rusthound_ce/objects/
common.rs

1use std::collections::HashMap;
2
3use ldap3::SearchEntry;
4use log::trace;
5use serde_json::{json,value::Value};
6use serde::{Deserialize, Serialize};
7
8
9/// LdapObject structure
10pub trait LdapObject {
11   // Ldap object structure (User,Group,Computer...) to JSON
12   fn to_json(&self) -> Value;
13
14   // Get values
15   fn get_object_identifier(&self) -> &String;
16   fn get_is_acl_protected(&self) -> &bool;
17   fn get_aces(&self) -> &Vec<AceTemplate>;
18   fn get_spntargets(&self) -> &Vec<SPNTarget>;
19   fn get_allowed_to_delegate(&self) -> &Vec<Member>;
20   fn get_links(&self) -> &Vec<Link>;
21   fn get_contained_by(&self) -> &Option<Member>;
22   fn get_child_objects(&self) -> &Vec<Member>;
23   // Only for computer objects
24   fn get_haslaps(&self) -> &bool;
25
26   // Get mutable value
27   fn get_aces_mut(&mut self) -> &mut Vec<AceTemplate>;
28   fn get_spntargets_mut(&mut self) -> &mut Vec<SPNTarget>;
29   fn get_allowed_to_delegate_mut(&mut self) -> &mut Vec<Member>;
30
31   // Edit values
32   fn set_is_acl_protected(&mut self, is_acl_protected: bool);
33   fn set_aces(&mut self, aces: Vec<AceTemplate>);
34   fn set_spntargets(&mut self, spn_targets: Vec<SPNTarget>);
35   fn set_allowed_to_delegate(&mut self, allowed_to_delegate: Vec<Member>);
36   fn set_links(&mut self, links: Vec<Link>);
37   fn set_contained_by(&mut self, contained_by: Option<Member>);
38   fn set_child_objects(&mut self, child_objects: Vec<Member>);
39}
40
41/// LocalGroup structure
42#[derive(Debug, Clone, Deserialize, Serialize, Default)]
43pub struct LocalGroup {
44   #[serde(rename = "ObjectIdentifier")]
45   object_identifier: String,
46   #[serde(rename = "Results")]
47   results: Vec<Member>,
48   #[serde(rename = "LocalNames")]
49   local_names: Vec<String>,
50   #[serde(rename = "Collected")]
51   collected: bool,
52   #[serde(rename = "FailureReason")]
53   failure_reason: Option<String>,
54}
55
56impl LocalGroup {
57   // New Local Group.
58   pub fn new() -> Self { 
59      Self { 
60         ..Default::default()
61      }
62   }
63
64   // Immutable access.
65   pub fn object_identifier(&self) -> &String {
66      &self.object_identifier
67   }
68   pub fn results(&self) -> &Vec<Member> {
69      &self.results
70   }
71   pub fn local_names(&self) -> &Vec<String> {
72      &self.local_names
73   }
74   pub fn collected(&self) -> &bool {
75      &self.collected
76   }
77   pub fn failure_reason(&self) -> &Option<String> {
78      &self.failure_reason
79   }
80
81   // Mutable access.
82   pub fn object_identifier_mut(&mut self) -> &mut String {
83      &mut self.object_identifier
84   }
85   pub fn results_mut(&mut self) -> &mut Vec<Member> {
86      &mut self.results
87   }
88   pub fn local_names_mut(&mut self) -> &mut Vec<String> {
89      &mut self.local_names
90   }
91   pub fn collected_mut(&mut self) -> &mut bool {
92      &mut self.collected
93   }
94   pub fn failure_reason_mut(&mut self) -> &mut Option<String> {
95      &mut self.failure_reason
96   }
97}
98
99/// Session structure
100#[derive(Debug, Clone, Deserialize, Serialize)]
101pub struct Session {
102   #[serde(rename = "Results")]
103   results: Vec<UserComputerSession>,
104   #[serde(rename = "Collected", default = "default_true")]
105   collected: bool,
106   #[serde(rename = "FailureReason")]
107   failure_reason: Option<String>,
108}
109
110impl Default for Session {
111   /// Default values for Session structure.
