public GroupPage()
{
InitializeComponent();
grp = new GroupProcessor();
groups = new ObservableCollection <GroupDTO>();
GroupList.ItemsSource = groups;
GroupsData();
}
public GroupDetailPage(GroupDTO group)
{
InitializeComponent();
this.BindingContext = this;
users = new ObservableCollection <User>();
grp = new GroupProcessor();
UserList.ItemsSource = users;
this.group = group;
UsersData();
}
private async Task <User> ProcessUserObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult)
{
var ret = new User
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
var aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry);
var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership);
ret.Aces = aces.Concat(_aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.Group) != 0)
{
var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID);
ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId);
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
var userProps = await _ldapPropertyProcessor.ReadUserProperties(entry);
ret.Properties = ContextUtils.Merge(ret.Properties, userProps.Props);
ret.HasSIDHistory = userProps.SidHistory;
ret.AllowedToDelegate = userProps.AllowedToDelegate;
}
if ((_methods & ResolvedCollectionMethod.SPNTargets) != 0)
{
var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames);
var targets = new List <SPNPrivilege>();
var enumerator = _spnProcessor.ReadSPNTargets(spn, entry.DistinguishedName)
.GetAsyncEnumerator(_cancellationToken);
while (await enumerator.MoveNextAsync())
{
targets.Add(enumerator.Current);
}
ret.SPNTargets = targets.ToArray();
}
return(ret);
}
public ObjectProcessors(IContext context, ILogger log)
{
_context = context;
_aclProcessor = new ACLProcessor(context.LDAPUtils);
_spnProcessor = new SPNProcessors(context.LDAPUtils);
_ldapPropertyProcessor = new LDAPPropertyProcessor(context.LDAPUtils);
_domainTrustProcessor = new DomainTrustProcessor(context.LDAPUtils);
_computerAvailability = new ComputerAvailability(context.PortScanTimeout, skipPortScan: context.Flags.SkipPortScan, skipPasswordCheck: context.Flags.SkipPasswordAgeCheck);
_computerSessionProcessor = new ComputerSessionProcessor(context.LDAPUtils);
_groupProcessor = new GroupProcessor(context.LDAPUtils);
_containerProcessor = new ContainerProcessor(context.LDAPUtils);
_gpoLocalGroupProcessor = new GPOLocalGroupProcessor(context.LDAPUtils);
_methods = context.ResolvedCollectionMethods;
_cancellationToken = context.CancellationTokenSource.Token;
_log = log;
}
public AccountsController(
GroupPreprocessor groupsPreprocessor,
NewAccountProcessor newAccountProcessor,
EditAccountProcessor editAccountProcessor,
NewLikesProcessor newLikesProcessor,
FilterProcessor filterProcessor,
GroupProcessor groupProcessor,
RecommendProcessor recommendProcessor,
SuggestProcessor suggestProcessor,
MainStorage mainStorage)
{
_groupsPreprocessor = groupsPreprocessor;
_newAccountProcessor = newAccountProcessor;
_editAccountProcessor = editAccountProcessor;
_newLikesProcessor = newLikesProcessor;
_filterProcessor = filterProcessor;
_groupProcessor = groupProcessor;
_recommendProcessor = recommendProcessor;
_suggestProcessor = suggestProcessor;
_storage = mainStorage;
}
public void GroupProcessor_ReadGroupMembers_EmptyMembers_DoesRangedRetrieval()
{
var mockUtils = new Mock <MockLDAPUtils>();
var expected = new TypedPrincipal[]
{
new()
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-512",
ObjectType = Label.Group
},
new()
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-519",
ObjectType = Label.Group
},
new()
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-500",
ObjectType = Label.User
},
new()
{
ObjectIdentifier = "CN=NONEXISTENT,CN=USERS,DC=TESTLAB,DC=LOCAL",
