Skip to content

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
@0cmenog
0cmenog committed Oct 24, 2023
2 parents 756bcc4 + f312535 commit e0551b6
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 4 deletions.
1 change: 1 addition & 0 deletions src/CommonLib/OutputTypes/ResultingGPOChanges.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,6 @@ public class GPOChanges
public Dictionary<string, bool> SMBSigning = new();
public Dictionary<string, bool> LDAPSigning = new();
public Dictionary<string, object> LMAuthenticationLevel = new();
public Dictionary<string, int> MSCache = new();
}
}
60 changes: 56 additions & 4 deletions src/CommonLib/Processors/GPOLocalGroupProcessor.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,12 @@ public class GPOLocalGroupProcessor
private static readonly Regex LMLevelRegex =
new(@"\\LmCompatibilityLevel *= *\d+ *, *(\d)", RegexOptions.Compiled);

private static readonly Regex CachedLogonsCountRegex =
new(@"\\CachedLogonsCount *= *\d+ *, *\x22(\d+)\x22", RegexOptions.Compiled);

private static readonly Regex LDAPEnforceChannelBindingRegex =
new(@"\\LdapEnforceChannelBinding *= *\d+ *, *(\d)", RegexOptions.Compiled);

private static readonly ConcurrentDictionary<string, List<GroupAction>> GpoActionCache = new();

private static readonly Dictionary<string, LocalGroupRids> ValidGroupNames =
Expand Down Expand Up @@ -228,10 +234,22 @@ public async Task<ResultingGPOChanges> ReadGPOLocalGroups(string gpLink, string
}

// Add LM properties
_ = enforced.Contains(linkDn) ? (ret.Enforced.LMAuthenticationLevel = item.GPOLMProps) : (ret.Unenforced.LMAuthenticationLevel = item.GPOLMProps);
foreach (var i in item.GPOLMProps)
{
_ = enforced.Contains(linkDn) ? (ret.Enforced.LMAuthenticationLevel = item.GPOLMProps) : (ret.Unenforced.LMAuthenticationLevel = item.GPOLMProps);
}

// Add LDAP properties
_ = enforced.Contains(linkDn) ? (ret.Enforced.LDAPSigning = item.GPOLDAPProps) : (ret.Unenforced.LDAPSigning = item.GPOLDAPProps);
foreach (var i in item.GPOLDAPProps)
{
_ = enforced.Contains(linkDn) ? (ret.Enforced.LDAPSigning[i.Key] = i.Value) : (ret.Unenforced.LDAPSigning[i.Key] = i.Value);
}

// Add MSCache properties
foreach (var i in item.GPOMSCache)
{
_ = enforced.Contains(linkDn) ? (ret.Enforced.MSCache = item.GPOMSCache) : (ret.Unenforced.MSCache = item.GPOMSCache);
}
}
}

Expand All @@ -241,7 +259,6 @@ public async Task<ResultingGPOChanges> ReadGPOLocalGroups(string gpLink, string
//If there are no actions, then we can skip some instructions
if (actions.Count != 0)
{

//First lets process restricted members
var restrictedMemberSets = actions.Where(x => x.Target == GroupActionTarget.RestrictedMember)
.GroupBy(x => x.TargetRid);
Expand Down Expand Up @@ -468,6 +485,7 @@ internal async IAsyncEnumerable<GPOReturnTuple> ProcessGPOTemplateFile(string ba
ret.GPOLDAPProps = new Dictionary<string, bool>();
ret.GPOSMBProps = new Dictionary<string, bool>();
ret.GPOLMProps = new Dictionary<string, object>();
ret.GPOMSCache = new Dictionary<string, int>();

// check for registries
var regMatch = RegistryRegex.Match(content);
Expand All @@ -479,9 +497,11 @@ internal async IAsyncEnumerable<GPOReturnTuple> ProcessGPOTemplateFile(string ba
bool EnablesClientSMB = false;

bool RequiresLDAPSigning = false;
bool LDAPEnforceChannelBinding = false;

int LmCompatibilityLevel = 3; // default value for W10 = 3 according to https://docs.microsoft.com/fr-fr/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level
int LmCompatibilityLevel = 3;

int CachedLogonsCount = 0;

// if registry section is found
if (regMatch.Success)
Expand All @@ -499,9 +519,11 @@ internal async IAsyncEnumerable<GPOReturnTuple> ProcessGPOTemplateFile(string ba
var smbEnableClientMatchLine = SMBEnableClientRegex.Match(regLine);

var ldapClientMatchLine = LDAPClientIntegrityRegex.Match(regLine);
var ldapChannelBindingLine = LDAPEnforceChannelBindingRegex.Match(regLine);

var lmMatchLine = LMLevelRegex.Match(regLine);

var cachedLogonsLine = CachedLogonsCountRegex.Match(regLine);

// if a match is found for this registry
if (smbRequireServerMatchLine.Success)
Expand Down Expand Up @@ -601,6 +623,35 @@ internal async IAsyncEnumerable<GPOReturnTuple> ProcessGPOTemplateFile(string ba

ret.GPOLDAPProps.Add("RequiresLDAPClientSigning", RequiresLDAPSigning);
}
else if (ldapChannelBindingLine.Success)
{
var keyMatch = KeyRegex.Match(regLine);
var key = keyMatch.Value.Split(',')[1];

switch (key)
{
case "2": // Always enabled
LDAPEnforceChannelBinding = true;
break;
case "1": // Enabled, if supported
LDAPEnforceChannelBinding = false;
break;
case "0": // Disabled
LDAPEnforceChannelBinding = false;
break;
}

ret.GPOLDAPProps.Add("LDAPEnforceChannelBinding", LDAPEnforceChannelBinding);
}
else if (cachedLogonsLine.Success)
{
var keyMatch = KeyRegex.Match(regLine);
var key = keyMatch.Value.Split(',')[1];
CachedLogonsCount = Int32.Parse(key.Substring(1, key.Length - 2));

ret.GPOMSCache.Add("CachedLogonsCount", CachedLogonsCount);

}
}
}

Expand Down Expand Up @@ -960,6 +1011,7 @@ internal class GPOReturnTuple
public Dictionary<string, bool> GPOLDAPProps = new();
public Dictionary<string, bool> GPOSMBProps = new();
public Dictionary<string, object> GPOLMProps = new();
public Dictionary<string, int> GPOMSCache = new();
public GroupAction GPOGroupAction = new();

public bool ContainsGroupAction()
Expand Down

0 comments on commit e0551b6

Please sign in to comment.