Beispiel #1
0
        public async Task LDAPPropertyProcessor_ReadUserProperties_NullAdminCount()
        {
            var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal",
                                                 new Dictionary <string, object>
            {
                { "description", "Test" },
                { "useraccountcontrol", "66048" },
                { "lastlogon", "132673011142753043" },
                { "lastlogontimestamp", "132670318095676525" },
                { "homedirectory", @"\\win10\testdir" },
                {
                    "serviceprincipalname", new[]
                    {
                        "MSSQLSVC\\win10"
                    }
                },
                {
                    "sidhistory", new[]
                    {
                        Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==")
                    }
                },
                { "pwdlastset", "132131667346106691" }
            }, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User);

            var processor = new LDAPPropertyProcessor(new MockLDAPUtils());
            var test      = await processor.ReadUserProperties(mock);

            var props = test.Props;
            var keys  = props.Keys;

            Assert.Contains("admincount", keys);
            Assert.False((bool)props["admincount"]);
        }
Beispiel #2
0
        private async Task <User> ProcessUserObject(ISearchResultEntry entry,
                                                    ResolvedSearchResult resolvedSearchResult)
        {
            var ret = new User
            {
                ObjectIdentifier = resolvedSearchResult.ObjectId
            };

            ret.Properties.Add("domain", resolvedSearchResult.Domain);
            ret.Properties.Add("name", resolvedSearchResult.DisplayName);
            ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
            ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);

            if ((_methods & ResolvedCollectionMethod.ACL) != 0)
            {
                var aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry);
                var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership);
                ret.Aces           = aces.Concat(_aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)).ToArray();
                ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
            }

            if ((_methods & ResolvedCollectionMethod.Group) != 0)
            {
                var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID);
                ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId);
            }

            if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
            {
                var userProps = await _ldapPropertyProcessor.ReadUserProperties(entry);

                ret.Properties        = ContextUtils.Merge(ret.Properties, userProps.Props);
                ret.HasSIDHistory     = userProps.SidHistory;
                ret.AllowedToDelegate = userProps.AllowedToDelegate;
            }

            if ((_methods & ResolvedCollectionMethod.SPNTargets) != 0)
            {
                var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames);

                var targets    = new List <SPNPrivilege>();
                var enumerator = _spnProcessor.ReadSPNTargets(spn, entry.DistinguishedName)
                                 .GetAsyncEnumerator(_cancellationToken);

                while (await enumerator.MoveNextAsync())
                {
                    targets.Add(enumerator.Current);
                }

                ret.SPNTargets = targets.ToArray();
            }

            return(ret);
        }
Beispiel #3
0
        public async Task LDAPPropertyProcessor_ReadUserProperties_TestBadPaths()
        {
            var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal",
                                                 new Dictionary <string, object>
            {
                { "description", "Test" },
                { "useraccountcontrol", "abc" },
                { "lastlogon", "132673011142753043" },
                { "lastlogontimestamp", "132670318095676525" },
                { "homedirectory", @"\\win10\testdir" },
                {
                    "serviceprincipalname", new[]
                    {
                        "MSSQLSVC/win10"
                    }
                },
                { "admincount", "c" },
                {
                    "sidhistory", new[]
                    {
                        Array.Empty <byte>()
                    }
                },
                { "pwdlastset", "132131667346106691" }
            }, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User);

            var processor = new LDAPPropertyProcessor(new MockLDAPUtils());
            var test      = await processor.ReadUserProperties(mock);

            var props = test.Props;
            var keys  = props.Keys;

            Assert.Contains("sidhistory", keys);
            Assert.Empty(props["sidhistory"] as string[]);
            Assert.Contains("admincount", keys);
            Assert.False((bool)props["admincount"]);
            Assert.Contains("sensitive", keys);
            Assert.Contains("dontreqpreauth", keys);
            Assert.Contains("passwordnotreqd", keys);
            Assert.Contains("unconstraineddelegation", keys);
            Assert.Contains("pwdneverexpires", keys);
            Assert.Contains("enabled", keys);
            Assert.Contains("trustedtoauth", keys);
            Assert.False((bool)props["trustedtoauth"]);
            Assert.False((bool)props["sensitive"]);
            Assert.False((bool)props["dontreqpreauth"]);
            Assert.False((bool)props["passwordnotreqd"]);
            Assert.False((bool)props["unconstraineddelegation"]);
            Assert.False((bool)props["pwdneverexpires"]);
            Assert.True((bool)props["enabled"]);
        }
Beispiel #4
0
        public async Task LDAPPropertyProcessor_ReadUserProperties_HappyPath()
        {
            var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal",
                                                 new Dictionary <string, object>
            {
                { "description", "Test" },
                { "useraccountcontrol", "66048" },
                { "lastlogon", "132673011142753043" },
                { "lastlogontimestamp", "132670318095676525" },
                { "homedirectory", @"\\win10\testdir" },
                {
                    "serviceprincipalname", new[]
                    {
                        "MSSQLSVC/win10"
                    }
                },
                { "admincount", "1" },
                {
                    "sidhistory", new[]
                    {
                        Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==")
                    }
                },
                { "pwdlastset", "132131667346106691" }
            }, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User);

