Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for possible privilege escalation in Blazam #477

Merged
merged 2 commits into from
Aug 8, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ changelog:
- title: Exciting New Features 🎉
labels:
- enhancement
- title: Security Updates 🔐
labels:
- security
- title: Fixes 🏗
labels:
- bug
Expand Down
2 changes: 1 addition & 1 deletion BLAZAM/BLAZAM.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<ImplicitUsings>enable</ImplicitUsings>
<ServerGarbageCollection>false</ServerGarbageCollection>
<AssemblyVersion>1.0.0</AssemblyVersion>
<Version>2024.08.07.2325</Version>
<Version>2024.08.08.2253</Version>
<IncludeSourceRevisionInInformationalVersion>false</IncludeSourceRevisionInInformationalVersion>
<RootNamespace>BLAZAM</RootNamespace>
<GenerateDocumentationFile>False</GenerateDocumentationFile>
Expand Down
2 changes: 1 addition & 1 deletion BLAZAM/Pages/Recycle Bin/RecycleBin.razor
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
{


var search = new ADSearch() { SearchRoot = Directory.GetDeleteObjectsEntry() };
var search = new ADSearch(Directory) { SearchRoot = Directory.GetDeleteObjectsEntry() };
search.SearchDeleted = true;
deletedObjects = await search.SearchAsync<DirectoryEntryAdapter, IDirectoryEntryAdapter>();
LoadingData = false;
Expand Down
6 changes: 3 additions & 3 deletions BLAZAM/Pages/Search.razor
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@
}


public ADSearch Searcher { get; set; } = new ADSearch();
public ADSearch Searcher { get; set; }


[CascadingParameter]
Expand All @@ -130,7 +130,7 @@
protected override async Task OnInitializedAsync()
{
await base.OnInitializedAsync();
Searcher = new ADSearch();
Searcher = new ADSearch(Directory);
SearchService.SearchTerm = SearchTermParameter;
Searcher.GeneralSearchTerm = SearchTermParameter;

Expand Down Expand Up @@ -212,7 +212,7 @@
protected async Task InvokeSearch()
{
if (Searcher == null)
Searcher = new ADSearch();
Searcher = new ADSearch(Directory);
else
Searcher.Cancel();
SearchService.SearchTerm = SearchTermParameter;
Expand Down
6 changes: 3 additions & 3 deletions BLAZAM/Pages/View.razor
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@
}


public ADSearch Searcher { get; set; } = new ADSearch();
public ADSearch Searcher { get; set; }


[CascadingParameter]
Expand All @@ -130,7 +130,7 @@
protected override async Task OnInitializedAsync()
{
await base.OnInitializedAsync();
Searcher = new ADSearch();
Searcher = new ADSearch(Directory);
SearchService.SearchTerm = SearchTermParameter;
Searcher.GeneralSearchTerm = SearchTermParameter;

Expand Down Expand Up @@ -196,7 +196,7 @@
protected async Task InvokeSearch()
{
if (Searcher == null)
Searcher = new ADSearch();
Searcher = new ADSearch(Directory);
else
Searcher.Cancel();
SearchService.SearchTerm = SearchTermParameter;
Expand Down
11 changes: 5 additions & 6 deletions BLAZAMActiveDirectory/ActiveDirectoryContext.cs
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ public IApplicationUserState? CurrentUser
private WmiFactory _wmiFactory;
IEncryptionService _encryption;
private INotificationPublisher _notificationPublisher;
public static ActiveDirectoryContext Instance;
public static ActiveDirectoryContext SystemInstance;

public int FailedConnectionAttempts { get; set; } = 0;

Expand Down Expand Up @@ -220,7 +220,6 @@ INotificationPublisher notificationPublisher
_wmiFactory = new(this);
_encryption = encryptionService;
_notificationPublisher = notificationPublisher;
Instance = this;
Factory = factory;
UserStateService = userStateService;
//UserStateService.UserStateAdded += PopulateUserStateDirectoryUser;
Expand All @@ -241,7 +240,7 @@ public ActiveDirectoryContext(ActiveDirectoryContext activeDirectoryContextSeed)
{
_encryption = activeDirectoryContextSeed._encryption;
_notificationPublisher = activeDirectoryContextSeed._notificationPublisher;
Instance = this;
SystemInstance = this;
Factory = activeDirectoryContextSeed.Factory;
UserStateService = activeDirectoryContextSeed.UserStateService;
ConnectionSettings = activeDirectoryContextSeed.ConnectionSettings;
Expand Down Expand Up @@ -376,7 +375,7 @@ public void Connect()
//Perform Auth check
Loggers.ActiveDirectryLogger.Information("Performing Active Directory connection test");

