3.1.180

ANSSI-FR · Jul 12, 2022 · 3df8164 · 3df8164
1 parent 90d9ba3
commit 3df8164
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 20 deletions.
diff --git a/Engine.cpp b/Engine.cpp
@@ -163,8 +163,6 @@ Process (
 
    if (pGlobalConfig->bOutputMLA == TRUE)
    {
-      WCHAR szMlaFilePath[MAX_PATH];
-
       // <forest>\<date>
       swprintf(
          pGlobalConfig->szMlaOutDirectory, MAX_PATH,
@@ -185,14 +183,14 @@ Process (
       // Open MLA output file
       //
       swprintf(
-         szMlaFilePath, MAX_PATH,
+         pGlobalConfig->szMlaFilePath, MAX_PATH,
          L"%s\\%s_%s.mla",
          pGlobalConfig->szOutDirectory,
          szRootDns,
          pGlobalConfig->szSystemTime
       );
 
-      bResult = MlaInit(szMlaFilePath);
+      bResult = MlaInit(pGlobalConfig->szMlaFilePath);
       if (bResult == FALSE)
          return FALSE;
    }
@@ -327,18 +325,24 @@ Process (
    {
       if (pGlobalConfig->pRequests[i].dwBase & BASE_CONFIGURATION)
       {
-         LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_CONFIGURATION, NULL, RootDse.configurationNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         bResult = LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_CONFIGURATION, NULL, RootDse.configurationNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         if (bResult == FALSE)
+            return FALSE;
       }
 
       if (pGlobalConfig->pRequests[i].dwBase & BASE_SCHEMA)
       {
-         LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_SCHEMA, NULL, RootDse.schemaNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         bResult = LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_SCHEMA, NULL, RootDse.schemaNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         if (bResult == FALSE)
+            return FALSE;
       }
 
       // Forest DNS, but only with AD-DS
       if ((pGlobalConfig->pRequests[i].dwBase & BASE_FOREST_DNS) && (pGlobalConfig->bIsAdLds == FALSE))
       {
-         LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_FOREST_DNS, NULL, RootDse.forestDnsNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         bResult = LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_FOREST_DNS, NULL, RootDse.forestDnsNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         if (bResult == FALSE)
+            return FALSE;
       }
    }
 
@@ -404,6 +408,7 @@ Process (
             "[!] %sUnable to enumerate trust (error %u).%s",
             COLOR_RED, dwResult, COLOR_RESET
          );
+         return FALSE;
       }
       else
       {
@@ -437,7 +442,10 @@ Process (
                   "[.] Processing domain in forest: %S",
                   pTrust[i].DnsDomainName
                );
-               pProcessDomain(pGlobalConfig, USE_GLOBAL_CREDENTIALS, &pGlobalConfig->DomainConfig[i].RootDseConfig, szDomainServer, ulLdapPort, szRootDns, TRUE, FALSE);
+
+               bResult = pProcessDomain(pGlobalConfig, USE_GLOBAL_CREDENTIALS, &pGlobalConfig->DomainConfig[i].RootDseConfig, szDomainServer, ulLdapPort, szRootDns, TRUE, FALSE);
+               if (bResult == FALSE)
+                  return FALSE;
 
                _SafeHeapRelease(szDomainServer);
             }
@@ -460,7 +468,9 @@ Process (
 
    for (DWORD i = 0; i < pGlobalConfig->dwDomainCount; i++)
    {
-      pProcessDomain(pGlobalConfig, 0, &pGlobalConfig->DomainConfig[i].RootDseConfig, NULL, 0, szRootDns, FALSE, TRUE);
+      bResult = pProcessDomain(pGlobalConfig, 0, &pGlobalConfig->DomainConfig[i].RootDseConfig, NULL, 0, szRootDns, FALSE, TRUE);
+      if (bResult == FALSE)
+         return FALSE;
    }
 
    //
@@ -533,7 +543,15 @@ pLocateDc (
          "[!] %sUnable to locate DC for domain '%S'%s (error %u).",
          COLOR_RED, szDomainName, COLOR_RESET, dwResult
       );
-      return FALSE;
+
+      if (dwResult == ERROR_NO_SUCH_DOMAIN)
+      {
+         // This is a common error.
+         g_GlobalConfig.bProcessHasError = TRUE;
+         return TRUE;
+      }
+      else
+         return FALSE;
    }
 
    Log(
@@ -625,7 +643,9 @@ pProcessOtherNamingContexts (
          // Special case for NDNC or ADLS: get BASE_DOMAIN objects but prefix tables with STR_APPLICATION
          if (pGlobalConfig->pRequests[i].dwBase & BASE_DOMAIN)
          {
-            LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_APPLICATION, szPartition, pRootDse->pszNamingContexts[dwIdx], &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            bResult = LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_APPLICATION, szPartition, pRootDse->pszNamingContexts[dwIdx], &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            if (bResult == FALSE)
+               return FALSE;
          }
       }
 
@@ -716,6 +736,8 @@ pProcessDomain (
    // Process other NC (NDNC, AD-LDS)
    //
    bResult = pProcessOtherNamingContexts(pGlobalConfig, dwServerEntry, pRootDse, szServer, ulLdapPort, szRootDns, bRequestLdap, bWriteTableInfo);
+   if (bResult == FALSE)
+      return FALSE;
 