            var processor = new LDAPPropertyProcessor(new MockLDAPUtils());
            var test      = await processor.ReadUserProperties(mock);

            var props = test.Props;
            var keys  = props.Keys;

            //Random Stuff
            Assert.Contains("description", keys);
            Assert.Equal("Test", props["description"] as string);
            Assert.Contains("admincount", keys);
            Assert.True((bool)props["admincount"]);
            Assert.Contains("lastlogon", keys);
            Assert.Equal(1622827514, (long)props["lastlogon"]);
            Assert.Contains("lastlogontimestamp", keys);
            Assert.Equal(1622558209, (long)props["lastlogontimestamp"]);
            Assert.Contains("pwdlastset", keys);
            Assert.Equal(1568693134, (long)props["pwdlastset"]);
            Assert.Contains("homedirectory", keys);
            Assert.Equal(@"\\win10\testdir", props["homedirectory"] as string);

            //UAC stuff
            Assert.Contains("sensitive", keys);
            Assert.False((bool)props["sensitive"]);
            Assert.Contains("dontreqpreauth", keys);
            Assert.False((bool)props["dontreqpreauth"]);
            Assert.Contains("passwordnotreqd", keys);
            Assert.False((bool)props["passwordnotreqd"]);
            Assert.Contains("unconstraineddelegation", keys);
            Assert.False((bool)props["unconstraineddelegation"]);
            Assert.Contains("enabled", keys);
            Assert.True((bool)props["enabled"]);
            Assert.Contains("trustedtoauth", keys);
            Assert.False((bool)props["trustedtoauth"]);

            //SPN
            Assert.Contains("hasspn", keys);
            Assert.True((bool)props["hasspn"]);
            Assert.Contains("serviceprincipalnames", keys);
            Assert.Contains("MSSQLSVC/win10", props["serviceprincipalnames"] as string[]);

            //SidHistory
            Assert.Contains("sidhistory", keys);
            var sh = props["sidhistory"] as string[];

            Assert.Single(sh);
            Assert.Contains("S-1-5-21-3130019616-2776909439-2417379446-1105", sh);
            Assert.Single(test.SidHistory);
            Assert.Contains(new TypedPrincipal
            {
                ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1105",
                ObjectType       = Label.User
            }, test.SidHistory);
        }
Beispiel #5
0
        public async Task LDAPPropertyProcessor_ReadUserProperties_TestTrustedToAuth()
        {
            var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal",
                                                 new Dictionary <string, object>
            {
                { "description", "Test" },
                { "useraccountcontrol", 0x1000000.ToString() },
                { "lastlogon", "132673011142753043" },
                { "lastlogontimestamp", "132670318095676525" },
                { "homedirectory", @"\\win10\testdir" },
                {
                    "serviceprincipalname", new[]
                    {
                        "MSSQLSVC\\win10"
                    }
                },
                { "admincount", "1" },
                {
                    "sidhistory", new[]
                    {
                        Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==")
                    }
                },
                { "pwdlastset", "132131667346106691" },
                {
                    "msds-allowedtodelegateto", new[]
                    {
                        "host/primary",
                        "rdpman/win10"
                    }
                }
            }, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User);

            var processor = new LDAPPropertyProcessor(new MockLDAPUtils());
            var test      = await processor.ReadUserProperties(mock);

            var props = test.Props;
            var keys  = props.Keys;

            Assert.Contains("allowedtodelegate", keys);
            var atd = props["allowedtodelegate"] as string[];

            Assert.Equal(2, atd.Length);
            Assert.Contains("host/primary", atd);
            Assert.Contains("rdpman/win10", atd);

            var atdr = test.AllowedToDelegate;

            Assert.Equal(2, atdr.Length);
            var expected = new TypedPrincipal[]
            {
                new()
                {
                    ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1001",
                    ObjectType       = Label.Computer
                },
                new()
                {
                    ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1104",
                    ObjectType       = Label.Computer
                }
            };

            Assert.Equal(expected, atdr);
        }