var search = new ADSearch()
var search = new ADSearch(this)
{
ObjectTypeFilter = ActiveDirectoryObjectType.User,
SearchRoot = RootDirectoryEntry,
Expand Down Expand Up @@ -856,7 +855,7 @@ public bool RestoreTombstone(IDirectoryEntryAdapter model, IADOrganizationalUnit
public IDirectoryEntryAdapter? FindEntryBySID(byte[] sid) => GetDirectoryEntryBySid(sid.ToSidString());
public IDirectoryEntryAdapter? GetDirectoryEntryBySid(string sid)
{
var searcher = new ADSearch();
var searcher = new ADSearch(this);
searcher.SearchRoot = RootDirectoryEntry;
searcher.Fields.SID = sid;
var result = searcher.Search().FirstOrDefault();
Expand All @@ -865,7 +864,7 @@ public bool RestoreTombstone(IDirectoryEntryAdapter model, IADOrganizationalUnit

public IDirectoryEntryAdapter? GetDirectoryEntryByDN(string dn)
{
var searcher = new ADSearch();
var searcher = new ADSearch(this);
searcher.SearchRoot = RootDirectoryEntry;
searcher.Fields.DN = dn;
var result = searcher.Search().FirstOrDefault();
Expand Down
4 changes: 2 additions & 2 deletions BLAZAMActiveDirectory/Adapters/ADGroup.cs
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ public IEnumerable<IGroupableDirectoryAdapter> NestedMembers
{
get
{
ADSearch search = new ADSearch();
ADSearch search = new ADSearch(Directory);
search.Fields.NestedMemberOf = this;
var result = search.Search<GroupableDirectoryAdapter, IGroupableDirectoryAdapter>();
return result;
Expand All @@ -193,7 +193,7 @@ public List<IGroupableDirectoryAdapter> Members
get
{
var temp = MembersAsStrings;
ADSearch search = new ADSearch();
ADSearch search = new ADSearch(Directory);

List<IGroupableDirectoryAdapter> members = new List<IGroupableDirectoryAdapter>();
temp?.ForEach(t =>
Expand Down
2 changes: 1 addition & 1 deletion BLAZAMActiveDirectory/Adapters/DirectoryEntryAdapter.cs
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,7 @@ public virtual void MoveTo(IADOrganizationalUnit parentOUToMoveTo)
{
if (DirectoryEntry == null || DirectoryEntry.Parent == null) return null;

var parent = DirectoryEntry.Parent.Encapsulate();
var parent = DirectoryEntry.Parent.Encapsulate(Directory);

return parent;

Expand Down
14 changes: 2 additions & 12 deletions BLAZAMActiveDirectory/GlobalSuppressions.cs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
using System.Diagnostics.CodeAnalysis;

