- Add support for LAPS v2

- Some code refactor / cleanup - new color scheme - update packages
Seji64 · Jul 6, 2023 · a8fd31d · a8fd31d
1 parent 3f482b6
commit a8fd31d
Show file tree

Hide file tree

Showing 39 changed files with 2,574 additions and 298 deletions.
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ A nice and simple Web Interface for LAPS (Local Administrator Password Solution)
 ## Setup Preqesites
 
 - A working Active Directory with Microsoft LAPS installed
-- .NET Core 6.0 compatible Operating System (Ubuntu/Debian/CentOS/Alpine Linux/Windows/macOS) or a Docker Host
+- .NET Core 7.0 compatible Operating System (Ubuntu/Debian/CentOS/Alpine Linux/Windows/macOS) or a Docker Host
 
 ## Setup (bare metal):
 
@@ -13,6 +13,18 @@ A nice and simple Web Interface for LAPS (Local Administrator Password Solution)
 - Adjust appsettings.json or set the settings via Environment Variables
 - Run *LAPS-WebUI*
 
+## Notes for LAPS v2
+- Since Version 1.5.0 LAPS v2 is supported
+- By default, LAPS v2 passwords are encrypted. If the LAPS v2 passwords are stored unencrypted, then you have to set
+ `EncryptionDisabled` to `true` in the settings
+- When LAPS v2 Passwords are encrypted a direct connection to the domain controllers with `Kerberos` and `DCE-RPC` is needed in order to decrypt those passwords. For LAPS v1 and unecrypted LAPS v2 passwords only `LDAP` is needed
+### New LAPS Settings
+```
+ "LAPS": {
+ "ForceVersion": null, # Allowed Values: v1, v2 | Default: null (both versions)
+ "EncryptionDisabled": false # Allowed Values: true, false | Default: false
+ }
+```
 ## Setup (docker):
 
 Running LAPS-WebUI in docker is quite easy:

diff --git a/src/.editorconfig b/src/.editorconfig
@@ -0,0 +1,4 @@
+[*.cs]
+
+# S112: General exceptions should never be thrown
+dotnet_diagnostic.S112.severity = none
diff --git a/src/Components/LapsInformationDetail.razor b/src/Components/LapsInformationDetail.razor
@@ -0,0 +1,16 @@
+@inherits MudComponentBase
+@if (LapsInfo != null)
+{
+ <MudStack Spacing="2">
+ <MudField Label="Password" Variant="Variant.Text" Adornment="Adornment.Start" AdornmentIcon="@Icons.Material.Outlined.Password" AdornmentColor="Color.Default" aria-label="LAPS Password">@LapsInfo.Password</MudField>
+ @if (LapsInfo.Account != null)
+ {
+ <MudField Label="Account" Variant="Variant.Text" Adornment="Adornment.Start" AdornmentIcon="@Icons.Material.Outlined.AccountCircle" AdornmentColor="Color.Default" aria-label="LAPS Managed Account">@LapsInfo.Account</MudField>
+ }
+ @if (LapsInfo.PasswordSetDate != null)
+ {
+ <MudField Label="Set Date" Variant="Variant.Text" Adornment="Adornment.Start" AdornmentIcon="@Icons.Material.Outlined.MoreTime" AdornmentColor="Color.Default" aria-label="LAPS Password Set Date">@LapsInfo.PasswordSetDate</MudField>
+ }
+ <MudField Label="Expire Date" Variant="Variant.Text" Adornment="Adornment.Start" AdornmentIcon="@Icons.Material.Outlined.HourglassBottom" AdornmentColor="Color.Default" aria-label="LAPS Password Expire Date">@LapsInfo.PasswordExpireDate</MudField>
+ </MudStack>
+}
diff --git a/src/Components/LapsInformationDetail.razor.cs b/src/Components/LapsInformationDetail.razor.cs
@@ -0,0 +1,11 @@
+using LAPS_WebUI.Models;
+using Microsoft.AspNetCore.Components;
+using MudBlazor;
+
+namespace LAPS_WebUI.Components
+{
+ public partial class LapsInformationDetail : MudComponentBase
+ {
+ [Parameter] public LapsInformation? LapsInfo { get; set; }
+ }
+}
diff --git a/src/Dockerfile b/src/Dockerfile
@@ -20,10 +20,11 @@ FROM base AS final
 WORKDIR /app
 RUN apt update && \
  apt upgrade -y && \
- apt install --no-install-recommends -y ca-certificates libldap-2.4-2 && \
+ apt install --no-install-recommends -y ca-certificates libldap-2.4-2 gcc python3 python3-dev python3-pip libkrb5-dev && \
  apt clean && \
  rm -rf /var/lib/apt/lists/* && \
  ln -s /usr/lib/x86_64-linux-gnu/libldap-2.4.so.2 /usr/lib/libldap.so.2 && \
- ln -s /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 /usr/lib/liblber.so.2
+ ln -s /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 /usr/lib/liblber.so.2 && \
+ pip3 install dpapi-ng[kerberos]
 COPY --from=publish /app/publish .
-ENTRYPOINT ["dotnet", "LAPS-WebUI.dll"]
+ENTRYPOINT ["dotnet", "LAPS-WebUI.dll"]
diff --git a/src/Enums/LAPSVersion.cs b/src/Enums/LAPSVersion.cs
@@ -0,0 +1,10 @@
+using System.Runtime.Intrinsics;
+
+namespace LAPS_WebUI.Enums
+{
+ public enum LAPSVersion
+ {
+ v1,
+ v2
+ }
+}
diff --git a/src/Interfaces/ILDAPService.cs b/src/Interfaces/ILDAPService.cs
@@ -3,7 +3,7 @@
 
