diff --git a/src/CommonLib/Enums/CommonOids.cs b/src/CommonLib/Enums/CommonOids.cs new file mode 100644 index 00000000..ebb1d901 --- /dev/null +++ b/src/CommonLib/Enums/CommonOids.cs @@ -0,0 +1,13 @@ +namespace SharpHoundCommonLib.Enums +{ + // More can be found here: https://www.pkisolutions.com/object-identifiers-oid-in-pki/ + public static class CommonOids + { + public static string AnyPurpose = "2.5.29.37.0"; + public static string ClientAuthentication = "1.3.6.1.5.5.7.3.2"; + public static string PKINITClientAuthentication = "1.3.6.1.5.2.3.4"; + public static string SmartcardLogon = "1.3.6.1.4.1.311.20.2.2"; + public static string CertificateRequestAgent = "1.3.6.1.4.1.311.20.2.1"; + public static string CertificateRequestAgentPolicy = "1.3.6.1.4.1.311.20.2.1"; + } +} \ No newline at end of file diff --git a/src/CommonLib/Helpers.cs b/src/CommonLib/Helpers.cs index 53efb832..7ac7cf7d 100644 --- a/src/CommonLib/Helpers.cs +++ b/src/CommonLib/Helpers.cs @@ -320,6 +320,13 @@ public static IRegistryKey OpenRemoteRegistry(string target) var key = new SHRegistryKey(RegistryHive.LocalMachine, target); return key; } + + public static string[] AuthenticationOIDs = new string[] { + CommonOids.ClientAuthentication, + CommonOids.PKINITClientAuthentication, + CommonOids.SmartcardLogon, + CommonOids.AnyPurpose + }; } public class ParsedGPLink diff --git a/src/CommonLib/Processors/LDAPPropertyProcessor.cs b/src/CommonLib/Processors/LDAPPropertyProcessor.cs index 1a926643..f27a0176 100644 --- a/src/CommonLib/Processors/LDAPPropertyProcessor.cs +++ b/src/CommonLib/Processors/LDAPPropertyProcessor.cs @@ -518,8 +518,10 @@ public static Dictionary ReadCertTemplateProperties(ISearchResul nameFlags.HasFlag(PKICertificateNameFlag.SUBJECT_ALT_REQUIRE_UPN)); } - props.Add("ekus", entry.GetArrayProperty(LDAPProperties.ExtendedKeyUsage)); - props.Add("certificateapplicationpolicy", entry.GetArrayProperty(LDAPProperties.CertificateApplicationPolicy)); + string[] ekus = entry.GetArrayProperty(LDAPProperties.ExtendedKeyUsage); + props.Add("ekus", ekus); + string[] certificateapplicationpolicy = entry.GetArrayProperty(LDAPProperties.CertificateApplicationPolicy); + props.Add("certificateapplicationpolicy", certificateapplicationpolicy); if (entry.GetIntProperty(LDAPProperties.NumSignaturesRequired, out var authorizedSignatures)) props.Add("authorizedsignatures", authorizedSignatures); @@ -527,6 +529,15 @@ public static Dictionary ReadCertTemplateProperties(ISearchResul props.Add("applicationpolicies", entry.GetArrayProperty(LDAPProperties.ApplicationPolicies)); props.Add("issuancepolicies", entry.GetArrayProperty(LDAPProperties.IssuancePolicies)); + + // Construct effectiveekus + string[] effectiveekus = schemaVersion == 1 & ekus.Length > 0 ? ekus : certificateapplicationpolicy; + props.Add("effectiveekus", effectiveekus); + + // Construct authenticationenabled + bool authenticationenabled = effectiveekus.Intersect(Helpers.AuthenticationOIDs).Any() | effectiveekus.Length == 0; + props.Add("authenticationenabled", authenticationenabled); + return props; }