112   fn default() -> Session {
113      Session {
114         results: Vec::new(),
115         collected: true,
116         failure_reason: None,
117       }
118   }
119}
120
121impl Session {
122   // New session.
123   pub fn new() -> Self { 
124      Self { 
125         collected: true,
126         ..Default::default()
127      }
128   }
129
130   // Immutable access.
131   pub fn results(&self) -> &Vec<UserComputerSession> {
132      &self.results
133   }
134   pub fn collected(&self) -> &bool {
135      &self.collected
136   }
137   pub fn failure_reason(&self) -> &Option<String> {
138      &self.failure_reason
139   }
140
141   // Mutable access.
142   pub fn results_mut(&mut self) -> &mut Vec<UserComputerSession> {
143      &mut self.results
144   }
145   pub fn collected_mut(&mut self) -> &mut bool {
146      &mut self.collected
147   }
148   pub fn failure_reason_mut(&mut self) -> &mut Option<String> {
149      &mut self.failure_reason
150   }
151}
152
153/// UserSID to ComputerSID Session link structure
154#[derive(Debug, Clone, Deserialize, Serialize, Default)]
155pub struct UserComputerSession {
156   #[serde(rename = "UserSID")]
157   user_sid: String,
158   #[serde(rename = "ComputerSID")]
159   computer_sid: String,
160}
161
162impl UserComputerSession {
163   // New User Computer Session.
164   pub fn new() -> Self { 
165      Self { 
166         ..Default::default()
167      }
168   }
169
170   // Immutable access.
171   pub fn user_sid(&self) -> &String {
172      &self.user_sid
173   }
174   pub fn computer_sid(&self) -> &String {
175      &self.computer_sid
176   }
177
178   // Mutable access.
179   pub fn user_sid_mut(&mut self) -> &mut String {
180      &mut self.user_sid
181   }
182   pub fn computer_sid_mut(&mut self) -> &mut String {
183      &mut self.computer_sid
184   }
185   
186}
187
188/// Session structure
189#[derive(Debug, Clone, Deserialize, Serialize, Default)]
190pub struct UserRight {
191   #[serde(rename = "Privilege")]
192   privilege: String,
193   #[serde(rename = "Results")]
194   results: Vec<Member>,
195   #[serde(rename = "LocalNames")]
196   local_names: Vec<String>,
197   #[serde(rename = "Collected", default = "default_true")]
198   collected: bool,
199   #[serde(rename = "FailureReason")]
200   failure_reason: Option<String>,
201}
202
203impl UserRight {
204   // New User Right.
205   pub fn new() -> Self { 
206      Self { 
207         ..Default::default()
208      }
209   }
210
211   // Immutable access.
212   pub fn privilege(&self) -> &String {
213      &self.privilege
214   }
215   pub fn results(&self) -> &Vec<Member> {
216      &self.results
217   }
218   pub fn local_names(&self) -> &Vec<String> {
219      &self.local_names
220   }
221   pub fn collected(&self) -> &bool {
222      &self.collected
223   }
224   pub fn failure_reason(&self) -> &Option<String> {
225      &self.failure_reason
226   }
227
228   // Mutable access.