    //
    // Be sure NC were not previously proceeded
@@ -764,7 +786,7 @@ pProcessDomain (
       //
       if ((pGlobalConfig->pRequests[i].dwBase & BASE_ROOTDSE) && (bProcessDomain == TRUE))
       {
-         LdapProcessRequest(
+         bResult = LdapProcessRequest(
             pGlobalConfig,
             dwServerEntry,
             szServer, ulLdapPort,
@@ -778,6 +800,8 @@ pProcessDomain (
             bWriteTableInfo,
             TRUE
          );
+         if (bResult == FALSE)
+            return FALSE;
       }
 
       //
@@ -788,12 +812,16 @@ pProcessDomain (
       {
          if (pGlobalConfig->pRequests[i].dwBase & BASE_DOMAIN)
          {
-            LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_DOMAIN, szDomainDns, pRootDse->defaultNamingContext, &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            bResult = LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_DOMAIN, szDomainDns, pRootDse->defaultNamingContext, &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            if (bResult == FALSE)
+               return FALSE;
          }
 
          if ((pGlobalConfig->pRequests[i].dwBase & BASE_DOMAIN_DNS) && (bProcessDomainDns == TRUE))
          {
-            LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_DOMAIN_DNS, szDomainDns, pRootDse->domainDnsNamingContext, &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            bResult = LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_DOMAIN_DNS, szDomainDns, pRootDse->domainDnsNamingContext, &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            if (bResult == FALSE)
+               return FALSE;
          }
       }
 

diff --git a/LDAP.cpp b/LDAP.cpp
@@ -599,7 +599,8 @@ LdapProcessRequest (
                "[!] %sError in ldap_search_ext_s('%S', '%S')%s (error %u: %s).",
                COLOR_RED, szLdapBase, pRequest->szFilter, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
             );
-            goto End;
+            return FALSE;
+            //goto End;
          }
 
          ulEntriesCount = ldap_count_entries(
@@ -1166,7 +1167,8 @@ LdapProcessRequest (
                "[!] %sError in ldap_parse_result()%s (error %u: %s).",
                COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
             );
-            goto End;
+            return FALSE;
+            //goto End;
          }
 
          ulResult = ldap_parse_page_control(pLdapHandle, currControls, NULL, (berval * *)& pLdapNewCookie);
@@ -1177,7 +1179,8 @@ LdapProcessRequest (
                "[!] %sError in ldap_parse_page_control()%s (error %u: %s).",
                COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
             );
-            goto End;
+            return FALSE;
+            //goto End;
          }
 
          if ((pLdapNewCookie->bv_len == 0) || (pLdapNewCookie->bv_val == 0))
@@ -1199,7 +1202,8 @@ LdapProcessRequest (
                "[!] %sError in ldap_create_page_control()%s (error %u: %s).",
                COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
             );
-            goto End;
+            return FALSE;
+            //goto End;
          }
 
          ldap_msgfree(pLdapMessage);
@@ -1672,6 +1676,13 @@ pGetRangedAttribute (
          "[!] %sError in ldap_search_s(%S)%s (error %u: %s).",
          COLOR_RED, szRangeAttrName, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
       );
+
+      if (ulResult != LDAP_NO_SUCH_OBJECT)
+      {
+         // LDAP_NO_SUCH_OBJECT is a common error.
+         g_GlobalConfig.bProcessHasError = TRUE;
+      }
+
       goto End;
    }
 

diff --git a/Main.cpp b/Main.cpp
@@ -246,7 +246,15 @@ wmain (
       }
    }
 
-   Process(&g_GlobalConfig);
+   bResult = Process(&g_GlobalConfig);
+   if (bResult == FALSE)
+   {
+      Log(
+         __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
+         "[!] %sAn error has occurred during capture.%s Try to solve problem and try again.",
+         COLOR_RED, COLOR_RESET
+      );
+   }
 
    //
    // Release
@@ -256,6 +264,16 @@ wmain (
       __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_INFORMATION,
       "[.] %sEnd.%s", COLOR_CYAN, COLOR_RESET
    );
+
+   if (g_GlobalConfig.bProcessHasError == TRUE)
+   {
+      Log(
+         __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
+         "[!] %sAn error has occurred during capture.%s The dump may be partial. Check log and try again.",
+         COLOR_YELLOW, COLOR_RESET
+      );
+   }
+
    CloseHandle(g_hLogFile);
 
    //
@@ -285,6 +303,12 @@ wmain (
       MlaClose();
    }
 
+   // If dump has error, delete MLA file
+   if (bResult == FALSE)
+   {
+      DeleteFile(g_GlobalConfig.szMlaFilePath);
+   }
+
    _SafeCOMRelease(pXMLDocConfig);
    _SafeCOMRelease(pXMLDocSchema);
    CoUninitialize();
@@ -298,5 +322,8 @@ wmain (
    TraceLoggingUnregister(g_hOradadLoggingProvider);
 #endif
 
-   return EXIT_SUCCESS;
+   if (bResult == FALSE)
+      return EXIT_FAILURE;
+   else
+      return EXIT_SUCCESS;
 }
diff --git a/ORADAD.rc b/ORADAD.rc
diff --git a/Structures.h b/Structures.h
@@ -273,4 +273,7 @@ typedef struct _GLOBAL_CONFIG
    WCHAR szFileSysvolOutDirectory[MAX_PATH];
    WCHAR szMlaOutDirectory[MAX_PATH];
    WCHAR szMlaSysvolOutDirectory[MAX_PATH];
+   WCHAR szMlaFilePath[MAX_PATH];
+
+   BOOL bProcessHasError;
 } GLOBAL_CONFIG, *PGLOBAL_CONFIG;