rusthound_ce/objects/
gpo.rs

1use serde_json::value::Value;
2use serde::{Deserialize, Serialize};
3
4use crate::enums::decode_guid_le;
5use crate::objects::common::{
6    LdapObject,
7    AceTemplate,
8    Link,
9    SPNTarget,
10    Member
11};
12
13use ldap3::SearchEntry;
14use log::{debug, trace};
15use std::collections::HashMap;
16use std::error::Error;
17
18use crate::enums::acl::parse_ntsecuritydescriptor;
19use crate::utils::date::string_to_epoch;
20
21/// Gpo structure
22#[derive(Debug, Clone, Deserialize, Serialize, Default)]
23pub struct Gpo {
24    #[serde(rename = "Properties")]
25    properties: GpoProperties,
26    #[serde(rename = "Aces")]
27    aces: Vec<AceTemplate>,
28    #[serde(rename = "ObjectIdentifier")]
29    object_identifier: String,
30    #[serde(rename = "IsDeleted")]
31    is_deleted: bool,
32    #[serde(rename = "IsACLProtected")]
33    is_acl_protected: bool,
34    #[serde(rename = "ContainedBy")]
35    contained_by: Option<Member>,
36    #[serde(rename = "Links")]
37    links: Vec<Link>,
38}
39
40impl Gpo {
41    // New gpo.
42    pub fn new() -> Self { 
43        Self { ..Default::default() } 
44    }
45    
46    /// Function to parse and replace value for GPO object.
47    /// <https://bloodhound.readthedocs.io/en/latest/further-reading/json.html#gpos>
48    pub fn parse(
49        &mut self,
50        result: SearchEntry,
51        domain: &String,
52        dn_sid: &mut HashMap<String, String>,
53        sid_type: &mut HashMap<String, String>,
54        domain_sid: &String
55    ) -> Result<(), Box<dyn Error>> {
56        let result_dn: String = result.dn.to_uppercase();
57        let result_attrs: HashMap<String, Vec<String>> = result.attrs;
58        let result_bin: HashMap<String, Vec<Vec<u8>>> = result.bin_attrs;
59        
60        // Debug for current object
61        debug!("Parse gpo: {}", result_dn);
62        // Trace all result attributes
63        for (key, value) in &result_attrs {
64            trace!("  {:?}:{:?}", key, value);
65        }
66        // Trace all bin result attributes
67        for (key, value) in &result_bin {
68            trace!("  {:?}:{:?}", key, value);
69        }
70        
71        // Change all values...
72        self.properties.domain = domain.to_uppercase();
73        self.properties.distinguishedname = result_dn;
74        self.properties.domainsid = domain_sid.to_string();
75        
76        // Check and replace value
77        for (key, value) in &result_attrs {
78            match key.as_str() {
79                "displayName" => {
80                    let name = &value[0];
81                    let email = format!("{}@{}", name.to_owned(), domain);
82                    self.properties.name = email.to_uppercase();
83                }
84                "description" => {
85                    self.properties.description = value.get(0).map(|s| s.clone());
86                }
87                "whenCreated" => {
88                    let epoch = string_to_epoch(&value[0])?;
89                    if epoch.is_positive() {
90                        self.properties.whencreated = epoch;
91                    }
92                }
93                "gPCFileSysPath" => {
94                    self.properties.gpcpath = value[0].to_owned();
95                }
96                "IsDeleted" => {
97                    self.is_deleted = true;
98                }
99                _ => {}
100            }
101        }
102        
103        // For all, bins attributes
104        for (key, value) in &result_bin {
105            match key.as_str() {
106                "objectGUID" => {
107                    // objectGUID raw to string
108                    self.object_identifier = decode_guid_le(&value[0]).to_owned().into();
109                }
110                "nTSecurityDescriptor" => {
111                    // Needed with acl
112                    let entry_type = "Gpo".to_string();
113                    // nTSecurityDescriptor raw to string
114                    let relations_ace = parse_ntsecuritydescriptor(
115                        self,
116                        &value[0],
117                        entry_type,
118                        &result_attrs,
119                        &result_bin,
120                        &domain,
121                    );
122                    self.aces = relations_ace;
123                }
124                _ => {}
125            }
126        }
127        
128        // Push DN and SID in HashMap
129        dn_sid.insert(
130            self.properties.distinguishedname.to_string(),
131            self.object_identifier.to_string(),
132        );
133        // Push DN and Type
134        sid_type.insert(
135            self.object_identifier.to_string(),
136            "Gpo".to_string(),
137        );
138        
139        // Trace and return Gpo struct
140        // trace!("JSON OUTPUT: {:?}",serde_json::to_string(&self).unwrap());
141        Ok(())
142    }
143}
144
145impl LdapObject for Gpo {
146    // To JSON
147    fn to_json(&self) -> Value {
148        serde_json::to_value(&self).unwrap()
149    }
150
151    // Get values
152    fn get_object_identifier(&self) -> &String {
153        &self.object_identifier
154    }
155    fn get_is_acl_protected(&self) -> &bool {
156        &self.is_acl_protected
157    }
158    fn get_aces(&self) -> &Vec<AceTemplate> {
159        &self.aces
160    }
161    fn get_spntargets(&self) -> &Vec<SPNTarget> {
162        panic!("Not used by current object.");
163    }
164    fn get_allowed_to_delegate(&self) -> &Vec<Member> {
165        panic!("Not used by current object.");
166    }
167    fn get_links(&self) -> &Vec<Link> {
168        panic!("Not used by current object.");
169    }
170    fn get_contained_by(&self) -> &Option<Member> {
171        &self.contained_by
172    }
173    fn get_child_objects(&self) -> &Vec<Member> {
174        panic!("Not used by current object.");
175    }
176    fn get_haslaps(&self) -> &bool {
177        &false
178    }
179    
180    // Get mutable values
181    fn get_aces_mut(&mut self) -> &mut Vec<AceTemplate> {
182        &mut self.aces
183    }
184    fn get_spntargets_mut(&mut self) -> &mut Vec<SPNTarget> {
185        panic!("Not used by current object.");
186    }
187    fn get_allowed_to_delegate_mut(&mut self) -> &mut Vec<Member> {
188        panic!("Not used by current object.");
189    }
190    
191    // Edit values
192    fn set_is_acl_protected(&mut self, is_acl_protected: bool) {
193        self.is_acl_protected = is_acl_protected;
194        self.properties.isaclprotected = is_acl_protected;
195    }
196    fn set_aces(&mut self, aces: Vec<AceTemplate>) {
197        self.aces = aces;
198    }
199    fn set_spntargets(&mut self, _spn_targets: Vec<SPNTarget>) {
200        // Not used by current object.
201    }
202    fn set_allowed_to_delegate(&mut self, _allowed_to_delegate: Vec<Member>) {
203        // Not used by current object.
204    }
205    fn set_links(&mut self, links: Vec<Link>) {
206        self.links = links;
207    }
208    fn set_contained_by(&mut self, contained_by: Option<Member>) {
209        self.contained_by = contained_by;
210    }
211    fn set_child_objects(&mut self, _child_objects: Vec<Member>) {
212        // Not used by current object.
213    }
214}
215
216// Gpo properties structure
217#[derive(Debug, Clone, Deserialize, Serialize, Default)]
218pub struct GpoProperties {
219   domain: String,
220   name: String,
221   distinguishedname: String,
222   domainsid: String,
223   isaclprotected: bool,
224   highvalue: bool,
225   description: Option<String>,
226   whencreated: i64,
227   gpcpath: String
228}
rusthound_ce/objects/gpo.rs

rusthound_ce/objects/
gpo.rs
