From 90d9ba3788aa065da081a23de67cc30fb8143865 Mon Sep 17 00:00:00 2001
From: Bureau Audit <audit@ssi>
Date: Tue, 22 Mar 2022 15:45:16 +0100
Subject: [PATCH] 3.0.176

---
 Buffer.cpp        |  17 +++++++++++------
 Engine.cpp        |  13 ++++++++-----
 Filters.cpp       |   3 ++-
 LDAP.cpp          |  29 ++++++++++++++++++-----------
 MLA.cpp           |   3 ++-
 ORADAD.rc         | Bin 5202 -> 5202 bytes
 Sysvol.cpp        |  41 ++++++++++++++++++++++++-----------------
 Util.cpp          |   3 ++-
 XML.cpp           |   3 ++-
 oradad-schema.xml |  30 +++++++++++++++++++++++-------
 10 files changed, 92 insertions(+), 50 deletions(-)

diff --git a/Buffer.cpp b/Buffer.cpp
index 3ca280f..44aabcd 100644
--- a/Buffer.cpp
+++ b/Buffer.cpp
@@ -46,8 +46,9 @@ BufferInitialize (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sUnable to open outfile '%S'%s (error %u).",
-            COLOR_RED, pBuffer->szFileName, COLOR_RESET, GetLastError()
+            "[!] %sUnable to open outfile%s '%S' (error %u).",
+            COLOR_RED, COLOR_RESET,
+            pBuffer->szFileName, GetLastError()
          );
          return FALSE;
       }
@@ -95,7 +96,8 @@ BufferClose (
    {
       Log(
          __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sUnable to save buffer%s.", COLOR_RED, COLOR_RESET
+         "[!] %sUnable to save buffer%s.",
+         COLOR_RED, COLOR_RESET
       );
       return FALSE;
    }
@@ -156,7 +158,8 @@ BufferWrite (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sUnable to save buffer%s.", COLOR_RED, COLOR_RESET
+            "[!] %sUnable to save buffer%s.",
+            COLOR_RED, COLOR_RESET
          );
          return 0;
       }
@@ -267,7 +270,8 @@ BufferWriteFromFile (
    {
       Log(
          __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sCannot get file size%s (error %u).", COLOR_RED, COLOR_RESET, GetLastError()
+         "[!] %sCannot get file size%s (error %u).",
+         COLOR_RED, COLOR_RESET, GetLastError()
       );
       return 0;
    }
@@ -286,7 +290,8 @@ BufferWriteFromFile (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sCannot read file %s (error %u).", COLOR_RED, COLOR_RESET, GetLastError()
+            "[!] %sCannot read file%s (error %u).",
+            COLOR_RED, COLOR_RESET, GetLastError()
          );
          break;
       }
diff --git a/Engine.cpp b/Engine.cpp
index b00ffaf..162ae5c 100644
--- a/Engine.cpp
+++ b/Engine.cpp
@@ -71,7 +71,8 @@ Process (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sDC Locator is disabled, but no domain specified%s.", COLOR_RED, COLOR_RESET
+            "[!] %sDC Locator is disabled, but no domain specified%s.",
+            COLOR_RED, COLOR_RESET
          );
          return FALSE;
       }
@@ -282,8 +283,8 @@ Process (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_CRITICAL,
-            "[!] %sUnable to open table file '%S'%s (error %u).",
-            COLOR_RED, szDirectory, COLOR_RESET, GetLastError()
+            "[!] %sUnable to open table file%s '%S' (error %u).",
+            COLOR_RED, COLOR_RESET, szDirectory, GetLastError()
          );
          pGlobalConfig->TableFile.hFile = NULL;
          return FALSE;
@@ -400,7 +401,8 @@ Process (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sUnable to enumerate trust (error %u).%s", COLOR_RED, dwResult, COLOR_RESET
+            "[!] %sUnable to enumerate trust (error %u).%s",
+            COLOR_RED, dwResult, COLOR_RESET
          );
       }
       else
@@ -528,7 +530,8 @@ pLocateDc (
    {
       Log(
          __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sUnable to locate DC for domain '%S'%s (error %u).", COLOR_RED, szDomainName, COLOR_RESET, dwResult
+         "[!] %sUnable to locate DC for domain '%S'%s (error %u).",
