rusthound_ce/objects/
ntauthstore.rs

1use serde_json::value::Value;
2use serde::{Deserialize, Serialize};
3
4use crate::enums::{decode_guid_le, parse_ntsecuritydescriptor};
5use crate::utils::date::string_to_epoch;
6use crate::objects::common::{
7    LdapObject,
8    AceTemplate,
9    SPNTarget,
10    Link,
11    Member
12};
13use crate::utils::crypto::calculate_sha1;
14use ldap3::SearchEntry;
15use log::{debug, trace};
16use std::collections::HashMap;
17use std::error::Error;
18
19/// NtAuthStore structure
20#[derive(Debug, Clone, Deserialize, Serialize, Default)]
21pub struct NtAuthStore {
22    #[serde(rename = "Properties")]
23    properties: NtAuthStoreProperties,
24    #[serde(rename = "DomainSID")]
25    domain_sid: String,
26    #[serde(rename = "Aces")]
27    aces: Vec<AceTemplate>,
28    #[serde(rename = "ObjectIdentifier")]
29    object_identifier: String,
30    #[serde(rename = "IsDeleted")]
31    is_deleted: bool,
32    #[serde(rename = "IsACLProtected")]
33    is_acl_protected: bool,
34    #[serde(rename = "ContainedBy")]
35    contained_by: Option<Member>,
36}
37
38impl NtAuthStore {
39    // New NtAuthStore
40    pub fn new() -> Self { 
41        Self { ..Default::default() } 
42    }
43
44    /// Function to parse and replace value in json template for NT Auth Store object.
45    pub fn parse(
46        &mut self,
47        result: SearchEntry,
48        domain: &String,
49        dn_sid: &mut HashMap<String, String>,
50        sid_type: &mut HashMap<String, String>,
51        domain_sid: &String
52    ) -> Result<(), Box<dyn Error>> {
53        let result_dn: String = result.dn.to_uppercase();
54        let result_attrs: HashMap<String, Vec<String>> = result.attrs;
55        let result_bin: HashMap<String, Vec<Vec<u8>>> = result.bin_attrs;
56  
57        // Debug for current object
58        debug!("Parse NtAuthStore: {}", result_dn);
59        // Trace all result attributes
60        for (key, value) in &result_attrs {
61            trace!("  {:?}:{:?}", key, value);
62        }
63        // Trace all bin result attributes
64        for (key, value) in &result_bin {
65            trace!("  {:?}:{:?}", key, value);
66        }
67  
68        // Change all values...
69        self.properties.domain = domain.to_uppercase();
70        self.properties.distinguishedname = result_dn;    
71        self.properties.domainsid = domain_sid.to_string();
72        self.domain_sid = domain_sid.to_string();
73  
74        // With a check
75        for (key, value) in &result_attrs {
76            match key.as_str() {
77                "name" => {
78                    let name = format!("{}@{}", &value[0], domain);
79                    self.properties.name = name.to_uppercase();
80                }
81                "description" => {
82                    self.properties.description = value.get(0).map(|s| s.to_owned());
83                }
84                "whenCreated" => {
85                    let epoch = string_to_epoch(&value[0])?;
86                    if epoch.is_positive() {
87                        self.properties.whencreated = epoch;
88                    }
89                }
90                "IsDeleted" => {
91                    self.is_deleted = true.into();
92                }
93                _ => {}
94            }
95        }
96  
97        // For all, bins attributs
98        for (key, value) in &result_bin {
99            match key.as_str() {
100                "objectGUID" => {
101                    // objectGUID raw to string
102                    self.object_identifier = decode_guid_le(&value[0]).to_owned().into();
103                }
104                "nTSecurityDescriptor" => {
105                    // Needed with acl
106                    let entry_type = "NtAuthStore".to_string();
107                    // nTSecurityDescriptor raw to string
108                    let relations_ace = parse_ntsecuritydescriptor(
109                        self,
110                        &value[0],
