Ejemplo n.º 1
0
        /// <summary>
        /// Updates the specified DirectoryRole using PATCH.
        /// </summary>
        /// <param name="directoryRoleToUpdate">The DirectoryRole to update.</param>
        /// <param name="cancellationToken">The <see cref="CancellationToken"/> for the request.</param>
        /// <exception cref="ClientException">Thrown when an object returned in a response is used for updating an object in Microsoft Graph.</exception>
        /// <returns>The updated DirectoryRole.</returns>
        public async System.Threading.Tasks.Task <DirectoryRole> UpdateAsync(DirectoryRole directoryRoleToUpdate, CancellationToken cancellationToken)
        {
            if (directoryRoleToUpdate.AdditionalData != null)
            {
                if (directoryRoleToUpdate.AdditionalData.ContainsKey(Constants.HttpPropertyNames.ResponseHeaders) ||
                    directoryRoleToUpdate.AdditionalData.ContainsKey(Constants.HttpPropertyNames.StatusCode))
                {
                    throw new ClientException(
                              new Error
                    {
                        Code    = GeneratedErrorConstants.Codes.NotAllowed,
                        Message = String.Format(GeneratedErrorConstants.Messages.ResponseObjectUsedForUpdate, directoryRoleToUpdate.GetType().Name)
                    });
                }
            }
            if (directoryRoleToUpdate.AdditionalData != null)
            {
                if (directoryRoleToUpdate.AdditionalData.ContainsKey(Constants.HttpPropertyNames.ResponseHeaders) ||
                    directoryRoleToUpdate.AdditionalData.ContainsKey(Constants.HttpPropertyNames.StatusCode))
                {
                    throw new ClientException(
                              new Error
                    {
                        Code    = GeneratedErrorConstants.Codes.NotAllowed,
                        Message = String.Format(GeneratedErrorConstants.Messages.ResponseObjectUsedForUpdate, directoryRoleToUpdate.GetType().Name)
                    });
                }
            }
            this.ContentType = "application/json";
            this.Method      = "PATCH";
            var updatedEntity = await this.SendAsync <DirectoryRole>(directoryRoleToUpdate, cancellationToken).ConfigureAwait(false);

            this.InitializeCollectionProperties(updatedEntity);
            return(updatedEntity);
        }
Ejemplo n.º 2
0
        public static void DirectoryRolePermissions(DirectoryRole _,
                                                    List <string> userIds,
                                                    HashSet <string> administrators)
        {
            try
            {
                var gremlinEdges = new List <GremlinEdge>();
                TryGetPermissions(_, out var permissions);

                if (permissions?.Contains("microsoft.aad.directory/users/password/update") == true)
                {
                    userIds.Where(userId => !administrators.Contains(userId)).ForEach(
                        userId =>
                        gremlinEdges.Add(
                            new GremlinEdge(
                                _.Id + userId,
                                "ForceChangePassword",
                                _.Id,
                                userId,
                                nameof(AzureAdLateralMovement.Models.BloodHound.DirectoryRole),
                                nameof(User),
                                _.Id.GetHashCode(),
                                userId.GetHashCode()
                                )));
                }

                CosmosDbHelper.RunImportEdgesBlock.Post(gremlinEdges);
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
                throw;
            }
        }
Ejemplo n.º 3
0
        public static void DirectoryRoleMembership(DirectoryRole _,
                                                   List <GroupMember> members)
        {
            var gremlinVertices = new List <GremlinVertex>();
            var gremlinEdges    = new List <GremlinEdge>();

            var vertex = new GremlinVertex(_.Id, nameof(Models.BloodHound.DirectoryRole));

            vertex.AddProperty(CosmosDbHelper.CollectionPartitionKey, _.Id.GetHashCode());
            vertex.AddProperty(nameof(_.DisplayName), _.DisplayName?.ToUpper() ?? string.Empty);

            gremlinVertices.Add(vertex);

            members.ForEach(member =>
            {
                gremlinEdges.Add(new GremlinEdge(
                                     _.Id + member.Id,
                                     "MemberOf",
                                     member.Id,
                                     _.Id,
                                     nameof(User),
                                     nameof(Models.BloodHound.DirectoryRole),
                                     member.Id.GetHashCode(),
                                     _.Id.GetHashCode()));
            });

            CosmosDbHelper.RunImportVerticesBlock.Post(gremlinVertices);
            CosmosDbHelper.RunImportEdgesBlock.Post(gremlinEdges);
        }
Ejemplo n.º 4
0
        /// <summary>
        /// Creates the specified DirectoryRole using POST.
        /// </summary>
        /// <param name="directoryRoleToCreate">The DirectoryRole to create.</param>
        /// <param name="cancellationToken">The <see cref="CancellationToken"/> for the request.</param>
        /// <returns>The created DirectoryRole.</returns>
        public async System.Threading.Tasks.Task <DirectoryRole> CreateAsync(DirectoryRole directoryRoleToCreate, CancellationToken cancellationToken)
        {
            this.ContentType = "application/json";
            this.Method      = "POST";
            var newEntity = await this.SendAsync <DirectoryRole>(directoryRoleToCreate, cancellationToken).ConfigureAwait(false);

