public void Ctor_Flags(SecurityMasks masks, byte[] expectedValue)
{
var control = new SecurityDescriptorFlagControl(masks);
Assert.True(control.IsCritical);
Assert.Equal(masks, control.SecurityMasks);
Assert.True(control.ServerSide);
Assert.Equal("1.2.840.113556.1.4.801", control.Type);
Assert.Equal(expectedValue, control.GetValue());
}
public void Ctor_Default()
{
var control = new SecurityDescriptorFlagControl();
Assert.True(control.IsCritical);
Assert.Equal(SecurityMasks.None, control.SecurityMasks);
Assert.True(control.ServerSide);
Assert.Equal("1.2.840.113556.1.4.801", control.Type);
Assert.Equal(new byte[] { 48, 132, 0, 0, 0, 3, 2, 1, 0 }, control.GetValue());
}
public void Ctor_Default()
{
var control = new SecurityDescriptorFlagControl();
Assert.True(control.IsCritical);
Assert.Equal(SecurityMasks.None, control.SecurityMasks);
Assert.True(control.ServerSide);
Assert.Equal("1.2.840.113556.1.4.801", control.Type);
var expected = (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) ? new byte[] { 48, 132, 0, 0, 0, 3, 2, 1, 0 } : new byte[] { 48, 3, 2, 1, 0 };
Assert.Equal(expected, control.GetValue());
}
private static SearchRequest GetRequest(string dn, string filter, string[] returnAttrs, SearchScope scope = SearchScope.Subtree)
{
var request = new SearchRequest(dn, filter, scope, returnAttrs);
// turn off referral chasing so that data
// from other partitions is not returned
var searchControl = new SearchOptionsControl(SearchOption.DomainScope);
//To retrieve nTSecurityDescriptor attribute https://github.com/BloodHoundAD/SharpHound3/blob/master/SharpHound3/DirectorySearch.cs#L157
var securityDescriptorFlagControl = new SecurityDescriptorFlagControl
{
SecurityMasks = SecurityMasks.Dacl | SecurityMasks.Owner
};
request.Controls.Add(securityDescriptorFlagControl);
request.Controls.Add(searchControl);
return(request);
}
/// <summary>
/// Performs an LDAP search returning multiple objects/pages
/// </summary>
/// <param name="ldapFilter"></param>
/// <param name="props"></param>
/// <param name="scope"></param>
/// <param name="adsPath"></param>
/// <param name="globalCatalog"></param>
/// <returns>An IEnumerable with search results</returns>
internal IEnumerable <SearchResultEntry> QueryLdap(string ldapFilter, string[] props, SearchScope scope, string adsPath = null, bool globalCatalog = false)
{
var connection = globalCatalog ? GetGlobalCatalogConnection() : GetLdapConnection();
try
{
var searchRequest = CreateSearchRequest(ldapFilter, scope, props, adsPath);
var pageRequest = new PageResultRequestControl(500);
searchRequest.Controls.Add(pageRequest);
var securityDescriptorFlagControl = new SecurityDescriptorFlagControl
{
SecurityMasks = SecurityMasks.Dacl | SecurityMasks.Owner
};
searchRequest.Controls.Add(securityDescriptorFlagControl);
while (true)
{
SearchResponse searchResponse;
try
{
searchResponse = (SearchResponse)connection.SendRequest(searchRequest);
}
catch (Exception e)
{
//Console.WriteLine(ldapFilter);
//Console.WriteLine("\nUnexpected exception occured:\n\t{0}: {1}",
// e.GetType().Name, e.Message);
yield break;
}
if (searchResponse.Controls.Length != 1 ||
!(searchResponse.Controls[0] is PageResultResponseControl))
{
//Mq.Error("Server does not support paging");
yield break;
}
var pageResponse = (PageResultResponseControl)searchResponse.Controls[0];
foreach (SearchResultEntry entry in searchResponse.Entries)
{
yield return(entry);
}
if (pageResponse.Cookie.Length == 0)
{
break;
}
pageRequest.Cookie = pageResponse.Cookie;
}
}
finally
{
if (!globalCatalog)
{
_connectionPool.Add(connection);
}
else
{
connection.Dispose();
}
}
}
public IEnumerable <SearchResultEntry> DoSearch(string filter, SearchScope scope, string[] props,
string domainName = null, string adsPath = null, bool useGc = false)
{
Debug("Creating connection");
var conn = useGc ? GetGcConnection(domainName) : GetLdapConnection(domainName);