ObjectType = Label.Base
}
};
mockUtils.Setup(x => x.DoRangedRetrieval(It.IsAny <string>(), It.IsAny <string>())).Returns(_testMembership);
var processor = new GroupProcessor(mockUtils.Object);
var results = processor
.ReadGroupMembers("CN=Administrators,CN=Builtin,DC=testlab,DC=local", Array.Empty <string>()).ToArray();
foreach (var t in results)
{
_testOutputHelper.WriteLine(t.ToString());
}
Assert.Equal(4, results.Length);
Assert.Equal(expected, results);
}
public void GroupProcessor_ReadGroupMembers_ReturnsCorrectMembers()
{
var utils = new MockLDAPUtils();
var processor = new GroupProcessor(utils);
var expected = new TypedPrincipal[]
{
new()
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-512",
ObjectType = Label.Group
},
new()
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-519",
ObjectType = Label.Group
},
new()
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-500",
ObjectType = Label.User
},
new()
{
ObjectIdentifier = "CN=NONEXISTENT,CN=USERS,DC=TESTLAB,DC=LOCAL",
ObjectType = Label.Base
}
};
var results = processor
.ReadGroupMembers("CN=Administrators,CN=Builtin,DC=testlab,DC=local", _testMembership).ToArray();
foreach (var t in results)
{
_testOutputHelper.WriteLine(t.ToString());
}
Assert.Equal(4, results.Length);
Assert.Equal(expected, results);
}
}
public void GroupProcessor_GetPrimaryGroupInfo_BadSID_ReturnsNull()
{
var result = GroupProcessor.GetPrimaryGroupInfo("513", "ABC123");
Assert.Null(result);
}
public void GroupProcessor_GetPrimaryGroupInfo_ReturnsCorrectSID()
{
var result = GroupProcessor.GetPrimaryGroupInfo("513", "S-1-5-21-3130019616-2776909439-2417379446-1105");
Assert.Equal("S-1-5-21-3130019616-2776909439-2417379446-513", result);
}
public void GroupProcessor_GetPrimaryGroupInfo_NullPrimaryGroupID_ReturnsNull()
{
var result = GroupProcessor.GetPrimaryGroupInfo(null, null);
Assert.Null(result);
}
public GroupProcessorTest(ITestOutputHelper testOutputHelper)
{
_testOutputHelper = testOutputHelper;
_testDomainName = "TESTLAB.LOCAL";
_baseProcessor = new GroupProcessor(new LDAPUtils());
}
private async Task <Computer> ProcessComputerObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult, Channel <CSVComputerStatus> compStatusChannel)
{
var ret = new Computer
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
ret.Properties.Add("highvalue", false);
ret.Properties.Add("samaccountname", entry.GetProperty(LDAPProperties.SAMAccountName));
var hasLaps = entry.HasLAPS();
ret.Properties.Add("haslaps", hasLaps);
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.Group) != 0)
{
var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID);
ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId);
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
var computerProps = await _ldapPropertyProcessor.ReadComputerProperties(entry);
ret.Properties = ContextUtils.Merge(ret.Properties, computerProps.Props);
if (_context.Flags.CollectAllProperties)
{
ret.Properties = ContextUtils.Merge(_ldapPropertyProcessor.ParseAllProperties(entry),
ret.Properties);
}
ret.AllowedToDelegate = computerProps.AllowedToDelegate;
ret.AllowedToAct = computerProps.AllowedToAct;
ret.HasSIDHistory = computerProps.SidHistory;
}
if (!_methods.IsComputerCollectionSet())
{
return(ret);
}
var apiName = _context.RealDNSName != null
? entry.GetDNSName(_context.RealDNSName)
: resolvedSearchResult.DisplayName;
var availability = await _computerAvailability.IsComputerAvailable(resolvedSearchResult, entry);
if (!availability.Connectable)
{
await compStatusChannel.Writer.WriteAsync(availability.GetCSVStatus(resolvedSearchResult.DisplayName),
_cancellationToken);
return(ret);
}
