From 3df8164cfa05fe8cbbaf4e8559dc2da3a6524073 Mon Sep 17 00:00:00 2001
From: Bureau Audit <audit@ssi>
Date: Tue, 12 Jul 2022 09:18:01 +0200
Subject: [PATCH] 3.1.180

---
 Engine.cpp   |  56 ++++++++++++++++++++++++++++++++++++++-------------
 LDAP.cpp     |  19 +++++++++++++----
 Main.cpp     |  31 ++++++++++++++++++++++++++--
 ORADAD.rc    | Bin 5202 -> 5202 bytes
 Structures.h |   3 +++
 5 files changed, 89 insertions(+), 20 deletions(-)

diff --git a/Engine.cpp b/Engine.cpp
index 162ae5c..a99e38d 100644
--- a/Engine.cpp
+++ b/Engine.cpp
@@ -163,8 +163,6 @@ Process (
 
    if (pGlobalConfig->bOutputMLA == TRUE)
    {
-      WCHAR szMlaFilePath[MAX_PATH];
-
       // <forest>\<date>
       swprintf(
          pGlobalConfig->szMlaOutDirectory, MAX_PATH,
@@ -185,14 +183,14 @@ Process (
       // Open MLA output file
       //
       swprintf(
-         szMlaFilePath, MAX_PATH,
+         pGlobalConfig->szMlaFilePath, MAX_PATH,
          L"%s\\%s_%s.mla",
          pGlobalConfig->szOutDirectory,
          szRootDns,
          pGlobalConfig->szSystemTime
       );
 
-      bResult = MlaInit(szMlaFilePath);
+      bResult = MlaInit(pGlobalConfig->szMlaFilePath);
       if (bResult == FALSE)
          return FALSE;
    }
@@ -327,18 +325,24 @@ Process (
    {
       if (pGlobalConfig->pRequests[i].dwBase & BASE_CONFIGURATION)
       {
-         LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_CONFIGURATION, NULL, RootDse.configurationNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         bResult = LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_CONFIGURATION, NULL, RootDse.configurationNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         if (bResult == FALSE)
+            return FALSE;
       }
 
       if (pGlobalConfig->pRequests[i].dwBase & BASE_SCHEMA)
       {
-         LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_SCHEMA, NULL, RootDse.schemaNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         bResult = LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_SCHEMA, NULL, RootDse.schemaNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         if (bResult == FALSE)
+            return FALSE;
       }
 
       // Forest DNS, but only with AD-DS
       if ((pGlobalConfig->pRequests[i].dwBase & BASE_FOREST_DNS) && (pGlobalConfig->bIsAdLds == FALSE))
       {
-         LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_FOREST_DNS, NULL, RootDse.forestDnsNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         bResult = LdapProcessRequest(pGlobalConfig, 0, szServer, ulLdapPort, RootDse.bIsLocalAdmin, szRootDns, STR_FOREST_DNS, NULL, RootDse.forestDnsNamingContext, &pGlobalConfig->pRequests[i], TRUE, TRUE, FALSE);
+         if (bResult == FALSE)
+            return FALSE;
       }
    }
 
@@ -404,6 +408,7 @@ Process (
             "[!] %sUnable to enumerate trust (error %u).%s",
             COLOR_RED, dwResult, COLOR_RESET
          );
+         return FALSE;
       }
       else
       {
@@ -437,7 +442,10 @@ Process (
                   "[.] Processing domain in forest: %S",
                   pTrust[i].DnsDomainName
                );
-               pProcessDomain(pGlobalConfig, USE_GLOBAL_CREDENTIALS, &pGlobalConfig->DomainConfig[i].RootDseConfig, szDomainServer, ulLdapPort, szRootDns, TRUE, FALSE);
+
+               bResult = pProcessDomain(pGlobalConfig, USE_GLOBAL_CREDENTIALS, &pGlobalConfig->DomainConfig[i].RootDseConfig, szDomainServer, ulLdapPort, szRootDns, TRUE, FALSE);
+               if (bResult == FALSE)
+                  return FALSE;
 
