Better error handling for connection issues, better formatting, ability to edit the attributes list for the Explorer / Search pages, and bugfixes.

Author: Macmod

pkg/ldaputils/actions.go

@@ -180,6 +180,10 @@ func (lc *LDAPConn) KerbBindWithCCache(ccachePath string, server string, krbDoma
 
 // Search
 func (lc *LDAPConn) Query(baseDN string, searchFilter string, scope int, showDeleted bool) ([]*ldap.Entry, error) {
+	return lc.QueryWithAttrs(baseDN, searchFilter, scope, showDeleted, []string{})
+}
+
+func (lc *LDAPConn) QueryWithAttrs(baseDN string, searchFilter string, scope int, showDeleted bool, attrs []string) ([]*ldap.Entry, error) {
 	var controls []ldap.Control = nil
 	if showDeleted {
 		controls = []ldap.Control{ldap.NewControlMicrosoftShowDeleted()}
@@ -189,7 +193,7 @@ func (lc *LDAPConn) Query(baseDN string, searchFilter string, scope int, showDel
 		baseDN,
 		scope, ldap.NeverDerefAliases, 0, 0, false,
 		searchFilter,
-		[]string{},
+		attrs,
 		controls,
 	)
 

pkg/ldaputils/formats.go

@@ -238,6 +238,22 @@ func ParseUACFlags(uacInt int) []string {
 	return uacFlagsList
 }
 
+func parseBitFlags(v uint32, flagMap map[uint32]string) []string {
+	keys := make([]uint32, 0, len(flagMap))
+	for k := range flagMap {
+		keys = append(keys, k)
+	}
+	sort.Slice(keys, func(i, j int) bool { return keys[i] < keys[j] })
+
+	var result []string
+	for _, bit := range keys {
+		if v&bit != 0 {
+			result = append(result, flagMap[bit])
+		}
+	}
+	return result
+}
+
 func ParseSystemFlags(v uint32) []string {
 	sysFlagKeys := make([]uint32, 0)
 	for k := range SystemFlags {
@@ -300,27 +316,52 @@ func FormatLDAPAttribute(attr *ldap.EntryAttribute, timeFormat string, timeOffse
 	}
 
 	/* Special parsing for bitset expansions */
-	if attr.Name == "userAccountControl" || attr.Name == "systemFlags" {
-		switch attr.Name {
-		case "userAccountControl":
-			uacInt, err := strconv.Atoi(attr.Values[0])
-			if err == nil {
-				formattedEntries = ParseUACFlags(uacInt)
+	bitsetAttrs := map[string]func(string) []string{
+		"userAccountControl": func(v string) []string {
+			i, err := strconv.Atoi(v)
+			if err != nil {
+				return nil
 			}
-		case "systemFlags":
-			intValue, err := strconv.ParseInt(attr.Values[0], 10, 64)
-			if err == nil {
-				formattedEntries = ParseSystemFlags(uint32(intValue))
+			return ParseUACFlags(i)
+		},
+		"systemFlags": func(v string) []string {
+			i, err := strconv.ParseInt(v, 10, 64)
+			if err != nil {
+				return nil
 			}
-		}
+			return ParseSystemFlags(uint32(i))
+		},
+		"trustAttributes": func(v string) []string {
+			i, err := strconv.ParseUint(v, 10, 32)
+			if err != nil {
+				return nil
+			}
+			return parseBitFlags(uint32(i), TrustAttributeFlags)
+		},
+		"pwdProperties": func(v string) []string {
+			i, err := strconv.ParseUint(v, 10, 32)
+			if err != nil {
+				return nil
+			}
+			return parseBitFlags(uint32(i), PwdPropertiesFlags)
+		},
+		"searchFlags": func(v string) []string {
+			i, err := strconv.ParseUint(v, 10, 32)
+			if err != nil {
+				return nil
+			}
+			return parseBitFlags(uint32(i), SearchFlagsMap)
+		},
+	}
 
+	if parseFn, ok := bitsetAttrs[attr.Name]; ok {
+		formattedEntries = parseFn(attr.Values[0])
 		for _, x := range formattedEntries {
 			formattedAttrValues = append(formattedAttrValues, FormattedAttrValue{
 				OriginalValue:  attr.Values[0],
 				FormattedValue: x,
 			})
 		}
-
 		return FormattedAttr{formattedAttrValues}
 	}
 
