rusthound_ce/objects/
ntauthstore.rs

1use serde_json::value::Value;
2use serde::{Deserialize, Serialize};
3use ldap3::SearchEntry;
4use log::{debug, trace};
5use std::collections::HashMap;
6use std::error::Error;
7
8use crate::objects::common::{LdapObject, AceTemplate, SPNTarget, Link, Member};
9use crate::enums::{decode_guid_le, parse_ntsecuritydescriptor};
10use crate::utils::date::string_to_epoch;
11use crate::utils::crypto::calculate_sha1;
12
13/// NtAuthStore structure
14#[derive(Debug, Clone, Deserialize, Serialize, Default)]
15pub struct NtAuthStore {
16    #[serde(rename = "Properties")]
17    properties: NtAuthStoreProperties,
18    #[serde(rename = "DomainSID")]
19    domain_sid: String,
20    #[serde(rename = "Aces")]
21    aces: Vec<AceTemplate>,
22    #[serde(rename = "ObjectIdentifier")]
23    object_identifier: String,
24    #[serde(rename = "IsDeleted")]
25    is_deleted: bool,
26    #[serde(rename = "IsACLProtected")]
27    is_acl_protected: bool,
28    #[serde(rename = "ContainedBy")]
29    contained_by: Option<Member>,
30}
31
32impl NtAuthStore {
33    // New NtAuthStore
34    pub fn new() -> Self { 
35        Self { ..Default::default() } 
36    }
37
38    /// Function to parse and replace value in json template for NT Auth Store object.
39    pub fn parse(
40        &mut self,
41        result: SearchEntry,
42        domain: &str,
43        dn_sid: &mut HashMap<String, String>,
44        sid_type: &mut HashMap<String, String>,
45        domain_sid: &str
46    ) -> Result<(), Box<dyn Error>> {
47        let result_dn: String = result.dn.to_uppercase();
48        let result_attrs: HashMap<String, Vec<String>> = result.attrs;
49        let result_bin: HashMap<String, Vec<Vec<u8>>> = result.bin_attrs;
50  
51        // Debug for current object
52        debug!("Parse NtAuthStore: {result_dn}");
53
54        // Trace all result attributes
55        for (key, value) in &result_attrs {
56            trace!("  {key:?}:{value:?}");
57        }
58        // Trace all bin result attributes
59        for (key, value) in &result_bin {
60            trace!("  {key:?}:{value:?}");
61        }
62  
63        // Change all values...
64        self.properties.domain = domain.to_uppercase();
65        self.properties.distinguishedname = result_dn;    
66        self.properties.domainsid = domain_sid.to_string();
67        self.domain_sid = domain_sid.to_string();
68  
69        // With a check
70        for (key, value) in &result_attrs {
71            match key.as_str() {
72                "name" => {
73                    let name = format!("{}@{}", &value[0], domain);
74                    self.properties.name = name.to_uppercase();
75                }
76                "description" => {
77                    self.properties.description = value.first().map(|s| s.to_owned());
78                }
79                "whenCreated" => {
80                    let epoch = string_to_epoch(&value[0])?;
81                    if epoch.is_positive() {
82                        self.properties.whencreated = epoch;
83                    }
84                }
85                "IsDeleted" => {
86                    self.is_deleted = true;
87                }
88                _ => {}
89            }
90        }
91  
92        // For all, bins attributs
93        for (key, value) in &result_bin {
94            match key.as_str() {
95                "objectGUID" => {
96                    // objectGUID raw to string
97                    self.object_identifier = decode_guid_le(&value[0]).to_owned();
98                }
99                "nTSecurityDescriptor" => {
100                    // nTSecurityDescriptor raw to string
101                    let relations_ace = parse_ntsecuritydescriptor(
102                        self,
103                        &value[0],
104                        "NtAuthStore",
105                        &result_attrs,
