Merge pull request #109 from franc-pentest/fix-adcs

Fix ADCS manager approval + enabled template display

VERSION

@@ -1 +1 @@
-1.0.68
+1.0.69

ldeep/__main__.py

@@ -26,6 +26,7 @@
     AUTHENTICATING_EKUS,
     MS_PKI_CERTIFICATE_NAME_FLAG,
     EXTENDED_RIGHTS_NAME_MAP,
+    MS_PKI_ENROLLMENT_FLAG,
     ADRights,
 )
 from ldeep._version import __version__
@@ -763,7 +764,7 @@ def list_templates(self, kwargs):
                 "displayName",
                 "pKIExpirationPeriod",
                 "msPKI-Certificate-Name-Flag",
-                "msPKI-RA-Signature",
+                "msPKI-Enrollment-Flag",
                 "pKIExtendedKeyUsage",
                 "nTSecurityDescriptor",
             ]
@@ -813,6 +814,7 @@ def list_templates(self, kwargs):
                     if result.get("name") in enabled_templates[ca]:
                         print(f"{'Enabled':<30}: True")
                         print(f"{'Certificate Authority':<30}: {ca}")
+                        break
                     else:
                         print(f"{'Enabled':<30}: False")
                 ekus = []
@@ -836,9 +838,11 @@ def list_templates(self, kwargs):
                 print(
                     f"{'Enrollee Supplies Subject':<30}: {'ENROLLEE_SUPPLIES_SUBJECT' in flags}"
                 )
-                print(
-                    f"{'Requires Manager Approval':<30}: {result.get('msPKI-RA-Signature')>0}"
+                manager_approval = (
+                    result.get("msPKI-Enrollment-Flag")
+                    & MS_PKI_ENROLLMENT_FLAG["PEND_ALL_REQUESTS"]
                 )
+                print(f"{'Requires Manager Approval':<30}: {manager_approval>0}")
 
                 if ekus:
                     print(f"{'Extended Key Usage':<30}: {ekus[0]}")