Skip to content

Commit

Permalink
fix: fixing version types for Rohan's ntlm updates (#184)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ktstrader
ktstrader authored Feb 20, 2025
1 parent 14202a6 commit 7fe66ce
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 60 deletions.
2 changes: 1 addition & 1 deletion src/CommonLib/OutputTypes/EnterpriseCA.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@ public class EnterpriseCA : OutputBase
public string HostingComputer { get; set; }
public CARegistryData CARegistryData { get; set; }
public TypedPrincipal[] EnabledCertTemplates { get; set; }
public APIResult<CAEnrollmentEndpoint[]> HttpEnrollmentEndpoints { get; set; }
public APIResult<CAEnrollmentEndpoint>[] HttpEnrollmentEndpoints { get; set; }
}
}
56 changes: 18 additions & 38 deletions src/CommonLib/Processors/CertAbuseProcessor.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,21 +36,18 @@ public CertAbuseProcessor(ILdapUtils utils, ILogger log = null)
/// <param name="objectDomain"></param>
/// <param name="computerName"></param>
/// <returns></returns>
public async Task<AceRegistryAPIResult> ProcessRegistryEnrollmentPermissions(string caName, string objectDomain, string computerName, string computerObjectId)
public async Task<APIResult<ACE[]>> ProcessRegistryEnrollmentPermissions(string caName, string objectDomain, string computerName, string computerObjectId)
{
var data = new AceRegistryAPIResult();

var aceData = GetCASecurity(computerName, caName);
data.Collected = aceData.Collected;

if (!aceData.Collected)
{
data.FailureReason = aceData.FailureReason;
return data;
return APIResult<ACE[]>.Failure(aceData.FailureReason);
}

if (aceData.Value == null)
{
return data;
return APIResult<ACE[]>.Success([]);
}

var descriptor = _utils.MakeSecurityDescriptor();
Expand Down Expand Up @@ -144,8 +141,7 @@ public async Task<AceRegistryAPIResult> ProcessRegistryEnrollmentPermissions(str
});
}

data.Data = aces.ToArray();
return data;
return APIResult<ACE[]>.Success(aces.ToArray());
}

/// <summary>
Expand All @@ -156,21 +152,18 @@ public async Task<AceRegistryAPIResult> ProcessRegistryEnrollmentPermissions(str
/// <param name="computerName"></param>
/// <param name="computerObjectId"></param>
/// <returns></returns>
public async Task<EnrollmentAgentRegistryAPIResult> ProcessEAPermissions(string caName, string objectDomain, string computerName, string computerObjectId)
public async Task<APIResult<EnrollmentAgentRestriction[]>> ProcessEAPermissions(string caName, string objectDomain, string computerName, string computerObjectId)
{
var ret = new EnrollmentAgentRegistryAPIResult();
var regData = GetEnrollmentAgentRights(computerName, caName);

ret.Collected = regData.Collected;
if (!ret.Collected)
if (!regData.Collected)
{
ret.FailureReason = regData.FailureReason;
return ret;
return APIResult<EnrollmentAgentRestriction[]>.Failure(regData.FailureReason);
}

if (regData.Value == null)
{
return ret;
return APIResult<EnrollmentAgentRestriction[]>.Success([]);
}

var isDomainController = await _utils.IsDomainController(computerObjectId, objectDomain);
Expand All @@ -185,10 +178,7 @@ public async Task<EnrollmentAgentRegistryAPIResult> ProcessEAPermissions(string
enrollmentAgentRestrictions.Add(restriction);
}
}

ret.Restrictions = enrollmentAgentRestrictions.ToArray();

return ret;
return APIResult<EnrollmentAgentRestriction[]>.Success(enrollmentAgentRestrictions.ToArray());
}

public async Task<(IEnumerable<TypedPrincipal> resolvedTemplates, IEnumerable<string> unresolvedTemplates)> ProcessCertTemplates(IEnumerable<string> templates, string domainName)
Expand Down Expand Up @@ -248,30 +238,25 @@ private RegistryResult GetEnrollmentAgentRights(string target, string caName)
/// <param name="caName"></param>
/// <returns></returns>
[ExcludeFromCodeCoverage]
public BoolRegistryAPIResult IsUserSpecifiesSanEnabled(string target, string caName)
public APIResult<bool> IsUserSpecifiesSanEnabled(string target, string caName)
{
var ret = new BoolRegistryAPIResult();
var subKey =
$"SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}\\PolicyModules\\CertificateAuthority_MicrosoftDefault.Policy";
const string subValue = "EditFlags";
var data = Helpers.GetRegistryKeyData(target, subKey, subValue, _log);

