From a8c37b79e2bd7a45a355143a3969c9c44c47cf67 Mon Sep 17 00:00:00 2001
From: jknudsen <jknudsen@specterops.io>
Date: Mon, 2 Sep 2024 11:51:27 +0200
Subject: [PATCH] feat: schannelauthenticationenabled property

---
 src/CommonLib/Helpers.cs                          | 5 +++++
 src/CommonLib/Processors/LdapPropertyProcessor.cs | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/CommonLib/Helpers.cs b/src/CommonLib/Helpers.cs
index 63d4c466..031c6d16 100644
--- a/src/CommonLib/Helpers.cs
+++ b/src/CommonLib/Helpers.cs
@@ -295,6 +295,11 @@ public static IRegistryKey OpenRemoteRegistry(string target) {
             CommonOids.SmartcardLogon,
             CommonOids.AnyPurpose
         };
+
+        public static string[] SchannelAuthenticationOIDs = new string[] {
+            CommonOids.ClientAuthentication,
+            CommonOids.AnyPurpose
+        };
     }
 
     public class ParsedGPLink {
diff --git a/src/CommonLib/Processors/LdapPropertyProcessor.cs b/src/CommonLib/Processors/LdapPropertyProcessor.cs
index b2abc562..eecbef22 100644
--- a/src/CommonLib/Processors/LdapPropertyProcessor.cs
+++ b/src/CommonLib/Processors/LdapPropertyProcessor.cs
@@ -553,6 +553,11 @@ public static Dictionary<string, object> ReadCertTemplateProperties(IDirectoryOb
                 effectiveekus.Intersect(Helpers.AuthenticationOIDs).Any() | effectiveekus.Length == 0;
             props.Add("authenticationenabled", authenticationEnabled);
 
+            // Construct schannelauthenticationenabled
+            var schannelAuthenticationEnabled =
+                effectiveekus.Intersect(Helpers.SchannelAuthenticationOIDs).Any() | effectiveekus.Length == 0;
+            props.Add("schannelauthenticationenabled", schannelAuthenticationEnabled);
+
             return props;
         }