rusthound_ce/objects/
aiaca.rs

1use serde_json::value::Value;
2use serde::{Deserialize, Serialize};
3use x509_parser::oid_registry::asn1_rs::oid;
4use x509_parser::prelude::*;
5use ldap3::SearchEntry;
6use log::{debug, error, trace};
7use std::collections::HashMap;
8use std::error::Error;
9
10use crate::objects::common::{LdapObject, AceTemplate, SPNTarget, Link, Member};
11use crate::enums::{decode_guid_le, parse_ntsecuritydescriptor};
12use crate::utils::date::string_to_epoch;
13use crate::utils::crypto::calculate_sha1;
14
15/// AIACA structure
16#[derive(Debug, Clone, Deserialize, Serialize, Default)]
17pub struct AIACA {
18    #[serde(rename = "Properties")]
19    properties: AIACAProperties,
20    #[serde(rename = "DomainSID")]
21    domain_sid: String,
22    #[serde(rename = "Aces")]
23    aces: Vec<AceTemplate>,
24    #[serde(rename = "ObjectIdentifier")]
25    object_identifier: String,
26    #[serde(rename = "IsDeleted")]
27    is_deleted: bool,
28    #[serde(rename = "IsACLProtected")]
29    is_acl_protected: bool,
30    #[serde(rename = "ContainedBy")]
31    contained_by: Option<Member>,
32}
33
34impl AIACA {
35    // New AIACA
36    pub fn new() -> Self { 
37        Self { ..Default::default() } 
38    }
39
40    /// Function to parse and replace value in json template for AIACA object.
41    pub fn parse(
42        &mut self,
43        result: SearchEntry,
44        domain: &str,
45        dn_sid: &mut HashMap<String, String>,
46        sid_type: &mut HashMap<String, String>,
47        domain_sid: &str
48    ) -> Result<(), Box<dyn Error>> {
49        let result_dn: String = result.dn.to_uppercase();
50        let result_attrs: HashMap<String, Vec<String>> = result.attrs;
51        let result_bin: HashMap<String, Vec<Vec<u8>>> = result.bin_attrs;
52
53        // Debug for current object
54        debug!("Parse AIACA: {result_dn}");
55
56        // Trace all result attributes
57        for (key, value) in &result_attrs {
58            trace!("  {key:?}:{value:?}");
59        }
60        // Trace all bin result attributes
61        for (key, value) in &result_bin {
62            trace!("  {key:?}:{value:?}");
63        }
64
65
66        // Change all values...
67        self.properties.domain = domain.to_uppercase();
68        self.properties.distinguishedname = result_dn;    
69        self.properties.domainsid = domain_sid.to_string();
70        self.domain_sid = domain_sid.to_string();
71
72        // With a check
73        for (key, value) in &result_attrs {
74            match key.as_str() {
75                "name" => {
76                    let name = format!("{}@{}",&value[0],domain);
77                    self.properties.name = name.to_uppercase();
78                }
79                "description" => {
80                    self.properties.description = Some(value[0].to_owned());
81                }
82                "whenCreated" => {
83                    let epoch = string_to_epoch(&value[0])?;
84                    if epoch.is_positive() {
85                        self.properties.whencreated = epoch;
86                    }
87                }
88                "IsDeleted" => {
89                    self.is_deleted = true;
90                }
91                "crossCertificatePair" => {
92                    self.properties.hascrosscertificatepair = true;
93                    // self.properties.crosscertificatepair = value[0].to_owned();
94                }
95                _ => {}
96            }
97        }
98
99        // For all, bins attributs
100        for (key, value) in &result_bin {
101            match key.as_str() {
102                "objectGUID" => {
103                    // objectGUID raw to string
104                    let guid = decode_guid_le(&value[0]);
105                    self.object_identifier = guid.to_owned();
106                }
107                "nTSecurityDescriptor" => {
108                    // nTSecurityDescriptor raw to string
109                    let relations_ace = parse_ntsecuritydescriptor(
110                        self,
111                        &value[0],
112                        "AIACA",
113                        &result_attrs,
114                        &result_bin,
115                        domain,
116                    );
117                    self.aces = relations_ace;
118                }
119                "cACertificate" => {
120                    //info!("{:?}:{:?}", key,value[0].to_owned());
121                    let certsha1: String = calculate_sha1(&value[0]);
122                    self.properties.certthumbprint = certsha1.to_owned();
123                    self.properties.certname = certsha1.to_owned();
124                    self.properties.certchain = vec![certsha1.to_owned()];
125
126                    // Parsing certificate.