ret.Collected = data.Collected;
if (!data.Collected)
{
ret.FailureReason = data.FailureReason;
return ret;
return APIResult<bool>.Failure(data.FailureReason);
}

if (data.Value == null)
{
return ret;
return APIResult<bool>.Success(false);
}

var editFlags = (int)data.Value;
ret.Value = (editFlags & 0x00040000) == 0x00040000;

return ret;
return APIResult<bool>.Success((editFlags & 0x00040000) == 0x00040000);
}

/// <summary>
Expand All @@ -283,28 +268,23 @@ public BoolRegistryAPIResult IsUserSpecifiesSanEnabled(string target, string caN
/// <param name="caName"></param>
/// <returns></returns>
[ExcludeFromCodeCoverage]
public BoolRegistryAPIResult RoleSeparationEnabled(string target, string caName)
public APIResult<bool> RoleSeparationEnabled(string target, string caName)
{
var ret = new BoolRegistryAPIResult();
var regSubKey = $"SYSTEM\\CurrentControlSet\\Services\\CertSvc\\Configuration\\{caName}";
const string regValue = "RoleSeparationEnabled";
var data = Helpers.GetRegistryKeyData(target, regSubKey, regValue, _log);

ret.Collected = data.Collected;
if (!data.Collected)
{
ret.FailureReason = data.FailureReason;
return ret;
return APIResult<bool>.Failure(data.FailureReason);
}

if (data.Value == null)
{
return ret;
return APIResult<bool>.Success(false);
}

ret.Value = (int)data.Value == 1;

return ret;
return APIResult<bool>.Success((int)data.Value == 1);
}

public async Task<(bool Success, TypedPrincipal Principal)> GetRegistryPrincipal(SecurityIdentifier sid, string computerDomain, string computerName, bool isDomainController, string computerObjectId, SecurityIdentifier machineSid)
Expand Down
30 changes: 9 additions & 21 deletions src/CommonLib/Processors/DCRegistryProcessor.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,29 +25,23 @@ public DCRegistryProcessor(ILdapUtils utils, ILogger log = null)
/// <param name="target"></param>
/// <returns>IntRegistryAPIResult</returns>
[ExcludeFromCodeCoverage]
public IntRegistryAPIResult GetCertificateMappingMethods(string target)
public APIResult<int> GetCertificateMappingMethods(string target)
{
var ret = new IntRegistryAPIResult();
const string subKey = @"SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel";
const string subValue = "CertificateMappingMethods";
var data = Helpers.GetRegistryKeyData(target, subKey, subValue, _log);

ret.Collected = data.Collected;

if (!data.Collected)
{
ret.FailureReason = data.FailureReason;
return ret;
return APIResult<int>.Failure(data.FailureReason);
}

if (data.Value == null)
{
ret.Value = -1;
return ret;
return APIResult<int>.Success(-1);
}

ret.Value = (int)data.Value;

return ret;
return APIResult<int>.Success((int)data.Value);
}

/// <summary>
Expand All @@ -57,29 +51,23 @@ public IntRegistryAPIResult GetCertificateMappingMethods(string target)
/// <param name="target"></param>
/// <returns>IntRegistryAPIResult</returns>
[ExcludeFromCodeCoverage]
public IntRegistryAPIResult GetStrongCertificateBindingEnforcement(string target)
public APIResult<int> GetStrongCertificateBindingEnforcement(string target)
{
var ret = new IntRegistryAPIResult();
const string subKey = @"SYSTEM\CurrentControlSet\Services\Kdc";
const string subValue = "StrongCertificateBindingEnforcement";
var data = Helpers.GetRegistryKeyData(target, subKey, subValue, _log);

ret.Collected = data.Collected;
if (!data.Collected)
{
ret.FailureReason = data.FailureReason;
return ret;
return APIResult<int>.Failure(data.FailureReason);
}

if (data.Value == null)
{
ret.Value = -1;
return ret;
return APIResult<int>.Success(-1);
}

ret.Value = (int)data.Value;

return ret;
return APIResult<int>.Success((int)data.Value);
}
}
}

0 comments on commit 7fe66ce

Please sign in to comment.