnumerator<T> {
+        public ValueTask DisposeAsync() => default;
+        public ValueTask<bool> MoveNextAsync() => new(false);
+        public T Current => default;
+    }
+}

src/CommonLib/Cache.cs

@@ -85,11 +85,6 @@ internal static bool GetMachineSid(string key, out string value)
             return false;
         }
 
-        internal static void AddConvertedValue(string key, string value)
-        {
-            CacheInstance?.ValueToIdCache.TryAdd(key, value);
-        }
-
         internal static void AddPrefixedValue(string key, string domain, string value)
         {
             CacheInstance?.ValueToIdCache.TryAdd(GetPrefixKey(key, domain), value);
@@ -107,14 +102,7 @@ internal static void AddGCCache(string key, string[] value)
 
         internal static bool GetGCCache(string key, out string[] value)
         {
-            if (CacheInstance != null) return CacheInstance.GlobalCatalogCache.TryGetValue(key, out value);
-            value = null;
-            return false;
-        }
-
-        internal static bool GetConvertedValue(string key, out string value)
-        {
-            if (CacheInstance != null) return CacheInstance.ValueToIdCache.TryGetValue(key, out value);
+            if (CacheInstance != null) return CacheInstance.GlobalCatalogCache.TryGetValue(key.ToUpper(), out value);
             value = null;
             return false;
         }

