Skip to content

Commit

Permalink
prep for CoerceToTGT (#171)
Browse files Browse the repository at this point in the history
  • Loading branch information
JonasBK authored Oct 18, 2024
1 parent 1d9e9c0 commit 859d470
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/CommonLib/OutputTypes/Computer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ public class Computer : OutputBase
public DCRegistryData DCRegistryData { get; set; } = new();
public ComputerStatus Status { get; set; }
public bool IsDC { get; set; }
public bool UnconstrainedDelegation { get; set; }
public string DomainSID { get; set; }
}

Expand Down
2 changes: 2 additions & 0 deletions src/CommonLib/OutputTypes/User.cs
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,7 @@ public class User : OutputBase
public string PrimaryGroupSID { get; set; }
public TypedPrincipal[] HasSIDHistory { get; set; } = Array.Empty<TypedPrincipal>();
public SPNPrivilege[] SPNTargets { get; set; } = Array.Empty<SPNPrivilege>();
public bool UnconstrainedDelegation { get; set; }
public string DomainSID { get; set; }
}
}
6 changes: 6 additions & 0 deletions src/CommonLib/Processors/LdapPropertyProcessor.cs
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,8 @@ public async Task<UserProperties> ReadUserProperties(IDirectoryObject entry, str
props.Add("passwordcantchange", uacFlags.HasFlag(UacFlags.PasswordCantChange));
props.Add("passwordexpired", uacFlags.HasFlag(UacFlags.PasswordExpired));

userProps.UnconstrainedDelegation = uacFlags.HasFlag(UacFlags.TrustedForDelegation);

var comps = new List<TypedPrincipal>();
if (uacFlags.HasFlag(UacFlags.TrustedToAuthForDelegation) &&
entry.TryGetArrayProperty(LDAPProperties.AllowedToDelegateTo, out var delegates)) {
Expand Down Expand Up @@ -321,6 +323,8 @@ public async Task<ComputerProperties> ReadComputerProperties(IDirectoryObject en
props.Add("lockedout", flags.HasFlag(UacFlags.Lockout));
props.Add("passwordexpired", flags.HasFlag(UacFlags.PasswordExpired));

compProps.UnconstrainedDelegation = flags.HasFlag(UacFlags.TrustedForDelegation);

var encryptionTypes = ConvertEncryptionTypes(entry.GetProperty(LDAPProperties.SupportedEncryptionTypes));
props.Add("supportedencryptiontypes", encryptionTypes);

Expand Down Expand Up @@ -908,6 +912,7 @@ public class UserProperties {
public Dictionary<string, object> Props { get; set; } = new();
public TypedPrincipal[] AllowedToDelegate { get; set; } = Array.Empty<TypedPrincipal>();
public TypedPrincipal[] SidHistory { get; set; } = Array.Empty<TypedPrincipal>();
public bool UnconstrainedDelegation { get; set; }
}

public class ComputerProperties {
Expand All @@ -916,6 +921,7 @@ public class ComputerProperties {
public TypedPrincipal[] AllowedToAct { get; set; } = Array.Empty<TypedPrincipal>();
public TypedPrincipal[] SidHistory { get; set; } = Array.Empty<TypedPrincipal>();
public TypedPrincipal[] DumpSMSAPassword { get; set; } = Array.Empty<TypedPrincipal>();
public bool UnconstrainedDelegation { get; set; }
}

public class IssuancePolicyProperties {
Expand Down

0 comments on commit 859d470

Please sign in to comment.