229   pub fn privilege_mut(&mut self) -> &mut String {
230      &mut self.privilege
231   }
232   pub fn results_mut(&mut self) -> &mut Vec<Member> {
233      &mut self.results
234   }
235   pub fn local_names_mut(&mut self) -> &mut Vec<String> {
236      &mut self.local_names
237   }
238   pub fn collected_mut(&mut self) -> &mut bool {
239      &mut self.collected
240   }
241   pub fn failure_reason_mut(&mut self) -> &mut Option<String> {
242      &mut self.failure_reason
243   }
244}
245
246
247/// DCRegistryData structure
248#[derive(Debug, Clone, Deserialize, Serialize)]
249pub struct DCRegistryData {
250   #[serde(rename = "CertificateMappingMethods")]
251   certificate_mapping_methods: Option<RegistryData>,
252   #[serde(rename = "StrongCertificateBindingEnforcement")]
253   strong_certificate_binding_enforcement: Option<RegistryData>,
254}
255
256impl Default for DCRegistryData {
257   fn default() -> DCRegistryData {
258      DCRegistryData {
259         certificate_mapping_methods: None,
260         strong_certificate_binding_enforcement: None,
261      }
262   }
263}
264
265/// RegistryData structure
266#[derive(Debug, Clone, Deserialize, Serialize, Default)]
267pub struct RegistryData {
268   #[serde(rename = "Value")]
269   value: i8,
270   #[serde(rename = "Collected", default = "default_true")]
271   collected: bool,
272   #[serde(rename = "FailureReason")]
273   failure_reason: Option<String>,
274}
275
276impl RegistryData {
277   // New RegistryData.
278   pub fn new() -> Self { 
279      Self {
280         collected: true,
281         ..Default::default()
282      }
283   }
284}
285
286/// Function to return default value for struct.
287pub fn default_true() -> bool {
288   true
289}
290
291/// Member structure
292#[derive(Debug, Clone, Deserialize, Serialize, Default)]
293pub struct Member {
294   #[serde(rename = "ObjectIdentifier")]
295   object_identifier: String,
296   #[serde(rename = "ObjectType")]
297   object_type: String,
298}
299
300impl Member {
301   // New member.
302    pub fn new() -> Self {
303      Self { 
304         object_identifier: "SID".to_string(),
305         ..Default::default()
306      }
307   }
308
309   // Immutable access.
310   pub fn object_identifier(&self) -> &String {
311      &self.object_identifier
312   }
313   pub fn object_type(&self) -> &String {
314      &self.object_type
315   }
316
317   // Mutable access.
318   pub fn object_identifier_mut(&mut self) -> &mut String {
319      &mut self.object_identifier
320   }
321   pub fn object_type_mut(&mut self) -> &mut String {
322      &mut self.object_type
323   }
324}
325
326/// AceTemplate structure
327#[derive(Debug, Clone, Deserialize, Serialize)]
328pub struct AceTemplate {
329   #[serde(rename = "PrincipalSID")]
330   principal_sid: String,
331   #[serde(rename = "PrincipalType")]
332   principal_type: String,
333   #[serde(rename = "RightName")]
334   right_name: String,
335   #[serde(rename = "IsInherited")]
336   is_inherited: bool,
337   #[serde(rename = "InheritanceHash")]
338   inheritance_hash: String,
339}
340
341impl AceTemplate {
342   // New ACE object.
343   pub fn new(
344      principal_sid: String,
345      principal_type: String,
346      right_name: String,
347      is_inherited: bool,
348      inheritance_hash: String,
349   ) -> Self { 
350      Self { principal_sid, principal_type , right_name, is_inherited, inheritance_hash} 
351   }
352
353   // Immutable access.
354   pub fn principal_sid(&self) -> &String {
355      &self.principal_sid
356   }
357   pub fn principal_type(&self) -> &String {
358      &self.principal_type
359   }
360   pub fn right_name(&self) -> &String {
361      &self.right_name
362   }
363   pub fn is_inherited(&self) -> &bool {
364      &self.is_inherited
365   }
366   pub fn inheritance_hash(&self) -> &String {
367      &self.inheritance_hash
368   }
369
370   // Mutable access.