src/CommonLib/ConnectionPoolManager.cs

@@ -0,0 +1,136 @@
+using System;
+using System.Collections.Concurrent;
+using System.DirectoryServices;
+using System.Security.Principal;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using SharpHoundCommonLib.Processors;
+
+namespace SharpHoundCommonLib {
+    public class ConnectionPoolManager : IDisposable{
+        private readonly ConcurrentDictionary<string, LdapConnectionPool> _pools = new();
+        private readonly LdapConfig _ldapConfig;
+        private readonly string[] _translateNames = { "Administrator", "admin" };
+        private readonly ConcurrentDictionary<string, string> _resolvedIdentifiers = new(StringComparer.OrdinalIgnoreCase);
+        private readonly ILogger _log;
+        private readonly PortScanner _portScanner;
+
+        public ConnectionPoolManager(LdapConfig config, ILogger log = null, PortScanner scanner = null) {
+            _ldapConfig = config;
+            _log = log ?? Logging.LogProvider.CreateLogger("ConnectionPoolManager");
+            _portScanner = scanner ?? new PortScanner();
+        }
+
+        public void ReleaseConnection(LdapConnectionWrapper connectionWrapper, bool connectionFaulted = false) {
+            if (connectionWrapper == null) {
+                return;
+            }
+            //I don't think this is possible, but at least account for it
+            if (!_pools.TryGetValue(connectionWrapper.PoolIdentifier, out var pool)) {
+                _log.LogWarning("Could not find pool for {Identifier}", connectionWrapper.PoolIdentifier);
+                connectionWrapper.Connection.Dispose();
+                return;
+            }
+
+            pool.ReleaseConnection(connectionWrapper, connectionFaulted);
+        }
+
+        public async Task<(bool Success, string Message)> TestDomainConnection(string identifier, bool globalCatalog) {
+            var (success, connection, message) = await GetLdapConnection(identifier, globalCatalog);
+            ReleaseConnection(connection);
+            return (success, message);
+        }
+
+        public async Task<(bool Success, LdapConnectionWrapper ConnectionWrapper, string Message)> GetLdapConnection(
+            string identifier, bool globalCatalog) {
+            var resolved = ResolveIdentifier(identifier);
+
+            if (!_pools.TryGetValue(resolved, out var pool)) {
+                pool = new LdapConnectionPool(identifier, resolved, _ldapConfig,scanner: _portScanner);
+                _pools.TryAdd(resolved, pool);
+            }
+
+            if (globalCatalog) {
+                return await pool.GetGlobalCatalogConnectionAsync();
+            }
+            return await pool.GetConnectionAsync();
+        }
+
+        public async Task<(bool Success, LdapConnectionWrapper connectionWrapper, string Message)> GetLdapConnectionForServer(
+            string identifier, string server, bool globalCatalog) {
+            var resolved = ResolveIdentifier(identifier);
+
+            if (!_pools.TryGetValue(resolved, out var pool)) {
+                pool = new LdapConnectionPool(resolved, identifier, _ldapConfig,scanner: _portScanner);
+                _pools.TryAdd(resolved, pool);
+            }
+
+            return await pool.GetConnectionForSpecificServerAsync(server, globalCatalog);
+        }
+
+        private string ResolveIdentifier(string identifier) {
+            if (_resolvedIdentifiers.TryGetValue(identifier, out var resolved)) {
+                return resolved;
+            }
+
+
+            if (GetDomainSidFromDomainName(identifier, out var sid)) {
+                _log.LogDebug("Resolved identifier {Identifier} to {Resolved}", identifier, sid);
+                _resolvedIdentifiers.TryAdd(identifier, sid);
+                return sid;
+            }
+
+            return identifier;
+        }
+
+        private bool GetDomainSidFromDomainName(string domainName, out string domainSid) {
+            if (Cache.GetDomainSidMapping(domainName, out domainSid)) return true;
+
+            try {
+                var entry = new DirectoryEntry($"LDAP://{domainName}").ToDirectoryObject();
+                if (entry.TryGetSecurityIdentifier(out var sid)) {
+                    Cache.AddDomainSidMapping(domainName, sid);
+                    domainSid = sid;
+                    return true;
+                }
+            }
+            catch {
+                //we expect this to fail sometimes
+            }
+
+            if (LdapUtils.GetDomain(domainName, _ldapConfig, out var domainObject))
+                try {
+                    if (domainObject.GetDirectoryEntry().ToDirectoryObject().TryGetSecurityIdentifier(out domainSid)) {
+                        Cache.AddDomainSidMapping(domainName, domainSid);
+                        return true;
+                    }
+                }
+                catch {
+                    //we expect this to fail sometimes (not sure why, but better safe than sorry)
+                }
+
+            foreach (var name in _translateNames)
+                try {
+                    var account = new NTAccount(domainName, name);
+                    var sid = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
+                    domainSid = sid.AccountDomainSid.ToString();
+                    Cache.AddDomainSidMapping(domainName, domainSid);
+                    return true;
+                }
+                catch {
+                    //We expect this to fail if the username doesn't exist in the domain
+                }
+
+            return false;
+        }
+
+        public void Dispose() {
+            foreach (var kv in _pools)
+            {
+                kv.Value.Dispose();
+            }
+
+            _pools.Clear();
+        }
+    }
+}