111                        entry_type,
112                        &result_attrs,
113                        &result_bin,
114                        &domain,
115                    );
116                    self.aces = relations_ace;
117                }
118                "cACertificate" => {
119                    //info!("{:?}:{:?}", key,value[0].to_owned());
120                    self.properties.certthumbprints = vec![calculate_sha1(&value[0])];
121                }
122                _ => {}
123            }
124        }
125  
126        // Push DN and SID in HashMap
127        if self.object_identifier.to_string() != "SID" {
128            dn_sid.insert(
129                self.properties.distinguishedname.to_string(),
130                self.object_identifier.to_string()
131            );
132            // Push DN and Type
133            sid_type.insert(
134                self.object_identifier.to_string(),
135                "NtAuthStore".to_string()
136            );
137        }
138  
139        // Trace and return NtAuthStore struct
140        // trace!("JSON OUTPUT: {:?}",serde_json::to_string(&self).unwrap());
141        Ok(())
142    }
143}
144
145impl LdapObject for NtAuthStore {
146    // To JSON
147    fn to_json(&self) -> Value {
148        serde_json::to_value(&self).unwrap()
149    }
150
151    // Get values
152    fn get_object_identifier(&self) -> &String {
153        &self.object_identifier
154    }
155    fn get_is_acl_protected(&self) -> &bool {
156        &self.is_acl_protected
157    }
158    fn get_aces(&self) -> &Vec<AceTemplate> {
159        &self.aces
160    }
161    fn get_spntargets(&self) -> &Vec<SPNTarget> {
162        panic!("Not used by current object.");
163    }
164    fn get_allowed_to_delegate(&self) -> &Vec<Member> {
165        panic!("Not used by current object.");
166    }
167    fn get_links(&self) -> &Vec<Link> {
168        panic!("Not used by current object.");
169    }
170    fn get_contained_by(&self) -> &Option<Member> {
171        &self.contained_by
172    }
173    fn get_child_objects(&self) -> &Vec<Member> {
174        panic!("Not used by current object.");
175    }
176    fn get_haslaps(&self) -> &bool {
177        &false
178    }
179    
180    // Get mutable values
181    fn get_aces_mut(&mut self) -> &mut Vec<AceTemplate> {
182        &mut self.aces
183    }
184    fn get_spntargets_mut(&mut self) -> &mut Vec<SPNTarget> {
185        panic!("Not used by current object.");
186    }
187    fn get_allowed_to_delegate_mut(&mut self) -> &mut Vec<Member> {
188        panic!("Not used by current object.");
189    }
190    
191    // Edit values
192    fn set_is_acl_protected(&mut self, is_acl_protected: bool) {
193        self.is_acl_protected = is_acl_protected;
194        self.properties.isaclprotected = is_acl_protected;
195    }
196    fn set_aces(&mut self, aces: Vec<AceTemplate>) {
197        self.aces = aces;
198    }
199    fn set_spntargets(&mut self, _spn_targets: Vec<SPNTarget>) {
200        // Not used by current object.
201    }
202    fn set_allowed_to_delegate(&mut self, _allowed_to_delegate: Vec<Member>) {
203        // Not used by current object.
204    }
205    fn set_links(&mut self, _links: Vec<Link>) {
206        // Not used by current object.
207    }
208    fn set_contained_by(&mut self, contained_by: Option<Member>) {
209        self.contained_by = contained_by;
210    }
211    fn set_child_objects(&mut self, _child_objects: Vec<Member>) {
212        // Not used by current object.
213    }
214}
215
216
217// NtAuthStore properties structure
218#[derive(Debug, Clone, Deserialize, Serialize, Default)]
219pub struct NtAuthStoreProperties {
220   domain: String,
221   name: String,
222   distinguishedname: String,
223   domainsid: String,
224   isaclprotected: bool,
225   certthumbprints: Vec<String>,
226   description: Option<String>,
227   whencreated: i64,
228}
rusthound_ce/objects/ntauthstore.rs

rusthound_ce/objects/
ntauthstore.rs