+         COLOR_RED, szDomainName, COLOR_RESET, dwResult
       );
       return FALSE;
    }
diff --git a/Filters.cpp b/Filters.cpp
index 4169247..30ec7d1 100644
--- a/Filters.cpp
+++ b/Filters.cpp
@@ -122,7 +122,8 @@ GetFilter (
    {
       Log(
          __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sUnknown filter '%S'.%s", COLOR_RED, szFilter, COLOR_RESET
+         "[!] %sUnknown filter%s '%S'.",
+         COLOR_RED, COLOR_RESET, szFilter
       );
       return FALSE;
    }
diff --git a/LDAP.cpp b/LDAP.cpp
index ea2f068..4220388 100644
--- a/LDAP.cpp
+++ b/LDAP.cpp
@@ -261,7 +261,8 @@ LdapProcessRequest (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sCannot allocate memory%s (error %u).", COLOR_RED, COLOR_RESET, GetLastError()
+            "[!] %sCannot allocate memory%s (error %u).",
+            COLOR_RED, COLOR_RESET, GetLastError()
          );
          return FALSE;
       }
@@ -286,7 +287,8 @@ LdapProcessRequest (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sCannot allocate memory%s (error %u).", COLOR_RED, COLOR_RESET, GetLastError()
+            "[!] %sCannot allocate memory%s (error %u).",
+            COLOR_RED, COLOR_RESET, GetLastError()
          );
          return FALSE;
       }
@@ -412,7 +414,8 @@ LdapProcessRequest (
       {
          Log(
             __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sCannot allocate memory%s (error %u).", COLOR_RED, COLOR_RESET, GetLastError()
+            "[!] %sCannot allocate memory%s (error %u).",
+            COLOR_RED, COLOR_RESET, GetLastError()
          );
          return FALSE;
       }
@@ -522,7 +525,8 @@ LdapProcessRequest (
             {
                Log(
                   __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-                  "[!] %sCannot allocate memory%s (error %u).", COLOR_RED, COLOR_RESET, GetLastError()
+                  "[!] %sCannot allocate memory%s (error %u).",
+                  COLOR_RED, COLOR_RESET, GetLastError()
                );
 
                if (bBufferOpen == TRUE)
@@ -1080,8 +1084,8 @@ LdapProcessRequest (
                      else
                         Log(
                            __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-                           "[!] %sUnknwon boolean value ('%S').%s",
-                           COLOR_RED, ppValue[0], COLOR_RESET
+                           "[!] %sUnknwon boolean value%s ('%S').",
+                           COLOR_RED, COLOR_RESET, ppValue[0]
                         );
                   }
                }
@@ -1277,8 +1281,8 @@ pLdapOpenConnection (
       ulResult = LdapGetLastError();
       Log(
          __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sUnable to open LDAP connection to '%S'%s (error %u: %s).",
-         COLOR_RED, szServerName, COLOR_RESET,  ulResult, ldap_err2stringA(ulResult)
+         "[!] %sUnable to open LDAP connection%s to '%S' (error %u: %s).",
+         COLOR_RED, COLOR_RESET, szServerName,  ulResult, ldap_err2stringA(ulResult)
       );
       return NULL;
    }
@@ -1288,7 +1292,8 @@ pLdapOpenConnection (
    {
       Log(
          __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sUnable to connect to LDAP server%s (error %u: %s).", COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
+         "[!] %sUnable to connect to LDAP server%s (error %u: %s).",
+         COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
       );
       ldap_unbind(pLdapHandle);
       return NULL;
@@ -1367,7 +1372,8 @@ pLdapOpenConnection (
    {
       Log(
          __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sUnable to bind to LDAP server%s (error %u: %s).", COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
+         "[!] %sUnable to bind to LDAP server%s (error %u: %s).",