                _SafeHeapRelease(szDomainServer);
             }
@@ -460,7 +468,9 @@ Process (
 
    for (DWORD i = 0; i < pGlobalConfig->dwDomainCount; i++)
    {
-      pProcessDomain(pGlobalConfig, 0, &pGlobalConfig->DomainConfig[i].RootDseConfig, NULL, 0, szRootDns, FALSE, TRUE);
+      bResult = pProcessDomain(pGlobalConfig, 0, &pGlobalConfig->DomainConfig[i].RootDseConfig, NULL, 0, szRootDns, FALSE, TRUE);
+      if (bResult == FALSE)
+         return FALSE;
    }
 
    //
@@ -533,7 +543,15 @@ pLocateDc (
          "[!] %sUnable to locate DC for domain '%S'%s (error %u).",
          COLOR_RED, szDomainName, COLOR_RESET, dwResult
       );
-      return FALSE;
+
+      if (dwResult == ERROR_NO_SUCH_DOMAIN)
+      {
+         // This is a common error.
+         g_GlobalConfig.bProcessHasError = TRUE;
+         return TRUE;
+      }
+      else
+         return FALSE;
    }
 
    Log(
@@ -625,7 +643,9 @@ pProcessOtherNamingContexts (
          // Special case for NDNC or ADLS: get BASE_DOMAIN objects but prefix tables with STR_APPLICATION
          if (pGlobalConfig->pRequests[i].dwBase & BASE_DOMAIN)
          {
-            LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_APPLICATION, szPartition, pRootDse->pszNamingContexts[dwIdx], &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            bResult = LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_APPLICATION, szPartition, pRootDse->pszNamingContexts[dwIdx], &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            if (bResult == FALSE)
+               return FALSE;
          }
       }
 
@@ -716,6 +736,8 @@ pProcessDomain (
    // Process other NC (NDNC, AD-LDS)
    //
    bResult = pProcessOtherNamingContexts(pGlobalConfig, dwServerEntry, pRootDse, szServer, ulLdapPort, szRootDns, bRequestLdap, bWriteTableInfo);
+   if (bResult == FALSE)
+      return FALSE;
 
    //
    // Be sure NC were not previously proceeded
@@ -764,7 +786,7 @@ pProcessDomain (
       //
       if ((pGlobalConfig->pRequests[i].dwBase & BASE_ROOTDSE) && (bProcessDomain == TRUE))
       {
-         LdapProcessRequest(
+         bResult = LdapProcessRequest(
             pGlobalConfig,
             dwServerEntry,
             szServer, ulLdapPort,
@@ -778,6 +800,8 @@ pProcessDomain (
             bWriteTableInfo,
             TRUE
          );
+         if (bResult == FALSE)
+            return FALSE;
       }
 
       //
@@ -788,12 +812,16 @@ pProcessDomain (
       {
          if (pGlobalConfig->pRequests[i].dwBase & BASE_DOMAIN)
          {
-            LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_DOMAIN, szDomainDns, pRootDse->defaultNamingContext, &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            bResult = LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_DOMAIN, szDomainDns, pRootDse->defaultNamingContext, &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            if (bResult == FALSE)
+               return FALSE;
          }
 
          if ((pGlobalConfig->pRequests[i].dwBase & BASE_DOMAIN_DNS) && (bProcessDomainDns == TRUE))
          {
-            LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_DOMAIN_DNS, szDomainDns, pRootDse->domainDnsNamingContext, &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            bResult = LdapProcessRequest(pGlobalConfig, dwServerEntry, szServer, ulLdapPort, pRootDse->bIsLocalAdmin, szRootDns, STR_DOMAIN_DNS, szDomainDns, pRootDse->domainDnsNamingContext, &pGlobalConfig->pRequests[i], bRequestLdap, bWriteTableInfo, FALSE);
+            if (bResult == FALSE)
+               return FALSE;
          }
       }
 
diff --git a/LDAP.cpp b/LDAP.cpp
index 4220388..e858bb5 100644
--- a/LDAP.cpp
+++ b/LDAP.cpp
@@ -599,7 +599,8 @@ LdapProcessRequest (
                "[!] %sError in ldap_search_ext_s('%S', '%S')%s (error %u: %s).",
                COLOR_RED, szLdapBase, pRequest->szFilter, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
             );
-            goto End;
+            return FALSE;
+            //goto End;
          }
 
          ulEntriesCount = ldap_count_entries(
@@ -1166,7 +1167,8 @@ LdapProcessRequest (
                "[!] %sError in ldap_parse_result()%s (error %u: %s).",
                COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
             );
-            goto End;
+            return FALSE;
+            //goto End;
          }
 
