Various internal naming changes

modules/analyze/webservicefuncs.go

@@ -223,7 +223,7 @@ func analysisfuncs(ws *webservice) {
  var includeobjects *engine.Objects
  var excludeobjects *engine.Objects
 
- var excludequery query.Query
+ var excludequery query.NodeFilter
 
  // tricky tricky - if we get a call with the expanddn set, then we handle things .... differently :-)
  if expanddn := vars["expanddn"]; expanddn != "" {
@@ -482,7 +482,7 @@ func analysisfuncs(ws *webservice) {
  var includeobjects *engine.Objects
  var excludeobjects *engine.Objects
 
- var excludequery query.Query
+ var excludequery query.NodeFilter
 
  rest, includequery, err := query.ParseLDAPQuery(r.URL.Query().Get("query"), ws.Objs)
  if err != nil {

modules/engine/analyzeobjects.go

@@ -6,30 +6,9 @@ import (
  "github.com/lkarlslund/adalanche/modules/ui"
 )
 
-var EdgeMemberOfGroup = NewEdge("MemberOfGroup")
-
 var SortBy Attribute = NonExistingAttribute
 
-type ProbabilityCalculatorFunction func(source, target *Object) Probability
-
-func (pm Edge) RegisterProbabilityCalculator(doCalc ProbabilityCalculatorFunction) Edge {
- edgeInfos[pm].probability = doCalc
- return pm
-}
-
-func (pm Edge) Describe(description string) Edge {
- edgeInfos[pm].Description = description
- return pm
-}
-
-func (pm Edge) Probability(source, target *Object) Probability {
- if f := edgeInfos[pm].probability; f != nil {
- return f(source, target)
- }
-
- // default
- return 100
-}
+var EdgeMemberOfGroup = NewEdge("MemberOfGroup") // Get rid of this
 
 func NewAnalyzeObjectsOptions() AnalyzeObjectsOptions {
  return AnalyzeObjectsOptions{

modules/engine/attributes.go

@@ -82,7 +82,7 @@ var (
  DownLevelLogonName = NewAttribute("downLevelLogonName").Merge()
  UserPrincipalName = NewAttribute("userPrincipalName").Merge()
  NetbiosDomain = NewAttribute("netbiosDomain").Single() // Used to merge users with - if we only have a DOMAIN\USER type of info
- DomainPart  = NewAttribute("domainPart").Single()
+ DomainContext = NewAttribute("domainContext").Single()
 
  MetaProtectedUser = NewAttribute("_protecteduser")
  MetaUnconstrainedDelegation = NewAttribute("_unconstraineddelegation")

modules/engine/edge.go

@@ -7,6 +7,27 @@ import (
  "sync"
 )
 
+type ProbabilityCalculatorFunction func(source, target *Object) Probability
+
+func (pm Edge) RegisterProbabilityCalculator(doCalc ProbabilityCalculatorFunction) Edge {
+ edgeInfos[pm].probability = doCalc
+ return pm
+}
+
+func (pm Edge) Describe(description string) Edge {
+ edgeInfos[pm].Description = description
+ return pm
+}
+
+func (pm Edge) Probability(source, target *Object) Probability {
+ if f := edgeInfos[pm].probability; f != nil {
+ return f(source, target)
+ }
+
+ // default
+ return 100
+}
+
 // EdgeAnalyzer takes an Object, examines it an outputs a list of Objects that can Pwn it
 type EdgeAnalyzer struct {
  ObjectAnalyzer func(o *Object, ao *Objects)

modules/engine/objects.go

@@ -702,26 +702,26 @@ func (os *Objects) FindOrAddAdjacentSID(s windowssecurity.SID, r *Object) *Objec
  ObjectSid, AttributeValueSID(s),
  DataLoader, "FindOrAddAdjacentSID",
  IgnoreBlanks,
- DomainPart, r.Attr(DomainPart),
+ DomainContext, r.Attr(DomainContext),
  )
  if !r.SID().IsNull() {
  if r.SID().StripRID() == s.StripRID() {
  // Same domain ... hmm!
  } else {
  // Other domain, then it's a foreign principal
  no.SetFlex(ObjectCategorySimple, "Foreign-Security-Principal")
- if dp := r.OneAttrString(DomainPart); dp != "" {
- no.SetFlex(DistinguishedName, "CN="+s.String()+",CN=ForeignSecurityPrincipals,"+dp)
+ if domainContext := r.OneAttrString(DomainContext); domainContext != "" {
+ no.SetFlex(DistinguishedName, "CN="+s.String()+",CN=ForeignSecurityPrincipals,"+domainContext)
  }
  }
  }
  return no
  })
  return result[0]
  default:
- if r.HasAttr(DomainPart) {
+ if r.HasAttr(DomainContext) {
  // From outside, we need to find the domain part
- if o, found := os.FindTwoMulti(ObjectSid, AttributeValueSID(s), DomainPart, r.OneAttr(DomainPart)); found {
+ if o, found := os.FindTwoMulti(ObjectSid, AttributeValueSID(s), DomainContext, r.OneAttr(DomainContext)); found {
  return o[0]
  }
  }
@@ -740,7 +740,7 @@ func (os *Objects) FindOrAddAdjacentSID(s windowssecurity.SID, r *Object) *Objec
  if s.Component(2) != 21 {
  no.SetFlex(
  IgnoreBlanks,
- DomainPart, r.Attr(DomainPart),
+ DomainContext, r.Attr(DomainContext),
  DataSource, r.Attr(DataSource),
  )
  }
@@ -750,34 +750,6 @@ func (os *Objects) FindOrAddAdjacentSID(s windowssecurity.SID, r *Object) *Objec
  return no
 }
 