if (conn == null)
{
Debug("Connection null");
yield break;
}
Debug("Getting search request");
var request = GetSearchRequest(filter, scope, props, domainName, adsPath);
if (request == null)
{
Debug($"Unable to contact domain {domainName}");
Verbose($"Unable to contact domain {domainName}");
yield break;
}
Debug("Creating page control");
var prc = new PageResultRequestControl(500);
request.Controls.Add(prc);
if (IsMethodSet(ResolvedCollectionMethod.ACL))
{
var sdfc =
new SecurityDescriptorFlagControl {
SecurityMasks = SecurityMasks.Dacl | SecurityMasks.Owner
};
request.Controls.Add(sdfc);
}
PageResultResponseControl pageResponse = null;
Debug("Starting loop");
while (true)
{
SearchResponse response;
try
{
response = (SearchResponse)conn.SendRequest(request);
if (response != null)
{
pageResponse = (PageResultResponseControl)response.Controls[0];
}
}
catch (Exception e)
{
Debug("Error in loop");
Debug(e.Message);
yield break;
}
if (response == null || pageResponse == null)
{
continue;
}
foreach (SearchResultEntry entry in response.Entries)
{
yield return(entry);
}
if (pageResponse.Cookie.Length == 0 || response.Entries.Count == 0)
{
Debug("Loop finished");
yield break;
}
prc.Cookie = pageResponse.Cookie;
}
}
public IEnumerable <Wrapper <SearchResultEntry> > DoWrappedSearch(string filter, SearchScope scope, string[] props,
string domainName = null, string adsPath = null, bool useGc = false)
{
var conn = useGc ? GetGcConnection(domainName) : GetLdapConnection(domainName);
if (conn == null)
{
Verbose("Unable to contact LDAP");
yield break;
}
var request = GetSearchRequest(filter, scope, props, domainName, adsPath);
if (request == null)
{
Verbose($"Unable to contact domain {domainName}");
yield break;
}
var prc = new PageResultRequestControl(500);
request.Controls.Add(prc);
if (IsMethodSet(ResolvedCollectionMethod.ACL))
{
var sdfc =
new SecurityDescriptorFlagControl {
SecurityMasks = SecurityMasks.Dacl | SecurityMasks.Owner
};
request.Controls.Add(sdfc);
}
PageResultResponseControl pageResponse = null;
while (true)
{
SearchResponse response;
try
{
response = (SearchResponse)conn.SendRequest(request);
if (response != null)
{
pageResponse = (PageResultResponseControl)response.Controls[0];
}
}
catch (Exception e)
{
Debug("Exception in Domain Searcher.");
Debug(e.Message);
yield break;
}
if (response == null || pageResponse == null)
{
continue;
}
foreach (SearchResultEntry entry in response.Entries)
{
yield return(new Wrapper <SearchResultEntry> {
Item = entry
});
}
if (pageResponse.Cookie.Length == 0)
{
break;
}
prc.Cookie = pageResponse.Cookie;
}
}
public IEnumerable <SearchResultEntry> DoSearch(string filter, SearchScope scope, string[] props,
string domainName = null, string adsPath = null, bool useGc = false)
{
using (var conn = useGc ? GetGcConnection() : GetLdapConnection(domainName))
{
if (conn == null)
{
yield break;
}
var request = GetSearchRequest(filter, scope, props, domainName, adsPath);
if (request == null)
{
Verbose($"Unable to contact domain {domainName}");
yield break;
}
var prc = new PageResultRequestControl(500);
request.Controls.Add(prc);
if (_options.CollectMethod.Equals(CollectionMethod.ACL))
{
var sdfc =
new SecurityDescriptorFlagControl {
SecurityMasks = SecurityMasks.Dacl | SecurityMasks.Owner
};
request.Controls.Add(sdfc);
}
PageResultResponseControl pageResponse = null;
while (true)
{
SearchResponse response;
try
{
response = (SearchResponse)conn.SendRequest(request);
if (response != null)
{
pageResponse = (PageResultResponseControl)response.Controls[0];
}
}
catch
{
yield break;
}
if (response == null || pageResponse == null)
{
continue;
}
foreach (SearchResultEntry entry in response.Entries)
{
yield return(entry);
}
if (pageResponse.Cookie.Length == 0 || response.Entries.Count == 0)
{
yield break;
}
prc.Cookie = pageResponse.Cookie;
}
}
}