          ulResult = ldap_parse_page_control(pLdapHandle, currControls, NULL, (berval * *)& pLdapNewCookie);
@@ -1177,7 +1179,8 @@ LdapProcessRequest (
                "[!] %sError in ldap_parse_page_control()%s (error %u: %s).",
                COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
             );
-            goto End;
+            return FALSE;
+            //goto End;
          }
 
          if ((pLdapNewCookie->bv_len == 0) || (pLdapNewCookie->bv_val == 0))
@@ -1199,7 +1202,8 @@ LdapProcessRequest (
                "[!] %sError in ldap_create_page_control()%s (error %u: %s).",
                COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
             );
-            goto End;
+            return FALSE;
+            //goto End;
          }
 
          ldap_msgfree(pLdapMessage);
@@ -1672,6 +1676,13 @@ pGetRangedAttribute (
          "[!] %sError in ldap_search_s(%S)%s (error %u: %s).",
          COLOR_RED, szRangeAttrName, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
       );
+
+      if (ulResult != LDAP_NO_SUCH_OBJECT)
+      {
+         // LDAP_NO_SUCH_OBJECT is a common error.
+         g_GlobalConfig.bProcessHasError = TRUE;
+      }
+
       goto End;
    }
 
diff --git a/Main.cpp b/Main.cpp
index 212f32f..4346937 100644
--- a/Main.cpp
+++ b/Main.cpp
@@ -246,7 +246,15 @@ wmain (
       }
    }
 
-   Process(&g_GlobalConfig);
+   bResult = Process(&g_GlobalConfig);
+   if (bResult == FALSE)
+   {
+      Log(
+         __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
+         "[!] %sAn error has occurred during capture.%s Try to solve problem and try again.",
+         COLOR_RED, COLOR_RESET
+      );
+   }
 
    //
    // Release
@@ -256,6 +264,16 @@ wmain (
       __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_INFORMATION,
       "[.] %sEnd.%s", COLOR_CYAN, COLOR_RESET
    );
+
+   if (g_GlobalConfig.bProcessHasError == TRUE)
+   {
+      Log(
+         __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
+         "[!] %sAn error has occurred during capture.%s The dump may be partial. Check log and try again.",
+         COLOR_YELLOW, COLOR_RESET
+      );
+   }
+
    CloseHandle(g_hLogFile);
 
    //
@@ -285,6 +303,12 @@ wmain (
       MlaClose();
    }
 
+   // If dump has error, delete MLA file
+   if (bResult == FALSE)
+   {
+      DeleteFile(g_GlobalConfig.szMlaFilePath);
+   }
+
    _SafeCOMRelease(pXMLDocConfig);
    _SafeCOMRelease(pXMLDocSchema);
    CoUninitialize();
@@ -298,5 +322,8 @@ wmain (
    TraceLoggingUnregister(g_hOradadLoggingProvider);
 #endif
 
-   return EXIT_SUCCESS;
+   if (bResult == FALSE)
+      return EXIT_FAILURE;
+   else
+      return EXIT_SUCCESS;
 }
\ No newline at end of file
diff --git a/ORADAD.rc b/ORADAD.rc
index a7a0a87933e492ad00e51888a8c1c7397dc7fe44..d27c417e78b7a4ac5ba85fe58029a622cf6b9c36 100644
GIT binary patch
delta 90
zcmcblaY<uC1qZJogARiM5F0XBFc?g3<<LYG*}R+MFcVNn52#2Fs^}t@?&clb7Z@>w
L#W%0vUB(6gVNnyT

delta 90
zcmcblaY<uC1qZJIgAM}-8#0(Pm`!fw&_os4yqn`N6HrJGs7Md0=pvWy<{jJ@7%_y!
KH?QGc#s&amtrNTe

diff --git a/Structures.h b/Structures.h
index 62899fd..6835c3f 100644
--- a/Structures.h
+++ b/Structures.h
@@ -273,4 +273,7 @@ typedef struct _GLOBAL_CONFIG
    WCHAR szFileSysvolOutDirectory[MAX_PATH];
    WCHAR szMlaOutDirectory[MAX_PATH];
    WCHAR szMlaSysvolOutDirectory[MAX_PATH];
+   WCHAR szMlaFilePath[MAX_PATH];
+
+   BOOL bProcessHasError;
 } GLOBAL_CONFIG, *PGLOBAL_CONFIG;
\ No newline at end of file