src/CommonLib/DirectoryObjects/DirectoryEntryWrapper.cs

@@ -0,0 +1,188 @@
+using System;
+using System.Collections.Generic;
+using System.DirectoryServices;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Principal;
+using System.Text;
+
+namespace SharpHoundCommonLib;
+
+public class DirectoryEntryWrapper : IDirectoryObject {
+    private readonly DirectoryEntry _entry;
+
+    public DirectoryEntryWrapper(DirectoryEntry entry) {
+        _entry = entry;
+    }
+
+    public bool TryGetDistinguishedName(out string value) {
+        return TryGetProperty(LDAPProperties.DistinguishedName, out value);
+    }
+
+    private bool CheckCache(string propertyName) {
+        try {
+            if (!_entry.Properties.Contains(propertyName))
+                _entry.RefreshCache(new[] { propertyName });
+
+            return _entry.Properties.Contains(propertyName);
+        }
+        catch {
+            return false;
+        }
+    }
+
+    public bool TryGetProperty(string propertyName, out string value) {
+        value = string.Empty;
+        if (!CheckCache(propertyName)) {
+            return false;
+        }
+
+        var s = _entry.Properties[propertyName].Value;
+        value = s switch {
+            string st => st,
+            int i => i.ToString(),
+            _ => null
+        };
+
+        return value != null;
+    }
+
+    public bool TryGetByteProperty(string propertyName, out byte[] value) {
+        value = Array.Empty<byte>();
+        if (!CheckCache(propertyName)) {
+            return false;
+        }
+
+        var prop = _entry.Properties[propertyName].Value;
+        if (prop is not byte[] b) return false;
+        value = b;
+        return true;
+    }
+
+    public bool TryGetArrayProperty(string propertyName, out string[] value) {
+        value = Array.Empty<string>();
+        if (!CheckCache(propertyName)) {
+            return false;
+        }
+
+        var dest = new List<string>();
+        foreach (var val in _entry.Properties[propertyName]) {
+            if (val is string s) {
+                dest.Add(s);
+            }
+        }
+
+        value = dest.ToArray();
+        return true;
+    }
+
+    public bool TryGetByteArrayProperty(string propertyName, out byte[][] value) {
+        value = Array.Empty<byte[]>();
+        if (!CheckCache(propertyName)) {
+            return false;
+        }
+
+        var raw = _entry.Properties[propertyName].Value;
+        if (raw is not byte[][] b) {
+            return false;
+        }
+        value = b;
+        return true;
+    }
+
+    public bool TryGetIntProperty(string propertyName, out int value) {
+        value = 0;
+        if (!CheckCache(propertyName)) return false;
+
+        if (!TryGetProperty(propertyName, out var s)) {
+            return false;
+        }
+
+        return int.TryParse(s, out value);
+    }
+
+    public bool TryGetCertificateArrayProperty(string propertyName, out X509Certificate2[] value) {
+        value = Array.Empty<X509Certificate2>();
+        if (!TryGetByteArrayProperty(propertyName, out var bytes)) {
+            return false;
+        }
+
+        if (bytes.Length == 0) {
+            return true;
+        }
+
+        var result = new List<X509Certificate2>();
+
+        foreach (var b in bytes) {
+            try {
+                var cert = new X509Certificate2(b);
+                result.Add(cert);
+            }
+            catch {
+                //pass
+            }
+        }
+
+        value = result.ToArray();
+        return true;
+    }
+
+    public bool TryGetSecurityIdentifier(out string securityIdentifier) {
+        securityIdentifier = string.Empty;
+        if (!CheckCache(LDAPProperties.ObjectSID)) {
+            return false;
+        }
+
+        var raw = _entry.Properties[LDAPProperties.ObjectSID][0];
+        try {
+            securityIdentifier = raw switch {
+                byte[] b => new SecurityIdentifier(b, 0).ToString(),
+                string st => new SecurityIdentifier(Encoding.ASCII.GetBytes(st), 0).ToString(),
+                _ => default
+            };
+
+            return securityIdentifier != default;
+        }
+        catch {
+            return false;
+        }
+    }
+
+    public bool TryGetGuid(out string guid) {
+        guid = string.Empty;
+        if (!TryGetByteProperty(LDAPProperties.ObjectGUID, out var raw)) {
+            return false;
+        }
+
+        try {
+            guid = new Guid(raw).ToString().ToUpper();
+            return true;
+        } catch {
+            return false;
+        }
+    }
+
+    public string GetProperty(string propertyName) {
+        CheckCache(propertyName);
+        return _entry.Properties[propertyName].Value as string;
+    }
+
+    public byte[] GetByteProperty(string propertyName) {
+        CheckCache(propertyName);
+        return _entry.Properties[propertyName].Value as byte[];
+    }
+
+    public int PropertyCount(string propertyName) {
+        if (!CheckCache(propertyName)) {
+            return 0;
+        }
+
+        var prop = _entry.Properties[propertyName];
+        return prop.Count;
+
+    }
+
+    public IEnumerable<string> PropertyNames() {
+        foreach (var property in _entry.Properties.PropertyNames)
+            yield return property.ToString().ToLower();
+    }
+}