@@ -329,9 +370,9 @@ func FormatLDAPAttribute(attr *ldap.EntryAttribute, timeFormat string, timeOffse
 		// Format the value
 		var formattedEntry string
 		switch attr.Name {
-		case "objectSid":
+		case "objectSid", "securityIdentifier":
 			formattedEntry = "SID{" + ConvertSID(hex.EncodeToString(attr.ByteValues[idx])) + "}"
-		case "objectGUID", "schemaIDGUID":
+		case "objectGUID", "schemaIDGUID", "attributeSecurityGUID":
 			formattedEntry = "GUID{" + ConvertGUID(hex.EncodeToString(attr.ByteValues[idx])) + "}"
 		case "whenCreated", "whenChanged":
 			formattedEntry = FormatLDAPTime(val, timeFormat, timeOffset)
@@ -371,7 +412,7 @@ func FormatLDAPAttribute(attr *ldap.EntryAttribute, timeFormat string, timeOffse
 			if ok {
 				formattedEntry = instanceType
 			}
-		case "logonHours", "dSASignature":
+		case "logonHours", "dSASignature", "oMObjectClass", "cACertificate":
 			formattedEntry = "HEX{" + hex.EncodeToString(attr.ByteValues[idx]) + "}"
 		case "msDS-MaximumPasswordAge", "msDS-MinimumPasswordAge", "msDS-LockoutDuration", "msDS-LockoutObservationWindow", "lockoutDuration", "lockOutObservationWindow", "maxPwdAge", "minPwdAge", "forceLogoff", "msDS-UserTGTLifetime", "msDS-ComputerTGTLifetime", "msDS-ServiceTGTLifetime":
 			duration, err := ParseMSDuration(val)

pkg/ldaputils/vars.go

@@ -178,6 +178,51 @@ var InstanceTypeMap = map[int]string{
 	32: "NamingContextRemovalFromDSA",
 }
 
+// Reference:
+// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d2435927-0999-4c62-8c6d-13ba31a52e1a
+var TrustAttributeFlags = map[uint32]string{
+	0x00000001: "NON_TRANSITIVE",
+	0x00000002: "UPLEVEL_ONLY",
+	0x00000004: "QUARANTINED_DOMAIN",
+	0x00000008: "FOREST_TRANSITIVE",
+	0x00000010: "CROSS_ORGANIZATION",
+	0x00000020: "WITHIN_FOREST",
+	0x00000040: "TREAT_AS_EXTERNAL",
+	0x00000080: "USES_RC4_ENCRYPTION",
+	0x00000200: "CROSS_ORGANIZATION_NO_TGT_DELEGATION",
+	0x00000400: "PIM_TRUST",
+	0x00000800: "CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION",
+}
+
+// Reference:
+// https://learn.microsoft.com/en-us/windows/win32/adschema/a-pwdproperties
+var PwdPropertiesFlags = map[uint32]string{
+	0x00000001: "PASSWORD_COMPLEX",
+	0x00000002: "PASSWORD_NO_ANON_CHANGE",
+	0x00000004: "PASSWORD_NO_CLEAR_CHANGE",
+	0x00000008: "LOCKOUT_ADMINS",
+	0x00000010: "PASSWORD_STORE_CLEARTEXT",
+	0x00000020: "REFUSE_PASSWORD_CHANGE",
+}
+
+// Reference:
+// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d2435927-0999-4c62-8c6d-13ba31a52e1a
+var SearchFlagsMap = map[uint32]string{
+	0x00000001: "fATTINDEX",
+	0x00000002: "fPDNTATTINDEX",
+	0x00000004: "fANR",
+	0x00000008: "fPRESERVEONDELETE",
+	0x00000010: "fCOPY",
+	0x00000020: "fTUPLEINDEX",
+	0x00000040: "fSUBTREEATTINDEX",
+	0x00000080: "fCONFIDENTIAL",
+	0x00000100: "fNEVERVALUEAUDIT",
+	0x00000200: "fRODCFilteredAttribute",
+	0x00000400: "fEXTENDEDLINKTRACKING",
+	0x00000800: "fBASEONLY",
+	0x00001000: "fPARTITIONSECRET",
+}
+
 type LibQuery struct {
 	Title  string
 	Filter string

tui/ace.go

@@ -140,7 +140,7 @@ func removeAce(aceIdx int) {
 			}
 		}
 	} else {
-		updateLog(fmt.Sprint(err), "red")
+		handleLDAPError(err)
 	}
 }
 