var samAccountName = entry.GetProperty(LDAPProperties.SAMAccountName)?.TrimEnd('$');
if ((_methods & ResolvedCollectionMethod.Session) != 0)
{
var sessionResult = await _computerSessionProcessor.ReadUserSessions(apiName,
resolvedSearchResult.ObjectId, resolvedSearchResult.Domain);
ret.Sessions = sessionResult;
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = sessionResult.Collected ? StatusSuccess : sessionResult.FailureReason,
Task = "NetSessionEnum",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if ((_methods & ResolvedCollectionMethod.LoggedOn) != 0)
{
var privSessionResult = _computerSessionProcessor.ReadUserSessionsPrivileged(apiName,
samAccountName, resolvedSearchResult.ObjectId);
ret.PrivilegedSessions = privSessionResult;
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = privSessionResult.Collected ? StatusSuccess : privSessionResult.FailureReason,
Task = "NetWkstaUserEnum",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
var registrySessionResult = _computerSessionProcessor.ReadUserSessionsRegistry(apiName,
resolvedSearchResult.Domain, resolvedSearchResult.ObjectId);
ret.RegistrySessions = registrySessionResult;
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = privSessionResult.Collected ? StatusSuccess : privSessionResult.FailureReason,
Task = "RegistrySessions",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if (!_methods.IsLocalGroupCollectionSet())
{
return(ret);
}
try
{
using var server = new SAMRPCServer(resolvedSearchResult.DisplayName, samAccountName,
resolvedSearchResult.ObjectId, resolvedSearchResult.Domain);
if ((_methods & ResolvedCollectionMethod.LocalAdmin) != 0)
{
ret.LocalAdmins = server.GetLocalGroupMembers((int)LocalGroupRids.Administrators);
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = ret.LocalAdmins.Collected ? StatusSuccess : ret.LocalAdmins.FailureReason,
Task = "AdminLocalGroup",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if ((_methods & ResolvedCollectionMethod.DCOM) != 0)
{
ret.DcomUsers = server.GetLocalGroupMembers((int)LocalGroupRids.DcomUsers);
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = ret.DcomUsers.Collected ? StatusSuccess : ret.DcomUsers.FailureReason,
Task = "DCOMLocalGroup",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if ((_methods & ResolvedCollectionMethod.PSRemote) != 0)
{
ret.PSRemoteUsers = server.GetLocalGroupMembers((int)LocalGroupRids.PSRemote);
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = ret.PSRemoteUsers.Collected ? StatusSuccess : ret.PSRemoteUsers.FailureReason,
Task = "PSRemoteLocalGroup",
ComputerName = resolvedSearchResult.DisplayName
}, _cancellationToken);
}
}
if ((_methods & ResolvedCollectionMethod.RDP) != 0)
{
ret.RemoteDesktopUsers = server.GetLocalGroupMembers((int)LocalGroupRids.RemoteDesktopUsers);
if (_context.Flags.DumpComputerStatus)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = ret.RemoteDesktopUsers.Collected
? StatusSuccess
: ret.RemoteDesktopUsers.FailureReason,
Task = "RDPLocalGroup",
ComputerName = resolvedSearchResult.DisplayName
});
}
}
}
catch (Exception e)
{
await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus
{
Status = e.ToString(),
ComputerName = resolvedSearchResult.DisplayName,
Task = "SAMRPCServerInit"
}, _cancellationToken);
ret.DcomUsers = new LocalGroupAPIResult
{
Collected = false,
FailureReason = "SAMRPCServerInit Failed"
};
ret.PSRemoteUsers = new LocalGroupAPIResult
{
Collected = false,
FailureReason = "SAMRPCServerInit Failed"
};
ret.LocalAdmins = new LocalGroupAPIResult
{
Collected = false,
FailureReason = "SAMRPCServerInit Failed"
};
ret.RemoteDesktopUsers = new LocalGroupAPIResult
{
Collected = false,
FailureReason = "SAMRPCServerInit Failed"
};
}
return(ret);
}