+         COLOR_RED, COLOR_RESET, ulResult, ldap_err2stringA(ulResult)
       );
       ldap_unbind(pLdapHandle);
       return NULL;
@@ -1535,7 +1541,8 @@ pWriteTableInfo (
          {
             Log(
                __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-               "[!] %sData type unknown.%s", COLOR_RED, COLOR_RESET
+               "[!] %sData type unknown%s.",
+               COLOR_RED, COLOR_RESET
             );
             return FALSE;
          }
diff --git a/MLA.cpp b/MLA.cpp
index 6e968ee..14c63a5 100644
--- a/MLA.cpp
+++ b/MLA.cpp
@@ -289,7 +289,8 @@ MlaAddFileFromFile (
    {
       Log(
          __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sCannot get file size%s (error %u).", COLOR_RED, COLOR_RESET, GetLastError()
+         "[!] %sCannot get file size%s (error %u).",
+         COLOR_RED, COLOR_RESET, GetLastError()
       );
       goto End;
    }
diff --git a/ORADAD.rc b/ORADAD.rc
index 63ba48a00e3c196fd74cb9e88b977a06956d9e1b..a7a0a87933e492ad00e51888a8c1c7397dc7fe44 100644
GIT binary patch
delta 42
ucmcblaY<uC3kRdw<W>$-MzhVkInFZyITyKfH}BxS!w6=IZ(hT@j12%w^A9ut

delta 42
ucmcblaY<uC3kRdg<W>$-Mw89EInFZyITyKfH}BxS!w6=IZ(hT@j12%wIS(uV

diff --git a/Sysvol.cpp b/Sysvol.cpp
index a5d6dda..bcc4f16 100644
--- a/Sysvol.cpp
+++ b/Sysvol.cpp
@@ -5,6 +5,9 @@
 #include "ORADAD.h"
 #include "lz4/xxhash.h"
 
+// In this file, errors are treated as warning (which may be legitimate for permissions on GPO
+// not authorizing access) and to not worry users
+
 #define SYSVOL_ROW_COUNT         14
 #define GUID_STR_SIZE            38             // {23456789-1234-6789-1234-678901234567}
 
@@ -129,8 +132,8 @@ ProcessSysvol (
          {
             Log(
                __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-               "[!] %sUnable to logon with explicit credentials (error %u).%s",
-               COLOR_RED, GetLastError(), COLOR_RESET
+               "[!] %sUnable to logon with explicit credentials%s (error %u).",
+               COLOR_RED, COLOR_RESET, GetLastError()
             );
             goto End;
          }
@@ -172,8 +175,8 @@ ProcessSysvol (
          {
             Log(
                __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-               "[!] %sUnable to logon with explicit credentials (error %u).%s",
-               COLOR_RED, GetLastError(), COLOR_RESET
+               "[!] %sUnable to logon with explicit credentials%s (error %u).",
+               COLOR_RED, COLOR_RESET, GetLastError()
             );
             goto End;
          }
@@ -432,9 +435,9 @@ pProcessSysvolFile (
       dwInitialError = GetLastError();
       Log(
          __FILE__, __FUNCTION__, __LINE__,
-         (dwInitialError == ERROR_ACCESS_DENIED) ? LOG_LEVEL_VERBOSE : LOG_LEVEL_ERROR,
-         "[!] %sCannot open sysvol file '%S'%s (error %u).",
-         COLOR_RED, szFileName, COLOR_RESET, dwInitialError
+         (dwInitialError == ERROR_ACCESS_DENIED) ? LOG_LEVEL_VERBOSE : LOG_LEVEL_WARNING,
+         "[!] %sCannot open sysvol file%s '%S' (error %u).",
+         COLOR_YELLOW, COLOR_RESET, szFileName, dwInitialError
       );
       bHaveFileSecurityInfo = FALSE;
    }
@@ -443,9 +446,9 @@ pProcessSysvolFile (
    if (bResult == FALSE)
    {
       Log(
-         __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-         "[!] %sCannot get file attributes for '%S'%s (error %u).",
-         COLOR_RED, szFileName, COLOR_RESET, GetLastError()
+         __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_WARNING,
+         "[!] %sCannot get file attributes%s for '%S' (error %u).",
+         COLOR_YELLOW, COLOR_RESET, szFileName, GetLastError()
       );
       bHaveFileInfo = FALSE;
    }
@@ -476,8 +479,9 @@ pProcessSysvolFile (
       if (dwRet != ERROR_SUCCESS)
       {
          Log(