 namespace LAPS_WebUI.Interfaces
 {
- public interface ILDAPService
+ public interface ILdapService
  {
  Task<LdapConnection?> CreateBindAsync(string username, string password);
  Task<bool> TestCredentialsAsync(string username, string password);

diff --git a/src/LAPS-WebUI.csproj b/src/LAPS-WebUI.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
  <PropertyGroup>
  <TargetFramework>net7.0</TargetFramework>
@@ -12,15 +12,23 @@
 
  <ItemGroup>
  <PackageReference Include="Blazored.SessionStorage" Version="2.3.0" />
+ <PackageReference Include="CliWrap" Version="3.6.4" />
  <PackageReference Include="CurrieTechnologies.Razor.Clipboard" Version="1.6.0" />
  <PackageReference Include="LdapForNet" Version="2.7.15" />
- <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="7.0.4" />
+ <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="7.0.8" />
  <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.18.1" />
  <PackageReference Include="Microsoft.Web.LibraryManager.Build" Version="2.1.175" />
- <PackageReference Include="MudBlazor" Version="6.2.0" />
- <PackageReference Include="Serilog" Version="2.12.0" />
- <PackageReference Include="Serilog.AspNetCore" Version="6.1.0" />
+ <PackageReference Include="MudBlazor" Version="6.6.0" />
+ <PackageReference Include="Serilog" Version="3.0.1" />
+ <PackageReference Include="Serilog.AspNetCore" Version="7.0.0" />
  <PackageReference Include="Serilog.Sinks.Console" Version="4.1.0" />
+ <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="7.0.1" />
+ </ItemGroup>
+
+ <ItemGroup>
+ <None Update="scripts\DecryptEncryptedLAPSPassword.py">
+ <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+ </None>
  </ItemGroup>
 