106                        &result_bin,
107                        domain,
108                    );
109                    self.aces = relations_ace;
110                }
111                "cACertificate" => {
112                    //info!("{:?}:{:?}", key,value[0].to_owned());
113                    self.properties.certthumbprints = vec![calculate_sha1(&value[0])];
114                }
115                _ => {}
116            }
117        }
118  
119        // Push DN and SID in HashMap
120        if self.object_identifier != "SID" {
121            dn_sid.insert(
122                self.properties.distinguishedname.to_string(),
123                self.object_identifier.to_string()
124            );
125            // Push DN and Type
126            sid_type.insert(
127                self.object_identifier.to_string(),
128                "NtAuthStore".to_string()
129            );
130        }
131  
132        // Trace and return NtAuthStore struct
133        // trace!("JSON OUTPUT: {:?}",serde_json::to_string(&self).unwrap());
134        Ok(())
135    }
136}
137
138impl LdapObject for NtAuthStore {
139    // To JSON
140    fn to_json(&self) -> Value {
141        serde_json::to_value(self).unwrap()
142    }
143
144    // Get values
145    fn get_object_identifier(&self) -> &String {
146        &self.object_identifier
147    }
148    fn get_is_acl_protected(&self) -> &bool {
149        &self.is_acl_protected
150    }
151    fn get_aces(&self) -> &Vec<AceTemplate> {
152        &self.aces
153    }
154    fn get_spntargets(&self) -> &Vec<SPNTarget> {
155        panic!("Not used by current object.");
156    }
157    fn get_allowed_to_delegate(&self) -> &Vec<Member> {
158        panic!("Not used by current object.");
159    }
160    fn get_links(&self) -> &Vec<Link> {
161        panic!("Not used by current object.");
162    }
163    fn get_contained_by(&self) -> &Option<Member> {
164        &self.contained_by
165    }
166    fn get_child_objects(&self) -> &Vec<Member> {
167        panic!("Not used by current object.");
168    }
169    fn get_haslaps(&self) -> &bool {
170        &false
171    }
172    
173    // Get mutable values
174    fn get_aces_mut(&mut self) -> &mut Vec<AceTemplate> {
175        &mut self.aces
176    }
177    fn get_spntargets_mut(&mut self) -> &mut Vec<SPNTarget> {
178        panic!("Not used by current object.");
179    }
180    fn get_allowed_to_delegate_mut(&mut self) -> &mut Vec<Member> {
181        panic!("Not used by current object.");
182    }
183    
184    // Edit values
185    fn set_is_acl_protected(&mut self, is_acl_protected: bool) {
186        self.is_acl_protected = is_acl_protected;
187        self.properties.isaclprotected = is_acl_protected;
188    }
189    fn set_aces(&mut self, aces: Vec<AceTemplate>) {
190        self.aces = aces;
191    }
192    fn set_spntargets(&mut self, _spn_targets: Vec<SPNTarget>) {
193        // Not used by current object.
194    }
195    fn set_allowed_to_delegate(&mut self, _allowed_to_delegate: Vec<Member>) {
196        // Not used by current object.
197    }
198    fn set_links(&mut self, _links: Vec<Link>) {
199        // Not used by current object.
200    }
201    fn set_contained_by(&mut self, contained_by: Option<Member>) {
202        self.contained_by = contained_by;
203    }
204    fn set_child_objects(&mut self, _child_objects: Vec<Member>) {
205        // Not used by current object.
206    }
207}
208
209
210// NtAuthStore properties structure
211#[derive(Debug, Clone, Deserialize, Serialize, Default)]
212pub struct NtAuthStoreProperties {
213   domain: String,
214   name: String,
215   distinguishedname: String,
216   domainsid: String,
217   isaclprotected: bool,
218   certthumbprints: Vec<String>,
219   description: Option<String>,
220   whencreated: i64,
221}
rusthound_ce/objects/ntauthstore.rs

rusthound_ce/objects/
ntauthstore.rs