-            __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-            "[!] %sCannot get security descriptor for '%S' (error %u).%s", COLOR_RED, szFileName, dwRet, COLOR_RESET
+            __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_WARNING,
+            "[!] %sCannot get security descriptor%s for '%S' (error %u).",
+            COLOR_YELLOW, COLOR_RESET, szFileName, dwRet
          );
          bHaveFileSecurityInfo = FALSE;
       }
@@ -487,8 +491,9 @@ pProcessSysvolFile (
          if (bResult == FALSE)
          {
             Log(
-               __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-               "[!] %sCannot get security descriptor control for '%S' (error %u).%s", COLOR_RED, szFileName, GetLastError(), COLOR_RESET
+               __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_WARNING,
+               "[!] %sCannot get security descriptor control%s for '%S' (error %u).",
+               COLOR_YELLOW, COLOR_RESET, szFileName, GetLastError()
             );
             bHaveFileSecurityInfo = FALSE;
          }
@@ -505,7 +510,8 @@ pProcessSysvolFile (
                // SD should never be absolute, if necessary, should convert it here. For now, fail.
                Log(
                   __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_WARNING,
-                  "[!] %sSecurity descriptor for '%S' is not relative.%s", COLOR_YELLOW, szFileName, COLOR_RESET
+                  "[!] %sSecurity descriptor for '%S' is not relative%s.",
+                  COLOR_YELLOW, szFileName, COLOR_RESET
                );
                bHaveFileSecurityInfo = FALSE;
             }
@@ -657,8 +663,9 @@ pProcessSysvolFile (
          {
             dwErrorCode = GetLastError();
             Log(
-               __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-               "[!] %sCannot open sysvol file '%S' for read (error %u).%s", COLOR_RED, szFileName, dwErrorCode, COLOR_RESET
+               __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_WARNING,
+               "[!] %sCannot open sysvol file%s '%S' for read (error %u).",
+               COLOR_YELLOW, COLOR_RESET, szFileName, dwErrorCode
             );
          }
          else
diff --git a/Util.cpp b/Util.cpp
index 7188801..38676f8 100644
--- a/Util.cpp
+++ b/Util.cpp
@@ -231,7 +231,8 @@ LPWSTRtoLPSTR (
 Fail:
    Log(
       __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-      "[!] %sLPWSTRtoLPSTR(%S) failed.%s", COLOR_RED, szToConvert, COLOR_RESET
+      "[!] %sLPWSTRtoLPSTR(%S) failed%s.",
+      COLOR_RED, szToConvert, COLOR_RESET
    );
 
    return NULL;
diff --git a/XML.cpp b/XML.cpp
index a6f4458..c23ed93 100644
--- a/XML.cpp
+++ b/XML.cpp
@@ -1034,7 +1034,8 @@ pXmlParseRequest (
          {
             Log(
                __FILE__, __FUNCTION__, __LINE__, LOG_LEVEL_ERROR,
-               "[!] %sCannot allocate memory%s (error %u).", COLOR_RED, COLOR_RESET, GetLastError()
+               "[!] %sCannot allocate memory%s (error %u).",
+               COLOR_RED, COLOR_RESET, GetLastError()
             );
             break;
          }
diff --git a/oradad-schema.xml b/oradad-schema.xml
index cb8402f..d485f9c 100644
--- a/oradad-schema.xml
+++ b/oradad-schema.xml
@@ -446,12 +446,20 @@
         </request>
         <request>
             <name>msDS-ShadowPrincipal</name>
-            <description>All msDS-ShadowPrincipal from domain</description>
+            <description>All msDS-ShadowPrincipal from configuration partitions</description>
             <base>configuration</base>
             <scope>subtree</scope>
             <filter>(objectClass=msDS-ShadowPrincipal)</filter>
             <classes>msDS-ShadowPrincipal</classes>
         </request>
+        <request>
+           <name>displaySpecifier</name>