127                    let res = X509Certificate::from_der(&value[0]);
128                    match res {
129                        Ok((_rem, cert)) => {
130                            // println!("Basic Constraints Extensions:");
131                            for ext in cert.extensions() {
132                                // println!("{:?} : {:?}",&ext.oid, ext);
133                                if &ext.oid == &oid!(2.5.29.19) {
134                                    // <https://docs.rs/x509-parser/latest/x509_parser/extensions/struct.BasicConstraints.html>
135                                    if let ParsedExtension::BasicConstraints(basic_constraints) = &ext.parsed_extension() {
136                                        let _ca = &basic_constraints.ca;
137                                        let _path_len_constraint = &basic_constraints.path_len_constraint;
138                                        // println!("ca: {:?}", _ca);
139                                        // println!("path_len_constraint: {:?}", _path_len_constraint);
140                                        match _path_len_constraint {
141                                            Some(_path_len_constraint) => {
142                                                if _path_len_constraint > &0 {
143                                                    self.properties.hasbasicconstraints = true;
144                                                    self.properties.basicconstraintpathlength = _path_len_constraint.to_owned();
145
146                                                } else {
147                                                    self.properties.hasbasicconstraints = false;
148                                                    self.properties.basicconstraintpathlength = 0;
149                                                }
150                                            },
151                                            None => {
152                                                self.properties.hasbasicconstraints = false;
153                                                self.properties.basicconstraintpathlength = 0;
154                                            }
155                                        }
156                                    }
157                                }
158                            }
159                        },
160                        _ => error!("CA x509 certificate parsing failed: {:?}", res),
161                    }
162                }
163                _ => {}
164            }
165        }
166
167        // Push DN and SID in HashMap
168        if self.object_identifier != "SID" {
169            dn_sid.insert(
170                self.properties.distinguishedname.to_owned(),
171                self.object_identifier.to_owned()
172            );
173            // Push DN and Type
174            sid_type.insert(
175                self.object_identifier.to_owned(),
176                "AIACA".to_string()
177            );
178        }
179
180        // Trace and return AIACA struct
181        // trace!("JSON OUTPUT: {:?}",serde_json::to_string(&self).unwrap());
182        Ok(())
183    }
184}
185
186impl LdapObject for AIACA {
187    // To JSON
188    fn to_json(&self) -> Value {
189        serde_json::to_value(self).unwrap()
190    }
191
192    // Get values
193    fn get_object_identifier(&self) -> &String {
194        &self.object_identifier
195    }
196    fn get_is_acl_protected(&self) -> &bool {
197        &self.is_acl_protected
198    }
199    fn get_aces(&self) -> &Vec<AceTemplate> {
200        &self.aces
201    }
202    fn get_spntargets(&self) -> &Vec<SPNTarget> {
203        panic!("Not used by current object.");
204    }
205    fn get_allowed_to_delegate(&self) -> &Vec<Member> {
206        panic!("Not used by current object.");
207    }
208    fn get_links(&self) -> &Vec<Link> {
209        panic!("Not used by current object.");
210    }
211    fn get_contained_by(&self) -> &Option<Member> {
212        &self.contained_by
213    }
214    fn get_child_objects(&self) -> &Vec<Member> {
215        panic!("Not used by current object.");
216    }
217    fn get_haslaps(&self) -> &bool {
218        &false
219    }
220    
221    // Get mutable values
222    fn get_aces_mut(&mut self) -> &mut Vec<AceTemplate> {
223        &mut self.aces
224    }
225    fn get_spntargets_mut(&mut self) -> &mut Vec<SPNTarget> {
226        panic!("Not used by current object.");
227    }
228    fn get_allowed_to_delegate_mut(&mut self) -> &mut Vec<Member> {
229        panic!("Not used by current object.");
230    }
231    
232    // Edit values
233    fn set_is_acl_protected(&mut self, is_acl_protected: bool) {
234        self.is_acl_protected = is_acl_protected;
235        self.properties.isaclprotected = is_acl_protected;
236    }
237    fn set_aces(&mut self, aces: Vec<AceTemplate>) {
238        self.aces = aces;
239    }
240    fn set_spntargets(&mut self, _spn_targets: Vec<SPNTarget>) {
241        // Not used by current object.
242    }
243    fn set_allowed_to_delegate(&mut self, _allowed_to_delegate: Vec<Member>) {
244        // Not used by current object.
245    }
246    fn set_links(&mut self, _links: Vec<Link>) {
247        // Not used by current object.
248    }
249    fn set_contained_by(&mut self, contained_by: Option<Member>) {
250        self.contained_by = contained_by;
251    }
252    fn set_child_objects(&mut self, _child_objects: Vec<Member>) {
253        // Not used by current object.
254    }
255}
256
257
258// AIACA properties structure
259#[derive(Debug, Clone, Deserialize, Serialize)]
260pub struct AIACAProperties {
261   domain: String,
262   name: String,
263   distinguishedname: String,
264   domainsid: String,
265   isaclprotected: bool,
266   description: Option<String>,
267   whencreated: i64,
268   crosscertificatepair: Vec<String>,
269   hascrosscertificatepair: bool,
270   certthumbprint: String,
271   certname: String,
272   certchain: Vec<String>,
273   hasbasicconstraints: bool,
274   basicconstraintpathlength: u32,
275}
276
277impl Default for AIACAProperties {
278    fn default() -> AIACAProperties {
279        AIACAProperties {
280            domain: String::from(""),
281            name: String::from(""),
282            distinguishedname: String::from(""),
283            domainsid: String::from(""),
284            isaclprotected: false,
285            description: None,
286            whencreated: -1,
287            crosscertificatepair: Vec::new(),
288            hascrosscertificatepair: false,
289            certthumbprint: String::from(""),
290            certname: String::from(""),
291            certchain: Vec::new(),
292            hasbasicconstraints: false,
293            basicconstraintpathlength: 0,
294       }
295    }
296}
rusthound_ce/objects/aiaca.rs

rusthound_ce/objects/
aiaca.rs
