Skip to content

Commit

Permalink
Properly append relative search base (#144)
Browse files Browse the repository at this point in the history
* fix: property append relative search base to the dn

* chore: delete log

* chore: remove duplicate ldap filter

* chore: format code
  • Loading branch information
rvazarkar authored Jul 29, 2024
1 parent 71230e0 commit 1907029
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 56 deletions.
83 changes: 31 additions & 52 deletions src/CommonLib/LdapQueries/LdapFilter.cs
Original file line number Diff line number Diff line change
@@ -1,13 +1,11 @@
using System.Collections.Generic;
using System.Linq;

namespace SharpHoundCommonLib.LDAPQueries
{
namespace SharpHoundCommonLib.LDAPQueries {
/// <summary>
/// A class used to more easily build LDAP filters based on the common filters used by SharpHound
/// </summary>
public class LdapFilter
{
public class LdapFilter {
private readonly List<string> _filterParts = new();
private readonly List<string> _mandatory = new();

Expand All @@ -16,13 +14,11 @@ public class LdapFilter
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
private static string[] CheckConditions(IEnumerable<string> conditions)
{
private static string[] CheckConditions(IEnumerable<string> conditions) {
return conditions.Select(FixFilter).ToArray();
}

private static string FixFilter(string filter)
{
private static string FixFilter(string filter) {
if (!filter.StartsWith("(")) filter = $"({filter}";

if (!filter.EndsWith(")")) filter = $"{filter})";
Expand All @@ -37,8 +33,7 @@ private static string FixFilter(string filter)
/// <param name="baseFilter"></param>
/// <param name="conditions"></param>
/// <returns></returns>
private static string BuildString(string baseFilter, params string[] conditions)
{
private static string BuildString(string baseFilter, params string[] conditions) {
if (conditions.Length == 0) return baseFilter;

return $"(&{baseFilter}{string.Join("", CheckConditions(conditions))})";
Expand All @@ -49,8 +44,7 @@ private static string BuildString(string baseFilter, params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddAllObjects(params string[] conditions)
{
public LdapFilter AddAllObjects(params string[] conditions) {
_filterParts.Add(BuildString("(objectclass=*)", conditions));

return this;
Expand All @@ -61,8 +55,7 @@ public LdapFilter AddAllObjects(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddUsers(params string[] conditions)
{
public LdapFilter AddUsers(params string[] conditions) {
_filterParts.Add(BuildString("(samaccounttype=805306368)", conditions));

return this;
Expand All @@ -73,8 +66,7 @@ public LdapFilter AddUsers(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddGroups(params string[] conditions)
{
public LdapFilter AddGroups(params string[] conditions) {
_filterParts.Add(BuildString(
"(|(samaccounttype=268435456)(samaccounttype=268435457)(samaccounttype=536870912)(samaccounttype=536870913))",
conditions));
Expand All @@ -87,8 +79,7 @@ public LdapFilter AddGroups(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddPrimaryGroups(params string[] conditions)
{
public LdapFilter AddPrimaryGroups(params string[] conditions) {
_filterParts.Add(BuildString("(primarygroupid=*)", conditions));

return this;
Expand All @@ -99,8 +90,7 @@ public LdapFilter AddPrimaryGroups(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddGPOs(params string[] conditions)
{
public LdapFilter AddGPOs(params string[] conditions) {
_filterParts.Add(BuildString("(&(objectcategory=groupPolicyContainer)(flags=*))", conditions));

return this;
Expand All @@ -111,8 +101,7 @@ public LdapFilter AddGPOs(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddOUs(params string[] conditions)
{
public LdapFilter AddOUs(params string[] conditions) {
_filterParts.Add(BuildString("(objectcategory=organizationalUnit)", conditions));

return this;
Expand All @@ -123,8 +112,7 @@ public LdapFilter AddOUs(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddDomains(params string[] conditions)
{
public LdapFilter AddDomains(params string[] conditions) {
_filterParts.Add(BuildString("(objectclass=domain)", conditions));

return this;
Expand All @@ -135,8 +123,7 @@ public LdapFilter AddDomains(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddContainers(params string[] conditions)
{
public LdapFilter AddContainers(params string[] conditions) {
_filterParts.Add(BuildString("(objectClass=container)", conditions));

return this;
Expand All @@ -147,8 +134,7 @@ public LdapFilter AddContainers(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddConfiguration(params string[] conditions)
{
public LdapFilter AddConfiguration(params string[] conditions) {
_filterParts.Add(BuildString("(objectClass=configuration)", conditions));