+           <description>All displaySpecifier from configuration partitions</description>
+           <base>configuration</base>
+           <scope>subtree</scope>
+           <filter>(objectClass=displaySpecifier)</filter>
+           <classes>displaySpecifier</classes>
+        </request>
         <!-- DNS -->
         <request>
             <name>dnsZone</name>
@@ -520,6 +528,14 @@
             <filter>(objectClass=msExchAdminGroup)</filter>
             <classes>msExchAdminGroup</classes>
         </request>
+        <request>
+           <name>exchange_mrs_request</name>
+           <description>msExchMRSRequest informations</description>
+           <base>configuration</base>
+           <scope>subtree</scope>
+           <filter>(objectClass=msExchMRSRequest)</filter>
+           <classes>msExchMRSRequest</classes>
+        </request>
         <!-- Exchange RBAC -->
         <request>
             <name>exchange_role</name>
@@ -782,7 +798,7 @@
         <attribute name="homePostalAddress" level="9" type="STR" />
         <attribute name="addressSyntax" level="9" type="BIN" />
         <attribute name="addressType" level="9" type="STR" />
-        <attribute name="adminContextMenu" level="9" type="STRS" />
+        <attribute name="adminContextMenu" level="4" type="STRS" />
         <attribute name="adminCount" level="1" type="INT" />
         <attribute name="adminDescription" level="9" type="STR" />
         <attribute name="adminDisplayName" level="4" type="STR" />
@@ -2530,9 +2546,9 @@
         <attribute name="msExchMailboxManagerUserMessageFooter" level="9" type="STR" />
         <attribute name="msExchMailboxManagerUserMessageHeader" level="9" type="STR" />
         <attribute name="msExchMailboxMoveBatchName" level="9" type="STR" />
-        <attribute name="msExchMailboxMoveFilePath" level="9" type="STR" />
-        <attribute name="msExchMailboxMoveFlags" level="9" type="INT" />
-        <attribute name="msExchMailboxMoveRemoteHostName" level="9" type="STR" />
+        <attribute name="msExchMailboxMoveFilePath" level="4" type="STR" />
+        <attribute name="msExchMailboxMoveFlags" level="4" type="INT" />
+        <attribute name="msExchMailboxMoveRemoteHostName" level="4" type="STR" />
         <attribute name="msExchMailboxMoveRequestGuid" level="9" type="BIN" />
         <attribute name="msExchMailboxMoveSourceArchiveMDBBL" level="9" type="STRS" />
         <attribute name="msExchMailboxMoveSourceArchiveMDBLink" level="9" type="STR" />
@@ -2542,7 +2558,7 @@
         <attribute name="msExchMailboxMoveSourceMDBLinkSL" level="9" type="BIN" />
         <attribute name="msExchMailboxMoveSourceUserBL" level="9" type="STRS" />
         <attribute name="msExchMailboxMoveSourceUserLink" level="9" type="STR" />
-        <attribute name="msExchMailboxMoveStatus" level="9" type="INT" />
+        <attribute name="msExchMailboxMoveStatus" level="4" type="INT" />
         <attribute name="msExchMailboxMoveStorageMDBBL" level="9" type="STRS" />
         <attribute name="msExchMailboxMoveStorageMDBLink" level="9" type="STR" />
         <attribute name="msExchMailboxMoveStorageMDBLinkSL" level="9" type="BIN" />
@@ -2805,7 +2821,7 @@
         <attribute name="msExchMoveToLSA" level="9" type="BOOL" />
         <attribute name="msExchMRSProxyFlags" level="9" type="INT" />
         <attribute name="msExchMRSProxyMaxConnections" level="9" type="INT" />
-        <attribute name="msExchMRSRequestType" level="9" type="INT" />
+        <attribute name="msExchMRSRequestType" level="4" type="INT" />
         <attribute name="msExchMSMCertPolicyOid" level="9" type="STRS" />
         <attribute name="msExchMSOForwardSyncAsyncOperationIds" level="9" type="STRS" />
         <attribute name="msExchMSOForwardSyncCookiePropertySetVersion" level="9" type="INT" />