-/*
-func (os *Objects) findAdjacentSID(s windowssecurity.SID, r *Object) *Object {
- // These are the "local" groups shared between DCs
- // We need to find the right one, and we'll use the DomainPart for this
-
- switch s.Component(2) {
- case 21: // Full "domain" SID
- return os.Find(s)
- default:
- if r.HasAttr(DomainPart) {
- // From outside, we need to find the domain part
- if o, found := os.FindTwoMulti(ObjectSid, AttributeValueSID(s), DomainPart, r.OneAttr(DomainPart)); found {
- return findMostLocal(o)
- }
- }
- // From inside same source, that is easy
- if r.HasAttr(UniqueSource) {
- if o, found := os.FindTwoMulti(ObjectSid, AttributeValueSID(s), UniqueSource, r.OneAttr(UniqueSource)); found {
- return findMostLocal(o)
- }
- }
- }
-
- // Not found
- return nil
-}
-*/
-
 func findMostLocal(os []*Object) *Object {
  if len(os) == 0 {
  return nil

modules/integrations/activedirectory/analyze/analyze-ad.go

@@ -11,7 +11,6 @@ import (
  "github.com/lkarlslund/adalanche/modules/engine"
  "github.com/lkarlslund/adalanche/modules/integrations/activedirectory"
  "github.com/lkarlslund/adalanche/modules/ui"
- "github.com/lkarlslund/adalanche/modules/util"
  "github.com/lkarlslund/adalanche/modules/windowssecurity"
 )
 
@@ -847,7 +846,7 @@ func init() {
  continue
  }
 
- if o.HasAttr(engine.DomainPart) {
+ if o.HasAttr(engine.DomainContext) {
  continue
  }
 
@@ -866,7 +865,7 @@ func init() {
  }
 
  if lastpart != -1 {
- o.SetValues(engine.DomainPart, engine.AttributeValueString(strings.Join(parts[lastpart:], ",")))
+ o.SetValues(engine.DomainContext, engine.AttributeValueString(strings.Join(parts[lastpart:], ",")))
  }
  }
  },
@@ -879,14 +878,14 @@ func init() {
  return strings.HasPrefix(o.OneAttrString(engine.DistinguishedName), "CN=AdminSDHolder,CN=System,")
  }).Slice() {
  // We found it - so we know it can change ACLs of some objects
- domainpart := adminsdholder.OneAttrString(engine.DomainPart)
+ domaincontext := adminsdholder.OneAttrString(engine.DomainContext)
 
  // Are some groups excluded?
  excluded_mask := 0
 
  // Find dsHeuristics, this defines groups EXCLUDED From AdminSDHolder application
  // https://social.technet.microsoft.com/wiki/contents/articles/22331.adminsdholder-protected-groups-and-security-descriptor-propagator.aspx#What_is_a_protected_group
- if ds, found := ao.Find(engine.DistinguishedName, engine.AttributeValueString("CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,"+domainpart)); found {
+ if ds, found := ao.Find(engine.DistinguishedName, engine.AttributeValueString("CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,"+domaincontext)); found {
  excluded := ds.OneAttrString(activedirectory.DsHeuristics)
  if len(excluded) >= 16 {
  excluded_mask = strings.Index("0123456789ABCDEF", strings.ToUpper(string(excluded[15])))
@@ -900,7 +899,7 @@ func init() {
  }
 
  // Only this "local" AD (for multi domain analysis)
- if o.OneAttrString(engine.DomainPart) != domainpart {
+ if o.OneAttrString(engine.DomainContext) != domaincontext {
  return false
  }
  return true
@@ -1005,6 +1004,7 @@ func init() {
  dnsroot = strings.ToLower(dnsroot)
  TrustMap.Store(TrustPair{
  SourceNCName: ncname,
+ SourceDNSRoot: dnsroot,
  SourceNetbios: netbiosname,
  SourceSID: domainsid.String(),
  }, TrustInfo{})
@@ -1082,27 +1082,27 @@ func init() {
  if !found {
  ui.Warn().Msgf("Can not find machine object for DC %v", object.DN())
  } else {
- domainPart := object.OneAttr(engine.DomainPart)
- if domainPart == nil {
- ui.Fatal().Msgf("DomainController %v has no DomainPart attribute", object.DN())
+ domainContext := object.OneAttr(engine.DomainContext)
+ if domainContext == nil {
+ ui.Fatal().Msgf("DomainController %v has no DomainContext attribute", object.DN())
  }
 