371   pub fn principal_sid_mut(&mut self) -> &mut String {
372      &mut self.principal_sid
373   }
374   pub fn principal_type_mut(&mut self) -> &mut String {
375      &mut self.principal_type
376   }
377   pub fn right_name_mut(&mut self) -> &mut String {
378      &mut self.right_name
379   }
380   pub fn is_inherited_mut(&mut self) -> &mut bool {
381      &mut self.is_inherited
382   }
383   pub fn inheritance_hash_mut(&mut self) -> &mut String {
384      &mut self.inheritance_hash
385   }
386}
387
388/// Link structure
389#[derive(Debug, Clone, Deserialize, Serialize)]
390pub struct Link {
391   #[serde(rename = "IsEnforced")]
392   is_enforced: bool,
393   #[serde(rename = "GUID")]
394   guid: String,
395}
396
397impl Link {
398   // New object.
399   pub fn new(is_enforced: bool, guid: String) -> Self { Self { is_enforced, guid } }
400   
401   // Immutable access.
402   pub fn is_enforced(&self) -> &bool {
403      &self.is_enforced
404   }
405   pub fn guid(&self) -> &String {
406      &self.guid
407   }
408 
409   // Mutable access.
410   pub fn is_enforced_mut(&mut self) -> &mut bool {
411      &mut self.is_enforced
412   }
413   pub fn guid_mut(&mut self) -> &mut String {
414      &mut self.guid
415   }
416}
417
418/// GPOChange structure
419#[derive(Debug, Clone, Deserialize, Serialize, Default)]
420pub struct GPOChange {
421   #[serde(rename = "LocalAdmins")]
422   local_admins: Vec<Member>,
423   #[serde(rename = "RemoteDesktopUsers")]
424   remote_desktop_users: Vec<Member>,
425   #[serde(rename = "DcomUsers")]
426   dcom_users: Vec<Member>,
427   #[serde(rename = "PSRemoteUsers")]
428   psremote_users: Vec<Member>,
429   #[serde(rename = "AffectedComputers")]
430   affected_computers: Vec<Member>,
431}
432
433impl GPOChange {
434   // New GPOChanges.
435   pub fn new() -> Self { 
436      Self {
437         ..Default::default()
438      } 
439   }
440
441   // Imutable access.
442   pub fn local_admins(&self) -> &Vec<Member> {
443      &self.local_admins
444   }
445   pub fn remote_desktop_users(&self) -> &Vec<Member> {
446      &self.remote_desktop_users
447   }
448   pub fn dcom_users(&self) -> &Vec<Member> {
449      &self.dcom_users
450   }
451   pub fn psremote_users(&self) -> &Vec<Member> {
452      &self.psremote_users
453   }
454   pub fn affected_computers(&self) -> &Vec<Member> {
455      &self.affected_computers
456   }
457
458   // Mutable access.
459   pub fn local_admins_mut(&mut self) -> &mut Vec<Member> {
460      &mut self.local_admins
461   }
462   pub fn remote_desktop_users_mut(&mut self) -> &mut Vec<Member> {
463      &mut self.remote_desktop_users
464   }
465   pub fn dcom_users_mut(&mut self) -> &mut Vec<Member> {
466      &mut self.dcom_users
467   }
468   pub fn psremote_users_mut(&mut self) -> &mut Vec<Member> {
469      &mut self.psremote_users
470   }
471   pub fn affected_computers_mut(&mut self) -> &mut Vec<Member> {
472      &mut self.affected_computers
473   }
474}
475
476/// SPNTarget structure
477#[derive(Debug, Clone, Deserialize, Serialize)]
478pub struct SPNTarget {
479   #[serde(rename = "ComputerSID")]
480   computer_sid: String,
481   #[serde(rename = "Port")]
482   port: i32,
483   #[serde(rename = "Service")]
484   service: String,
485}
486
487impl SPNTarget {
488   // New object.
489   pub fn new() -> Self { 
490      Self { 
491         computer_sid: "SID".to_string(), 
492         port: 1433, 
493         service: "SQLAdmin".to_string()
494      } 
495   }
496
497   // Immutable access.