 </Project>
diff --git a/src/LAPS-WebUI.sln b/src/LAPS-WebUI.sln
@@ -5,6 +5,11 @@ VisualStudioVersion = 17.2.32519.379
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "LAPS-WebUI", "LAPS-WebUI.csproj", "{7B7F4DF1-306F-4A4A-B074-7CF2D731F39A}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{A62D500C-9708-45CC-A92F-E9D61AB47264}"
+ ProjectSection(SolutionItems) = preProject
+ .editorconfig = .editorconfig
+ EndProjectSection
+EndProject
 Global
  GlobalSection(SolutionConfigurationPlatforms) = preSolution
  Debug|Any CPU = Debug|Any CPU

diff --git a/src/Models/ADComputer.cs b/src/Models/ADComputer.cs
@@ -5,12 +5,24 @@ public class ADComputer
  public ADComputer(string name)
  {
  this.Name = name;
- this.LAPSPassword = String.Empty;
- this.LAPSPasswordExpireDate = DateTime.MinValue;
  }
 
  public string Name { get; set; }
- public string LAPSPassword { get; set; }
- public DateTime LAPSPasswordExpireDate { get; set; }
+ public List<LapsInformation>? LAPSInformations { get; set; }
+
+ public bool Loading
+ {
+ get
+ {
+ if (LAPSInformations is null || !LAPSInformations.Any())
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+ }
+ }
  }
 }
diff --git a/src/Models/LDAPOptions.cs b/src/Models/LDAPOptions.cs
@@ -1,6 +1,6 @@
 namespace LAPS_WebUI.Models
 {
- public class LDAPOptions
+ public class LdapOptions
  {
  public string? Server { get; set; }
  public int Port { get; set; }

diff --git a/src/Models/LapsInformation.cs b/src/Models/LapsInformation.cs
@@ -0,0 +1,14 @@
+using LAPS_WebUI.Enums;
+
+namespace LAPS_WebUI.Models
+{
+ public class LapsInformation
+ {
+ public string? Password { get; set; }
+ public string? Account { get; set; }
+ public DateTime? PasswordExpireDate { get; set; }
+ public DateTime? PasswordSetDate { get; set; }
+ public LAPSVersion? Version { get; set; }
+ public bool IsCurrent { get; set; }
+ }
+}
diff --git a/src/Models/LapsOptions.cs b/src/Models/LapsOptions.cs
@@ -0,0 +1,10 @@
+using LAPS_WebUI.Enums;
+
+namespace LAPS_WebUI.Models
+{
+ public class LapsOptions
+ {
+ public LAPSVersion? ForceVersion { get; set; }
+ public bool EncryptionDisabled { get; set; }
+ }
+}
diff --git a/src/Models/msLAPSPayload.cs b/src/Models/msLAPSPayload.cs
@@ -0,0 +1,16 @@
+using System.Text.Json.Serialization;
+
+namespace LAPS_WebUI.Models
+{
+ public class MsLAPSPayload
+ {
+ [JsonPropertyName("n")]
+ public string? ManagedAccountName { get; set; }
+
+ [JsonPropertyName("t")]
+ public string? PasswordUpdateTime { get; set; }
+
+ [JsonPropertyName("p")]
+ public string? Password { get; set; }
+ }
+}
diff --git a/src/Pages/Index.razor b/src/Pages/Index.razor
@@ -1,19 +1,3 @@
 @page "/"
 @inject ISessionManagerService sessionManager
-@inject NavigationManager NavigationManager
-@code{
-
- protected override async Task OnAfterRenderAsync(bool firstRender)
- {
- // redirect to home if already logged in
- if (await sessionManager.IsUserLoggedInAsync())
- {
- NavigationManager.NavigateTo("/laps");
- }
- else
- {
- NavigationManager.NavigateTo("/login");
- }
- }
-
-}
+@inject NavigationManager NavigationManager
diff --git a/src/Pages/Index.razor.cs b/src/Pages/Index.razor.cs
@@ -0,0 +1,18 @@
+namespace LAPS_WebUI.Pages
+{
+ public partial class Index
+ {
+ protected override async Task OnAfterRenderAsync(bool firstRender)
+ {
+ // redirect to home if already logged in
+ if (await sessionManager.IsUserLoggedInAsync())
+ {
+ NavigationManager.NavigateTo("/laps");
+ }
+ else
+ {
+ NavigationManager.NavigateTo("/login");
+ }
+ }
+ }
+}