return this;
Expand All @@ -161,8 +147,7 @@ public LdapFilter AddConfiguration(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddComputers(params string[] conditions)
{
public LdapFilter AddComputers(params string[] conditions) {
_filterParts.Add(BuildString("(samaccounttype=805306369)", conditions));
return this;
}
Expand All @@ -172,8 +157,7 @@ public LdapFilter AddComputers(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddCertificateTemplates(params string[] conditions)
{
public LdapFilter AddCertificateTemplates(params string[] conditions) {
_filterParts.Add(BuildString("(objectclass=pKICertificateTemplate)", conditions));
return this;
}
Expand All @@ -183,9 +167,8 @@ public LdapFilter AddCertificateTemplates(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddCertificateAuthorities(params string[] conditions)
{
_filterParts.Add(BuildString("(|(objectClass=certificationAuthority)(objectClass=pkiEnrollmentService))",
public LdapFilter AddCertificateAuthorities(params string[] conditions) {
_filterParts.Add(BuildString("(objectClass=certificationAuthority)",
conditions));
return this;
}
Expand All @@ -195,8 +178,7 @@ public LdapFilter AddCertificateAuthorities(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddEnterpriseCertificationAuthorities(params string[] conditions)
{
public LdapFilter AddEnterpriseCertificationAuthorities(params string[] conditions) {
_filterParts.Add(BuildString("(objectCategory=pKIEnrollmentService)", conditions));
return this;
}
Expand All @@ -206,8 +188,7 @@ public LdapFilter AddEnterpriseCertificationAuthorities(params string[] conditio
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddIssuancePolicies(params string[] conditions)
{
public LdapFilter AddIssuancePolicies(params string[] conditions) {
_filterParts.Add(BuildString("(objectClass=msPKI-Enterprise-Oid)", conditions));
return this;
}
Expand All @@ -217,8 +198,7 @@ public LdapFilter AddIssuancePolicies(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddSchemaID(params string[] conditions)
{
public LdapFilter AddSchemaID(params string[] conditions) {
_filterParts.Add(BuildString("(schemaidguid=*)", conditions));
return this;
}
Expand All @@ -228,9 +208,10 @@ public LdapFilter AddSchemaID(params string[] conditions)
/// </summary>
/// <param name="conditions"></param>
/// <returns></returns>
public LdapFilter AddComputersNoMSAs(params string[] conditions)
{
_filterParts.Add(BuildString("(&(samaccounttype=805306369)(!(objectclass=msDS-GroupManagedServiceAccount))(!(objectclass=msDS-ManagedServiceAccount)))", conditions));
public LdapFilter AddComputersNoMSAs(params string[] conditions) {
_filterParts.Add(BuildString(
"(&(samaccounttype=805306369)(!(objectclass=msDS-GroupManagedServiceAccount))(!(objectclass=msDS-ManagedServiceAccount)))",
conditions));
return this;
}

Expand All @@ -240,8 +221,7 @@ public LdapFilter AddComputersNoMSAs(params string[] conditions)
/// <param name="filter">LDAP Filter to add to query</param>
/// <param name="enforce">If true, filter will be AND otherwise OR</param>
/// <returns></returns>
public LdapFilter AddFilter(string filter, bool enforce)
{
public LdapFilter AddFilter(string filter, bool enforce) {
if (enforce)
_mandatory.Add(FixFilter(filter));
else
Expand All @@ -254,9 +234,7 @@ public LdapFilter AddFilter(string filter, bool enforce)
/// Combines all the specified parts of the LDAP filter and merges them into a single string
/// </summary>
/// <returns></returns>
public string GetFilter()
{

public string GetFilter() {
var filterPartList = _filterParts.ToArray().Distinct();
var mandatoryList = _mandatory.ToArray().Distinct();

Expand All @@ -270,13 +248,14 @@ public string GetFilter()
else if (filterPartsExceptMandatory.Count > 1)
filterPartsDistinct = $"(|{filterPartsDistinct})";

filterPartsDistinct = _mandatory.Count > 0 ? $"(&{filterPartsDistinct}{mandatoryDistinct})" : filterPartsDistinct;
filterPartsDistinct = _mandatory.Count > 0
? $"(&{filterPartsDistinct}{mandatoryDistinct})"
: filterPartsDistinct;

return filterPartsDistinct;
}

public IEnumerable<string> GetFilterList()
{
public IEnumerable<string> GetFilterList() {
return _filterParts.Distinct();
}
}
Expand Down
8 changes: 4 additions & 4 deletions src/CommonLib/LdapUtils.cs
Original file line number Diff line number Diff line change
Expand Up @@ -704,10 +704,10 @@ private bool CreateSearchRequest(LdapQueryParameters queryParameters,
};

connectionWrapper.SaveContext(queryParameters.NamingContext, basePath);

if (!string.IsNullOrWhiteSpace(queryParameters.RelativeSearchBase)) {
basePath = $"{queryParameters.RelativeSearchBase},{basePath}";
}
}

if (string.IsNullOrWhiteSpace(queryParameters.SearchBase) && !string.IsNullOrWhiteSpace(queryParameters.RelativeSearchBase)) {
basePath = $"{queryParameters.RelativeSearchBase},{basePath}";
}

searchRequest = new SearchRequest(basePath, queryParameters.LDAPFilter, queryParameters.SearchScope,
Expand Down

0 comments on commit 1907029

Please sign in to comment.