[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.Common.Data.Services.WmiFactory.CreateWmiConnection(System.String)~System.Management.ManagementScope")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.CommitChanges~BLAZAM.ActiveDirectory.DirectoryChangeResult")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.SetNewProperty(System.String,System.Object)")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.ActiveDirectoryContext.Connect")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.ActiveDirectoryContext.GetDeleteObjectsEntry~System.DirectoryServices.DirectoryEntry")]
Expand All @@ -23,19 +22,14 @@
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.FetchDirectoryEntry")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.DiscardChanges")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.Delete")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.Parse(System.DirectoryServices.DirectoryEntry,System.DirectoryServices.SearchResult,BLAZAM.ActiveDirectory.Interfaces.IActiveDirectoryContext)~System.Threading.Tasks.Task")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.GetParent~System.Threading.Tasks.Task{BLAZAM.ActiveDirectory.Interfaces.IADOrganizationalUnit}")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.MoveTo(BLAZAM.ActiveDirectory.Interfaces.IADOrganizationalUnit)~System.Boolean")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.Classes")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.ADSPath")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.Invoke(System.String,System.Object[])~System.Boolean")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.Changes")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.ADUser.SetHomeDirectoryPermissions")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.ADUser.SetPassword(System.Security.SecureString,System.Boolean)~System.Boolean")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Searchers.ADSearch.Search``2(System.Nullable{System.Threading.CancellationToken})~System.Collections.Generic.List{``1}")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Searchers.ADSearch.PerformSearch``2(System.DateTime,System.DirectoryServices.DirectorySearcher,System.Int32)")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Searchers.ADSearch.PrepareSearcher(System.DirectoryServices.DirectorySearcher)")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Searchers.ADSearch.Encapsulate(System.DirectoryServices.SearchResultCollection)~System.Collections.Generic.List{BLAZAM.ActiveDirectory.Interfaces.IDirectoryEntryAdapter}")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.Searchers.ADSearch.SearchScope")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~F:BLAZAM.ActiveDirectory.Searchers.ADSearch._searchResults")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.ADOrganizationalUnit.CreateGroup(System.String)~BLAZAM.ActiveDirectory.Interfaces.IADGroup")]
Expand All @@ -48,19 +42,15 @@
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.ActiveDirectoryContext.TryGetDomainControllers")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.commitStep")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.CommitChanges(BLAZAM.Jobs.IJob)~BLAZAM.Jobs.IJob")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Searchers.ADSearcher.SearchObjects(System.String,System.String,System.Nullable{BLAZAM.Common.Data.ActiveDirectoryObjectType},System.Int32,System.Nullable{System.Boolean},System.DirectoryServices.SearchScope)~System.DirectoryServices.SearchResultCollection")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.Adapters.ADOrganizationalUnit.Children")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.Children")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.ActiveDirectoryContext.AuthType")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~P:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.HasChildren")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.MoveTo(BLAZAM.ActiveDirectory.Interfaces.IADOrganizationalUnit)")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.GetParent~BLAZAM.ActiveDirectory.Interfaces.IADOrganizationalUnit")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.ActiveDirectoryContext.Authenticate_Alt(BLAZAM.Common.Data.LoginRequest)~BLAZAM.ActiveDirectory.Interfaces.IADUser")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.ADOrganizationalUnit.CreateOU(System.String)~BLAZAM.ActiveDirectory.Interfaces.IADOrganizationalUnit")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.ADOrganizationalUnit.CreatePrinter(System.String,System.String,System.String)~BLAZAM.ActiveDirectory.Interfaces.IADPrinter")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.ADOrganizationalUnit.CreatePrinter(BLAZAM.ActiveDirectory.Adapters.SharedPrinter)~BLAZAM.ActiveDirectory.Interfaces.IADPrinter")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.Helpers.ActiveDirectoryHelpers.Encapsulate(System.DirectoryServices.SearchResultCollection)~System.Collections.Generic.List{BLAZAM.ActiveDirectory.Interfaces.IDirectoryEntryAdapter}")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.Helpers.ActiveDirectoryHelpers.Encapsulate(System.DirectoryServices.DirectoryEntries)~System.Collections.Generic.List{BLAZAM.ActiveDirectory.Interfaces.IDirectoryEntryAdapter}")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.ActiveDirectoryContext.KeepAlive(System.Object)")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.Helpers.ActiveDirectoryHelpers.Encapsulate(System.DirectoryServices.DirectoryEntry)~BLAZAM.ActiveDirectory.Interfaces.IDirectoryEntryAdapter")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.ActiveDirectory.Adapters.DirectoryEntryAdapter.GetParent~BLAZAM.ActiveDirectory.Interfaces.IDirectoryEntryAdapter")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.Helpers.ActiveDirectoryHelpers.Encapsulate(System.DirectoryServices.SearchResultCollection,BLAZAM.ActiveDirectory.Interfaces.IActiveDirectoryContext)~System.Collections.Generic.List{BLAZAM.ActiveDirectory.Interfaces.IDirectoryEntryAdapter}")]
[assembly: SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "<Pending>", Scope = "member", Target = "~M:BLAZAM.Helpers.ActiveDirectoryHelpers.Encapsulate(System.DirectoryServices.DirectoryEntry,BLAZAM.ActiveDirectory.Interfaces.IActiveDirectoryContext)~BLAZAM.ActiveDirectory.Interfaces.IDirectoryEntryAdapter")]
Loading
Loading