Beispiel #1
0
        private static void GetSendas(UserInfo utente)
        {
            string pathNameDomain    = "LDAP://" + sDomain + "/" + utente.Distinguishedname;
            var    direcotyEntry     = new DirectoryEntry(pathNameDomain, username, password);
            var    directorySearcher = new DirectorySearcher(direcotyEntry);

            directorySearcher.PropertiesToLoad.Add("msExchRecipientTypeDetails");
            directorySearcher.PropertiesToLoad.Add("distinguishedname");
            directorySearcher.PropertiesToLoad.Add("mail");
            var res = directorySearcher.FindOne();

            DirectoryEntry              ssStoreObj  = res.GetDirectoryEntry();
            ActiveDirectorySecurity     StoreobjSec = ssStoreObj.ObjectSecurity;
            AuthorizationRuleCollection Storeacls   = StoreobjSec.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));

            foreach (ActiveDirectoryAccessRule ace in Storeacls)
            {
                if (ace.IdentityReference.Value != "S-1-5-7" & ace.IdentityReference.Value != "S-1-1-0" & ace.IsInherited != true & ace.IdentityReference.Value != "S-1-5-10")
                {
                    if (ace.ActiveDirectoryRights.ToString() == "ExtendedRight")
                    {
                        bool found = false;

                        try
                        {
                            filead.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.IdentityReference.Value)).Mail + ",SendAS," + exRighthash[ace.ObjectType.ToString()].ToString() + ",,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::SendAS::OK::SendAS permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }

                        try
                        {
                            filead.WriteLine(utente.Mail + "," + GruppiInfo.Find(x => x.ObjectSID.Contains(ace.IdentityReference.Value)).samaccountname + ",SendAS," + exRighthash[ace.ObjectType.ToString()].ToString() + ",,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::SendAS::OK::SendAS permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }

                        if (!found)
                        {
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.IdentityReference.Value);
                        }
                    }
                }
            }
        }
Beispiel #2
0
        static void GetMBXPermissions(UserInfo utente)
        {
            DirectoryEntry ent = new DirectoryEntry("LDAP://" + sDomain + "/" + utente.Distinguishedname.ToString(), username, password);

            SecurityDescriptor sd  = (SecurityDescriptor)ent.Properties["msexchmailboxsecuritydescriptor"].Value;
            AccessControlList  acl = (AccessControlList)sd.DiscretionaryAcl;

            foreach (AccessControlEntry ace in (IEnumerable)acl)
            {
                //         Console.WriteLine("Trustee: {0}", ace.Trustee);
                //       Console.WriteLine("AccessMask: {0}", ace.AccessMask);
                //     Console.WriteLine("Access Type: {0}", ace.AceType);
                //   Console.WriteLine("InheritedObjectType: {0}", ace.InheritedObjectType);



                // || ace.InheritedObjectType != null
                if (ace.Trustee != "NT AUTHORITY\\SELF")
                {
                    switch (ace.AccessMask)
                    {
                    case 131073:
                        bool found = false;
                        try
                        {
                            string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }


                        try
                        {
                            string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }

                        if (!found)
                        {
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
                        }


                        break;

                    case 131072:
                        found = false;
                        try
                        {
                            string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }


                        try
                        {
                            string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }

                        if (!found)
                        {
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
                        }


                        break;


                    case 983041:
                        found = false;
                        try
                        {
                            string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }


                        try
                        {
                            string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ReadPermission,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangePermission,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,ChangeOwner,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }

                        if (!found)
                        {
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
                        }


                        break;



                    case 65537:
                        found = false;
                        try
                        {
                            string find = Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail;
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }


                        try
                        {
                            string find = GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname;
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,FullAccess,,");
                            filemp.WriteLine(utente.Mail + "," + find + ",MBX,DeleteItem,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }

                        if (!found)
                        {
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
                        }


                        break;



                    case 1:
                        found = false;

                        try
                        {
                            filemp.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail + ",MBX,FullAccess,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }


                        try
                        {
                            filemp.WriteLine(utente.Mail + "," + GruppiInfo.Find(x => x.ObjectSID.Contains(ace.Trustee)).samaccountname + ",MBX,FullAccess,,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                        }

                        if (!found)
                        {
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
                        }

                        break;


                    default:
                        try
                        {
                            filemp.WriteLine(utente.Mail + "," + Utenti.Find(x => x.ObjectSID.Contains(ace.Trustee)).Mail + ",MBX," + ace.AccessMask + ",,");
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::INF::MBX::OK::MBX permission of --> " + utente.Mail + " exported successfully");
                            found = true;
                        }
                        catch
                        {
                            Trace.WriteLine(DateTime.Now.ToString("yyyyMMddHHmmss") + "::WRN::Cannot resolve SID " + ace.Trustee);
                        }
                        break;
                    }
                }
            }
        }