Skip to content

Commit

Permalink
Merge branch 'adcs' into eku-props
Browse files Browse the repository at this point in the history
  • Loading branch information
rvazarkar authored Oct 18, 2023
2 parents a113fe9 + 82a1cdf commit b0d6491
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 5 deletions.
1 change: 1 addition & 0 deletions src/CommonLib/Enums/LdapErrorCodes.cs
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ public enum LdapErrorCodes : int
{
Success = 0,
Busy = 51,
ServerDown = 81
}
}
51 changes: 49 additions & 2 deletions src/CommonLib/LDAPUtils.cs
Original file line number Diff line number Diff line change
Expand Up @@ -866,9 +866,23 @@ public IEnumerable<ISearchResultEntry> QueryLDAP(string ldapFilter, SearchScope
if (response != null)
pageResponse = (PageResultResponseControl)response.Controls
.Where(x => x is PageResultResponseControl).DefaultIfEmpty(null).FirstOrDefault();
}
catch (LdapException le) when (le.ErrorCode == (int)LdapErrorCodes.Busy && retryCount < MaxRetries)
}catch (LdapException le) when (le.ErrorCode == (int)LdapErrorCodes.ServerDown &&
retryCount < MaxRetries)
{
retryCount++;
Thread.Sleep(backoffDelay);
backoffDelay = TimeSpan.FromSeconds(Math.Min(
backoffDelay.TotalSeconds * BackoffDelayMultiplier.TotalSeconds, MaxBackoffDelay.TotalSeconds));
conn = CreateNewConnection(domainName, globalCatalog, skipCache);
if (conn == null)
{
_log.LogError("Unable to create replacement ldap connection for ServerDown exception. Breaking loop");
yield break;
}

_log.LogInformation("Created new LDAP connection after receiving ServerDown from server");
continue;
}catch (LdapException le) when (le.ErrorCode == (int)LdapErrorCodes.Busy && retryCount < MaxRetries) {
retryCount++;
Thread.Sleep(backoffDelay);
backoffDelay = TimeSpan.FromSeconds(Math.Min(
Expand Down Expand Up @@ -920,6 +934,22 @@ public IEnumerable<ISearchResultEntry> QueryLDAP(string ldapFilter, SearchScope
}
}

private LdapConnection CreateNewConnection(string domainName = null, bool globalCatalog = false, bool skipCache = false)
{
var task = globalCatalog
? Task.Run(() => CreateGlobalCatalogConnection(domainName, _ldapConfig.AuthType))
: Task.Run(() => CreateLDAPConnection(domainName, skipCache, _ldapConfig.AuthType));

try
{
return task.ConfigureAwait(false).GetAwaiter().GetResult();
}
catch
{
return null;
}
}

/// <summary>
/// Performs an LDAP query using the parameters specified by the user.
/// </summary>
Expand Down Expand Up @@ -983,6 +1013,23 @@ public virtual IEnumerable<ISearchResultEntry> QueryLDAP(string ldapFilter, Sear
backoffDelay.TotalSeconds * BackoffDelayMultiplier.TotalSeconds, MaxBackoffDelay.TotalSeconds));
continue;
}
catch (LdapException le) when (le.ErrorCode == (int)LdapErrorCodes.ServerDown &&
retryCount < MaxRetries)
{
retryCount++;
Thread.Sleep(backoffDelay);
backoffDelay = TimeSpan.FromSeconds(Math.Min(
backoffDelay.TotalSeconds * BackoffDelayMultiplier.TotalSeconds, MaxBackoffDelay.TotalSeconds));
conn = CreateNewConnection(domainName, globalCatalog, skipCache);
if (conn == null)
{
_log.LogError("Unable to create replacement ldap connection for ServerDown exception. Breaking loop");
yield break;
}

_log.LogInformation("Created new LDAP connection after receiving ServerDown from server");
continue;
}
catch (LdapException le)
{
if (le.ErrorCode != 82)
Expand Down
2 changes: 1 addition & 1 deletion src/CommonLib/SharpHoundCommonLib.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<PackageDescription>Common library for C# BloodHound enumeration tasks</PackageDescription>
<PackageLicenseExpression>GPL-3.0-only</PackageLicenseExpression>
<RepositoryUrl>https://github.com/BloodHoundAD/SharpHoundCommon</RepositoryUrl>
<Version>3.0.8</Version>
<Version>3.0.9</Version>
<AssemblyName>SharpHoundCommonLib</AssemblyName>
<RootNamespace>SharpHoundCommonLib</RootNamespace>
</PropertyGroup>
Expand Down
3 changes: 1 addition & 2 deletions test/unit/LDAPPropertyTests.cs
Original file line number Diff line number Diff line change
Expand Up @@ -641,8 +641,7 @@ public void LDAPPropertyProcessor_ReadAIACAProperties()
{"name", "[email protected]"},
{"domainsid", "S-1-5-21-2697957641-2271029196-387917394"},
{"whencreated", 1683986131},
{"crosscertificatepair", new[]
{"AQIDBAUGBwg="}}
{"hascrosscertificatepair", true},
}, "2F9F3630-F46A-49BF-B186-6629994EBCF9", Label.AIACA);

var test = LDAPPropertyProcessor.ReadAIACAProperties(mock);
Expand Down

0 comments on commit b0d6491

Please sign in to comment.