Small code refactor

c/meterpreter/source/extensions/extapi/adsi_interface.cpp

@@ -18,12 +18,12 @@ extern "C" {
 
 static const IID IID_IDirectorySearch = { 0x109BA8EC, 0x92F0, 0x11D0, { 0xA7, 0x90, 0x00, 0xC0, 0x4F, 0xD8, 0xD5, 0xA8 } };
 
-DWORD domain_user_enum(LPCWSTR lpDomain, Packet* response)
+DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols, TlvType* tlvIds, UINT queryColCount, TlvType groupTlvId, Packet* response)
 {
 	HRESULT hResult;
 	WCHAR cbPath[PATH_SIZE];
 
-	swprintf_s(cbPath, PATH_SIZE - 1, L"LDAP://%s", lpDomain);
+	swprintf_s(cbPath, PATH_SIZE - 1, L"LDAP://%s", lpwDomain);
 
 	if ((hResult = CoInitialize(NULL)) == S_OK)
 	{
@@ -40,18 +40,8 @@ DWORD domain_user_enum(LPCWSTR lpDomain, Packet* response)
 				break;
 			}
 
-			// These two arrays need to be matched up so that the appropriate TLV gets the right value.
-			//LPWSTR pszAttr[] = { L"samAccountName", L"msDS-User-Account-Control-Computed", L"description",
-				//L"Name", L"distinguishedname", L"comment" };
-			//DWORD tlvIds[] = { TLV_TYPE_EXT_ADSI_USER_SAM, TLV_TYPE_EXT_ADSI_USER_LOCKOUTTIME, TLV_TYPE_EXT_ADSI_USER_DESC,
-				//TLV_TYPE_EXT_ADSI_USER_NAME, TLV_TYPE_EXT_ADSI_USER_DN, TLV_TYPE_EXT_ADSI_USER_COMMENT };
-			LPWSTR pszAttr[] = { L"samAccountName", L"description", L"Name", L"distinguishedname", L"comment" };
-			DWORD tlvIds[] = { TLV_TYPE_EXT_ADSI_USER_SAM, TLV_TYPE_EXT_ADSI_USER_DESC,
-				TLV_TYPE_EXT_ADSI_USER_NAME, TLV_TYPE_EXT_ADSI_USER_DN, TLV_TYPE_EXT_ADSI_USER_COMMENT };
-			DWORD dwAttrNameSize = sizeof(pszAttr) / sizeof(LPWSTR);
-
 			// run the search for the values listed above
-			hResult = pDirSearch->ExecuteSearch(L"(objectClass=user)", pszAttr, dwAttrNameSize, &hSearch);
+			hResult = pDirSearch->ExecuteSearch(lpwFilter, lpwQueryCols, queryColCount, &hSearch);
 			if (hResult != S_OK)
 			{
 				dprintf("[ADSI] Unable to execute the search");
@@ -59,8 +49,8 @@ DWORD domain_user_enum(LPCWSTR lpDomain, Packet* response)
 			}
 
 			ADS_SEARCH_COLUMN col;
-			Tlv* entries = (Tlv*)malloc(dwAttrNameSize * sizeof(Tlv));
+			Tlv* entries = (Tlv*)malloc(queryColCount * sizeof(Tlv));
-			char* values = (char*)malloc(VALUE_SIZE * dwAttrNameSize);
+			char* values = (char*)malloc(VALUE_SIZE * queryColCount);
 
 			// now we iterate through the search results
 			while (SUCCEEDED((hResult = pDirSearch->GetNextRow(hSearch))))
@@ -79,9 +69,9 @@ DWORD domain_user_enum(LPCWSTR lpDomain, Packet* response)
 
 				// iterate through the columns, adding Tlv entries as we go, but only
 				// if we can get the values out.
-				for (DWORD colIndex = 0; colIndex < dwAttrNameSize; ++colIndex)
+				for (DWORD colIndex = 0; colIndex < queryColCount; ++colIndex)
 				{
-					HRESULT hr = pDirSearch->GetColumn(hSearch, pszAttr[dwIndex], &col);
+					HRESULT hr = pDirSearch->GetColumn(hSearch, lpwQueryCols[dwIndex], &col);
 					if (SUCCEEDED(hr))
 					{
 						char* valueTarget = values + (dwIndex * VALUE_SIZE);
@@ -125,7 +115,7 @@ DWORD domain_user_enum(LPCWSTR lpDomain, Packet* response)
 				{
 					dprintf("[ADSI] Adding group packet of %u values", dwIndex);
 					// Throw the user details together in a group, ready to return.
-					packet_add_tlv_group(response, TLV_TYPE_EXT_ADSI_USER, entries, dwIndex);
+					packet_add_tlv_group(response, groupTlvId, entries, dwIndex);
 					dprintf("[ADSI] Added group packet of %u values", dwIndex);
 				}
 				else
@@ -154,115 +144,22 @@ DWORD domain_user_enum(LPCWSTR lpDomain, Packet* response)
 	return (DWORD)hResult;
 }
 
-DWORD domain_computer_enum(LPCWSTR lpDomain, Packet* response)
+DWORD domain_user_enum(LPCWSTR lpwDomain, Packet* response)
 {
-	HRESULT hResult;
+	LPWSTR lpwFields[] = { L"samAccountName", L"description", L"Name", L"distinguishedname", L"comment" };
-	WCHAR cbPath[PATH_SIZE];
+	TlvType tlvIds[] = { TLV_TYPE_EXT_ADSI_USER_SAM, TLV_TYPE_EXT_ADSI_USER_DESC,
+		TLV_TYPE_EXT_ADSI_USER_NAME, TLV_TYPE_EXT_ADSI_USER_DN, TLV_TYPE_EXT_ADSI_USER_COMMENT };
+	DWORD dwCols = sizeof(lpwFields) / sizeof(LPWSTR);
 