@@ -248,7 +248,7 @@ func createOrUpdateAce(aceIdx int, newAllowOrDeny bool, newACEFlags int, newMask
 		// Update selection
 		selectDaclEntry(newACE)
 	} else {
-		updateLog(fmt.Sprint(err), "red")
+		handleLDAPError(err)
 	}
 }
 

tui/dacl.go

@@ -365,7 +365,7 @@ func updateDaclEntries() {
 
 		daclEntriesPanel.Select(1, 1)
 	} else {
-		updateLog(fmt.Sprint(err), "red")
+		handleLDAPError(err)
 	}
 }
 
@@ -465,7 +465,7 @@ func loadChangeOwnerForm() {
 
 				go app.QueueUpdateDraw(updateDaclEntries)
 			} else {
-				updateLog(fmt.Sprint(err), "red")
+				handleLDAPError(err)
 			}
 			app.SetRoot(appPanel, true).SetFocus(daclEntriesPanel)
 		})
@@ -541,7 +541,7 @@ func loadChangeControlFlagsForm() {
 				updateLog("Control flags updated for '"+object+"'", "green")
 				go app.QueueUpdateDraw(updateDaclEntries)
 			} else {
-				updateLog(fmt.Sprint(err), "red")
+				handleLDAPError(err)
 			}
 
 			app.SetRoot(appPanel, true).SetFocus(daclEntriesPanel)

tui/dns.go

@@ -219,7 +219,7 @@ func reloadADIDNSNode(currentNode *tview.TreeNode) {
 	if err == nil {
 		updateLog(fmt.Sprintf("Loaded node '%s'", node.DN), "green")
 	} else {
-		updateLog(fmt.Sprint(err), "red")
+		handleLDAPError(err)
 	}
 
 	showDetails(node.DN)
@@ -315,7 +315,7 @@ func loadZoneNodes(zoneNode *tview.TreeNode) int {
 
 	nodes, err := lc.GetADIDNSNodes(zoneDN)
 	if err != nil {
-		updateLog(fmt.Sprint(err), "red")
+		handleLDAPError(err)
 		return -1
 	}
 
@@ -649,8 +649,17 @@ func queryDnsZones(targetZone string) {
 	app.QueueUpdateDraw(func() {
 		updateLog("Querying ADIDNS zones...", "yellow")
 
-		domainZones, _ = lc.GetADIDNSZones(targetZone, false)
-		forestZones, _ = lc.GetADIDNSZones(targetZone, true)
+		var domainErr, forestErr error
+		domainZones, domainErr = lc.GetADIDNSZones(targetZone, false)
+		if domainErr != nil {
+			handleLDAPError(domainErr)
+			return
+		}
+		forestZones, forestErr = lc.GetADIDNSZones(targetZone, true)
+		if forestErr != nil {
+			handleLDAPError(forestErr)
+			return
+		}
 
 		totalZones := len(domainZones) + len(forestZones)
 		if totalZones == 0 {

tui/dnsmodify.go

@@ -46,7 +46,7 @@ func addZoneHandler(zoneForm *XForm, currentFocus tview.Primitive) func() {
 		zoneDN, err := lc.AddADIDNSZone(zoneName, defaultProps, isForest)
 
 		if err != nil {
-			updateLog(fmt.Sprint(err), "red")
+			handleLDAPError(err)
 			app.SetRoot(appPanel, true).SetFocus(currentFocus)
 			return
 		}
@@ -321,7 +321,7 @@ func openActionNodeForm(target *tview.TreeNode, update bool) {
 		}
 
 		if err != nil {
-			updateLog(fmt.Sprint(err), "red")
+			handleLDAPError(err)
 			app.SetRoot(appPanel, true).SetFocus(currentFocus)
 			return
 		}
@@ -492,7 +492,7 @@ func openDeleteRecordForm(record *tview.TreeNode) {
 
 				err = lc.ReplaceADIDNSRecords(nodeDN, updateRecords)
 				if err != nil {
-					updateLog(fmt.Sprint(err), "red")
+					handleLDAPError(err)
 					app.SetRoot(appPanel, true).SetFocus(currentFocus)
 					return
 				}