  if administrators, found := ao.FindTwo(engine.ObjectSid, engine.AttributeValueSID(windowssecurity.AdministratorsSID),
- engine.DomainPart, domainPart); found {
+ engine.DomainContext, domainContext); found {
  administrators.EdgeTo(machine, activedirectory.EdgeLocalAdminRights)
  } else {
  ui.Warn().Msgf("Could not find Administrators group for %v", object.DN())
  }
 
  if remotedesktopusers, found := ao.FindTwo(engine.ObjectSid, engine.AttributeValueSID(windowssecurity.RemoteDesktopUsersSID),
- engine.DomainPart, domainPart); found {
+ engine.DomainContext, domainContext); found {
  remotedesktopusers.EdgeTo(machine, activedirectory.EdgeLocalRDPRights)
  } else {
  ui.Warn().Msgf("Could not find Remote Desktop Users group for %v", object.DN())
  }
 
  if distributeddcomusers, found := ao.FindTwo(engine.ObjectSid, engine.AttributeValueSID(windowssecurity.DCOMUsersSID),
- engine.DomainPart, domainPart); found {
+ engine.DomainContext, domainContext); found {
  distributeddcomusers.EdgeTo(machine, activedirectory.EdgeLocalDCOMRights)
  } else {
  ui.Warn().Msgf("Could not find DCOM Users group for %v", object.DN())
@@ -1138,7 +1138,7 @@ func init() {
 
  TrustMap.Store(TrustPair{
  SourceDNSRoot: dnsroot,
- TargetDNSRoot: util.DomainSuffixToDomainPart(partner),
+ TargetDNSRoot: partner,
  }, TrustInfo{
  Direction: TrustDirection(dir),
  })
@@ -1244,9 +1244,9 @@ func init() {
  }
 
  for _, o := range ao.Slice() {
- if o.HasAttr(engine.ObjectSid) && o.SID().Component(2) == 21 && !o.HasAttr(engine.DistinguishedName) && o.HasAttr(engine.DomainPart) {
+ if o.HasAttr(engine.ObjectSid) && o.SID().Component(2) == 21 && !o.HasAttr(engine.DistinguishedName) && o.HasAttr(engine.DomainContext) {
  // An unknown SID, is it ours or from another domain?
- ourDomainDN := o.OneAttrString(engine.DomainPart)
+ ourDomainDN := o.OneAttrString(engine.DomainContext)
  ourDomainSid, domainfound := domains[ourDomainDN]
  if !domainfound {
  continue

modules/integrations/activedirectory/collect/cli.go

@@ -441,8 +441,7 @@ func Execute(cmd *cobra.Command, args []string) error {
  for _, object := range gpostocollect {
  // Let's check if it this is a GPO and then add som fake attributes to represent it
  if gpfsp, found := object.Attributes["gPCFileSysPath"]; found {
-
- domainPart := util.ExtractDomainPart(object.DistinguishedName)
+ domainContext := util.ExtractDomainContextFromDistinguishedName(object.DistinguishedName)
 
  gpodisplayname := object.Attributes["displayName"]
  gpoguid := object.Attributes["name"]
@@ -471,7 +470,7 @@ func Execute(cmd *cobra.Command, args []string) error {
 
  gpoinfo.GPOinfo.GUID = gpuuid
  gpoinfo.GPOinfo.Path = originalpath // The original path is kept, we don't care
- gpoinfo.GPOinfo.DomainDN = domainPart
+ gpoinfo.GPOinfo.DomainDN = domainContext
  gpoinfo.GPOinfo.DomainNetbios = netbiosname
 
  offset := len(gppath)

modules/query/execute.go

@@ -13,13 +13,13 @@ type IndexSelectorInfo struct {
  queryIndex int
 }
 
-func Execute(q Query, ao *engine.Objects) *engine.Objects {
+func Execute(q NodeFilter, ao *engine.Objects) *engine.Objects {
  var potentialindexes []IndexSelectorInfo
  switch t := q.(type) {
  case andquery:
  // Iterate over all subitems
  for _, st := range t.subitems {
- if qo, ok := st.(QueryOneAttribute); ok {
+ if qo, ok := st.(FilterOneAttribute); ok {
  if sm, ok := qo.q.(hasStringMatch); ok {
  // This might be in an index
  potentialindexes = append(potentialindexes, IndexSelectorInfo{
@@ -29,7 +29,7 @@ func Execute(q Query, ao *engine.Objects) *engine.Objects {
  }
  }
  }
- case QueryOneAttribute:
+ case FilterOneAttribute:
  qo := t
  if sm, ok := qo.q.(hasStringMatch); ok {
  // This might be in an index