-	swprintf_s(cbPath, PATH_SIZE - 1, L"LDAP://%s", lpDomain);
+	return domain_query(lpwDomain, L"(objectClass=user)", lpwFields, tlvIds, dwCols, TLV_TYPE_EXT_ADSI_USER, response);
+}
 
-	if ((hResult = CoInitialize(NULL)) == S_OK)
+DWORD domain_computer_enum(LPCWSTR lpwDomain, Packet* response)
-	{
+{
-		IDirectorySearch* pDirSearch = NULL;
+	LPWSTR lpwFields[] = { L"description", L"Name", L"distinguishedname", L"comment" };
-		ADS_SEARCH_HANDLE hSearch = NULL;
+	TlvType tlvIds[] = { TLV_TYPE_EXT_ADSI_COMP_DESC, TLV_TYPE_EXT_ADSI_COMP_NAME,
+		TLV_TYPE_EXT_ADSI_COMP_DN, TLV_TYPE_EXT_ADSI_COMP_COMMENT };
+	DWORD dwCols = sizeof(lpwFields) / sizeof(LPWSTR);
 
-		do
+	return domain_query(lpwDomain, L"(objectClass=computer)", lpwFields, tlvIds, dwCols, TLV_TYPE_EXT_ADSI_COMP, response);
-		{
-			// start by trying to create the search object which we can use to run searches
-			hResult = ADsOpenObject(cbPath, NULL, NULL, ADS_SECURE_AUTHENTICATION | ADS_READONLY_SERVER, IID_IDirectorySearch, (void**)&pDirSearch);
-			if (hResult != S_OK)
-			{
-				dprintf("[ADSI] Unable to open domain: %x", hResult);
-				break;
-			}
-
-			// These two arrays need to be matched up so that the appropriate TLV gets the right value.
-			LPWSTR pszAttr[] = { L"description", L"Name", L"distinguishedname", L"comment" };
-			DWORD tlvIds[] = { TLV_TYPE_EXT_ADSI_COMP_DESC, TLV_TYPE_EXT_ADSI_COMP_NAME, TLV_TYPE_EXT_ADSI_COMP_DN, TLV_TYPE_EXT_ADSI_COMP_COMMENT };
-			DWORD dwAttrNameSize = sizeof(pszAttr) / sizeof(LPWSTR);
-
-			// run the search for the values listed above
-			hResult = pDirSearch->ExecuteSearch(L"(objectClass=computer)", pszAttr, dwAttrNameSize, &hSearch);
-			if (hResult != S_OK)
-			{
-				dprintf("[ADSI] Unable to execute the search");
-				break;
-			}
-
-			ADS_SEARCH_COLUMN col;
-			Tlv* entries = (Tlv*)malloc(dwAttrNameSize * sizeof(Tlv));
-			char* values = (char*)malloc(VALUE_SIZE * dwAttrNameSize);
-
-			// now we iterate through the search results
-			while (SUCCEEDED((hResult = pDirSearch->GetNextRow(hSearch))))
-			{
-				if (hResult == S_ADS_NOMORE_ROWS)
-				{
-					hResult = S_OK;
-
-					// out of results, so bomb out of the loop
-					break;
-				}
-
-				DWORD dwIndex = 0;
-				size_t charsConverted;
-
-				// iterate through the columns, adding Tlv entries as we go, but only
-				// if we can get the values out.
-				for (DWORD colIndex = 0; colIndex < dwAttrNameSize; ++colIndex)
-				{
-					HRESULT hr = pDirSearch->GetColumn(hSearch, pszAttr[dwIndex], &col);
-					if (SUCCEEDED(hr))
-					{
-						char* valueTarget = values + (dwIndex * VALUE_SIZE);
-						WCHAR* source = col.dwADsType == ADSTYPE_CASE_IGNORE_STRING
-							? col.pADsValues->CaseIgnoreString
-							: col.pADsValues->CaseExactString;
-
-						wcstombs_s(&charsConverted, valueTarget, VALUE_SIZE, source, VALUE_SIZE - 1);
-						dprintf("[ADSI] Adding %s", valueTarget);
-						entries[dwIndex].header.type = tlvIds[dwIndex];
-						entries[dwIndex].header.length = lstrlenA(valueTarget) + 1;
-						entries[dwIndex].buffer = (PUCHAR)valueTarget;
-						dwIndex++;
-
-						pDirSearch->FreeColumn(&col);
-					}
-					else
-					{
-						dprintf("[ADSI] Col read failed: %x", hr);
-					}
-				}
-
-				if (dwIndex > 0)
-				{
-					dprintf("[ADSI] Adding group packet of %u values", dwIndex);
-					// Throw the computer details together in a group, ready to return.
-					packet_add_tlv_group(response, TLV_TYPE_EXT_ADSI_COMP, entries, dwIndex);
-					dprintf("[ADSI] Added group packet of %u values", dwIndex);
-				}
-				else
-				{
-					dprintf("[ADSI] Computer found, but no fields extracted.");
-				}
-			}
-
-			free(entries);
-			free(values);
-		} while (0);
-
-		if (hSearch != NULL)
-		{
-			pDirSearch->CloseSearchHandle(hSearch);
-		}
-
-		if (pDirSearch != NULL)
-		{
-			pDirSearch->Release();
-		}
-
-		CoUninitialize();
-	}
-
-	return (DWORD)hResult;
 }