From 6cfb28f97c864d7762eeef7695d80271456410a8 Mon Sep 17 00:00:00 2001 From: Lars Karlslund Date: Tue, 19 Apr 2022 17:51:09 +0200 Subject: [PATCH] Attribute type fixes, AD Explorer conversion fix for "bool" --- modules/engine/attributes.go | 24 ++++++----------- .../activedirectory/attributes.go | 8 +++--- .../integrations/activedirectory/rawobject.go | 27 ++++++++++--------- 3 files changed, 26 insertions(+), 33 deletions(-) diff --git a/modules/engine/attributes.go b/modules/engine/attributes.go index 28c9f50..df71cf1 100644 --- a/modules/engine/attributes.go +++ b/modules/engine/attributes.go @@ -27,7 +27,8 @@ type attributeinfo struct { type AttributeType uint8 const ( - AttributeTypeString AttributeType = iota + AttributeTypeUnknown AttributeType = iota + AttributeTypeString AttributeTypeInt AttributeTypeFloat AttributeTypeBool @@ -141,39 +142,30 @@ func (a Attribute) String() string { } func (a Attribute) Type(t AttributeType) Attribute { - ai := attributenums[a] - ai.atype = t - attributenums[a] = ai + attributenums[a].atype = t return a } func (a Attribute) Single() Attribute { - ai := attributenums[a] - ai.single = true - attributenums[a] = ai + attributenums[a].single = true return a } func (a Attribute) IsSingle() bool { - ai := attributenums[a] - return ai.single + return attributenums[a].single } func (a Attribute) Unique() Attribute { - ai := attributenums[a] - ai.unique = true - attributenums[a] = ai + attributenums[a].unique = true return a } func (a Attribute) IsNonUnique() bool { - ai := attributenums[a] - return !ai.unique + return !attributenums[a].unique } func (a Attribute) IsUnique() bool { - ai := attributenums[a] - return ai.unique + return attributenums[a].unique } var ErrDontMerge = errors.New("Dont merge objects using any methods") diff --git a/modules/integrations/activedirectory/attributes.go b/modules/integrations/activedirectory/attributes.go index 0b69fb4..18459f0 100644 --- a/modules/integrations/activedirectory/attributes.go +++ b/modules/integrations/activedirectory/attributes.go @@ -17,15 +17,15 @@ var ( GroupType = engine.NewAttribute("groupType").Tag("AD").Single() MemberOf = engine.NewAttribute("memberOf").Tag("AD") Member = engine.NewAttribute("member").Tag("AD") - AccountExpires = engine.NewAttribute("accountExpires").Tag("AD") + AccountExpires = engine.NewAttribute("accountExpires").Tag("AD").Type(engine.AttributeTypeTime) RepsTo = engine.NewAttribute("repsTo").Tag("AD") InstanceType = engine.NewAttribute("instanceType").Tag("AD") ModifiedCount = engine.NewAttribute("modifiedCount").Tag("AD") MinPwdAge = engine.NewAttribute("minPwdAge").Tag("AD") - MinPwdLength = engine.NewAttribute("minPwdLength").Tag("AD") + MinPwdLength = engine.NewAttribute("minPwdLength").Tag("AD").Type(engine.AttributeTypeInt) PwdProperties = engine.NewAttribute("pwdProperties").Tag("AD") LockOutDuration = engine.NewAttribute("lockoutDuration").Tag("AD") - PwdHistoryLength = engine.NewAttribute("pwdHistoryLength").Tag("AD") + PwdHistoryLength = engine.NewAttribute("pwdHistoryLength").Tag("AD").Type(engine.AttributeTypeInt) IsCriticalSystemObject = engine.NewAttribute("isCriticalSystemObject").Tag("AD") FSMORoleOwner = engine.NewAttribute("fSMORoleOwner").Tag("AD") NTMixedDomain = engine.NewAttribute("nTMixedDomain").Tag("AD") @@ -73,7 +73,7 @@ var ( MSDSHostServiceAccount = engine.NewAttribute("msDS-HostServiceAccount").Tag("AD") MSDSHostServiceAccountBL = engine.NewAttribute("msDS-HostServiceAccountBL").Tag("AD") MSmcsAdmPwdExpirationTime = engine.NewAttribute("ms-mcs-AdmPwdExpirationTime").Tag("AD").Type(engine.AttributeTypeTime) // LAPS password timeout - SecurityIdentifier = engine.NewAttribute("securityIdentifier") + SecurityIdentifier = engine.NewAttribute("securityIdentifier").Type(engine.AttributeTypeSID) TrustDirection = engine.NewAttribute("trustDirection").Type(engine.AttributeTypeInt) TrustAttributes = engine.NewAttribute("trustAttributes") TrustPartner = engine.NewAttribute("trustPartner") diff --git a/modules/integrations/activedirectory/rawobject.go b/modules/integrations/activedirectory/rawobject.go index d78df9b..0de9b18 100644 --- a/modules/integrations/activedirectory/rawobject.go +++ b/modules/integrations/activedirectory/rawobject.go @@ -80,6 +80,7 @@ func EncodeAttributeData(attribute engine.Attribute, values []string) engine.Att case WhenChanged, WhenCreated, DsCorePropagationData, MsExchLastUpdateTime, MsExchPolicyLastAppliedTime, MsExchWhenMailboxCreated, GWARTLastModified, SpaceLastComputed: + tvalue := strings.TrimSuffix(value, "Z") // strip "Z" tvalue = strings.TrimSuffix(tvalue, ".0") // strip ".0" switch len(tvalue) { @@ -133,23 +134,23 @@ func EncodeAttributeData(attribute engine.Attribute, values []string) engine.Att } else { log.Warn().Msgf("Failed to convert attribute %v value %2x to GUID: %v", attribute.String(), []byte(value), err) } - case ObjectCategory: - attributevalue = engine.AttributeValueString(value) - case ObjectSid, SIDHistory: + case ObjectSid, SIDHistory, SecurityIdentifier: attributevalue = engine.AttributeValueSID(value) default: - // Just use string encoding - if intval, err := strconv.ParseInt(value, 10, 64); err == nil { - attributevalue = engine.AttributeValueInt(intval) + // AUTO CONVERSION + + if strings.HasSuffix(value, "Z") { // "20171111074031.0Z" + // Lets try as a timestamp + tvalue := strings.TrimSuffix(value, "Z") // strip "Z" + tvalue = strings.TrimSuffix(tvalue, ".0") // strip ".0" + if t, err := time.Parse("20060102150405", tvalue); err == nil { + attributevalue = engine.AttributeValueTime(t) + } } if attributevalue == nil { - // Lets try as a timestamp - if strings.HasSuffix(value, "Z") { // "20171111074031.0Z" - tvalue := strings.TrimSuffix(value, "Z") // strip "Z" - tvalue = strings.TrimSuffix(tvalue, ".0") // strip ".0" - if t, err := time.Parse("20060102150405", tvalue); err == nil { - attributevalue = engine.AttributeValueTime(t) - } + // Integer + if intval, err := strconv.ParseInt(value, 10, 64); err == nil { + attributevalue = engine.AttributeValueInt(intval) } } if attributevalue == nil {