498   pub fn computer_sid(&self) -> &String {
499      &self.computer_sid
500   }
501   pub fn port(&self) -> &i32 {
502      &self.port
503   }
504   pub fn service(&self) -> &String {
505      &self.service
506   }
507
508   // Mutable access.
509   pub fn computer_sid_mut(&mut self) -> &mut String {
510      &mut self.computer_sid
511   }
512   pub fn port_mut(&mut self) -> &mut i32 {
513      &mut self.port
514   }
515   pub fn service_mut(&mut self) -> &mut String {
516      &mut self.service
517   }
518}
519
520/// Final JSON structure
521#[derive(Debug, Clone, Deserialize, Serialize, Default)]
522pub struct FinalJson{
523   data: Vec<Value>,
524   meta: Meta,
525}
526
527impl FinalJson  {
528   // New FinalJson.
529   pub fn new(data: Vec<Value>, meta: Meta) -> Self { 
530      Self {
531         data,
532         meta
533      }
534   }
535   // Imutable access.
536   pub fn data(&self) -> &Vec<Value> {
537      &self.data
538   }
539   pub fn meta(&self) -> &Meta {
540      &self.meta
541   }
542
543   // Mutable access.
544   pub fn data_mut(&mut self) -> &mut Vec<Value> {
545      &mut self.data
546   }
547   pub fn meta_mut(&mut self) -> &mut Meta {
548      &mut self.meta
549   }
550}
551
552/// Meta data for final JSON structure
553#[derive(Debug, Clone, Deserialize, Serialize, Default)]
554pub struct Meta {
555   methods: i32,
556   #[serde(rename = "type")]
557   mtype: String,
558   count: i32,
559   version: i8,
560   collectorversion: String
561}
562
563impl Meta {
564   // New Meta.
565   pub fn new(
566      methods: i32,
567      mtype: String,
568      count: i32,
569      version: i8,
570      collectorversion: String
571   ) -> Self { 
572      Self { 
573         methods,
574         mtype,
575         count,
576         version,
577         collectorversion
578      } 
579   }
580   
581   // Imutable access.
582   pub fn methods(&self) -> &i32 {
583      &self.methods
584   }
585   pub fn mtype(&self) -> &String {
586      &self.mtype
587   }
588   pub fn count(&self) -> &i32 {
589      &self.count
590   }
591   pub fn version(&self) -> &i8 {
592      &self.version
593   }
594
595   // Mutable access.
596   pub fn methods_mut(&mut self) -> &mut i32 {
597      &mut self.methods
598   }
599   pub fn mtype_mut(&mut self) -> &mut String {
600      &mut self.mtype
601   }
602   pub fn count_mut(&mut self) -> &mut i32 {
603      &mut self.count
604   }
605   pub fn version_mut(&mut self) -> &mut i8 {
606      &mut self.version
607   }
608}
609
610
611/// Function to parse and replace value for unknown object.
612pub fn parse_unknown(result: SearchEntry, _domain: &str) -> serde_json::value::Value  {
613
614   let _result_dn = result.dn.to_uppercase();
615   let _result_attrs: HashMap<String, Vec<String>> = result.attrs;
616   let _result_bin: HashMap<String, Vec<Vec<u8>>> = result.bin_attrs;
617   
618   let unknown_json = json!({
619       "unknown": null,
620   });
621
622   // Debug for current object
623   trace!("Parse Unknown object: {}", _result_dn);
624   // for (key, value) in &_result_attrs {
625   //    println!("  {:?}:{:?}", key, value);
626   // }
627   // //trace result bin
628   // for (key, value) in &_result_bin {
629   //    println!("  {:?}:{:?}", key, value);
630   // }
631
632   unknown_json
633}
rusthound_ce/objects/common.rs

rusthound_ce/objects/
common.rs