            this.InitializeCollectionProperties(newEntity);
            return(newEntity);
        }
Ejemplo n.º 5
0
        /// <summary>
        /// Updates the specified DirectoryRole using PATCH.
        /// </summary>
        /// <param name="directoryRoleToUpdate">The DirectoryRole to update.</param>
        /// <param name="cancellationToken">The <see cref="CancellationToken"/> for the request.</param>
        /// <returns>The updated DirectoryRole.</returns>
        public async Task <DirectoryRole> UpdateAsync(DirectoryRole directoryRoleToUpdate, CancellationToken cancellationToken)
        {
            this.ContentType = "application/json";
            this.Method      = "PATCH";
            var updatedEntity = await this.SendAsync <DirectoryRole>(directoryRoleToUpdate, cancellationToken).ConfigureAwait(false);

            this.InitializeCollectionProperties(updatedEntity);
            return(updatedEntity);
        }
Ejemplo n.º 6
0
 private static void TryGetPermissions(DirectoryRole _, out List <string> permissions)
 {
     if (_?.DisplayName == null || AzureDictionaryRolesToPermissionsMapping == null)
     {
         permissions = null;
     }
     else
     {
         AzureDictionaryRolesToPermissionsMapping.TryGetValue(_.DisplayName, out permissions);
     }
 }
Ejemplo n.º 7
0
        public static void DirectoryRoleMembership(DirectoryRole _,
                                                   List <GroupMember> groupMembers)
        {
            if (_groupsOutput.IsCompleted)
            {
                _groupsOutput = new BlockingCollection <JsonBase>();
                _groupsWriter = Extensions.StartOutputWriter(_groupsOutput);
            }

            var properties = new Dictionary <string, object> {
                { nameof(_.RoleTemplateId), _.RoleTemplateId }
            };

            _groupsOutput.Add(new Models.BloodHound.DirectoryRole
            {
                Name       = _.DisplayName,
                Members    = groupMembers.ToArray(),
                Properties = properties
            });
        }
Ejemplo n.º 8
0
        /// <summary>
        /// Initializes any collection properties after deserialization, like next requests for paging.
        /// </summary>
        /// <param name="directoryRoleToInitialize">The <see cref="DirectoryRole"/> with the collection properties to initialize.</param>
        private void InitializeCollectionProperties(DirectoryRole directoryRoleToInitialize)
        {
            if (directoryRoleToInitialize != null && directoryRoleToInitialize.AdditionalData != null)
            {
                if (directoryRoleToInitialize.Members != null && directoryRoleToInitialize.Members.CurrentPage != null)
                {
                    directoryRoleToInitialize.Members.AdditionalData = directoryRoleToInitialize.AdditionalData;

                    object nextPageLink;
                    directoryRoleToInitialize.AdditionalData.TryGetValue("*****@*****.**", out nextPageLink);
                    var nextPageLinkString = nextPageLink as string;

                    if (!string.IsNullOrEmpty(nextPageLinkString))
                    {
                        directoryRoleToInitialize.Members.InitializeNextPageRequest(
                            this.Client,
                            nextPageLinkString);
                    }
                }
            }
        }
Ejemplo n.º 9
0
 /// <summary>
 /// Adds the specified DirectoryRole to the collection via POST.
 /// </summary>
 /// <param name="directoryRole">The DirectoryRole to add.</param>
 /// <param name="cancellationToken">The <see cref="CancellationToken"/> for the request.</param>
 /// <returns>The created DirectoryRole.</returns>
 public System.Threading.Tasks.Task <DirectoryRole> AddAsync(DirectoryRole directoryRole, CancellationToken cancellationToken)
 {
     this.ContentType = "application/json";
     this.Method      = "POST";
     return(this.SendAsync <DirectoryRole>(directoryRole, cancellationToken));
 }
Ejemplo n.º 10
0
 /// <summary>
 /// Adds the specified DirectoryRole to the collection via POST.
 /// </summary>
 /// <param name="directoryRole">The DirectoryRole to add.</param>
 /// <returns>The created DirectoryRole.</returns>
 public System.Threading.Tasks.Task <DirectoryRole> AddAsync(DirectoryRole directoryRole)
 {
     return(this.AddAsync(directoryRole, CancellationToken.None));
 }
Ejemplo n.º 11
0
 /// <summary>
 /// Creates the specified DirectoryRole using POST.
 /// </summary>
 /// <param name="directoryRoleToCreate">The DirectoryRole to create.</param>
 /// <returns>The created DirectoryRole.</returns>
 public System.Threading.Tasks.Task <DirectoryRole> CreateAsync(DirectoryRole directoryRoleToCreate)
 {
     return(this.CreateAsync(directoryRoleToCreate, CancellationToken.None));
 }
Ejemplo n.º 12
0
 /// <summary>
 /// Creates the specified DirectoryRole using PUT.
 /// </summary>
 /// <param name="directoryRoleToCreate">The DirectoryRole to create.</param>
 /// <returns>The created DirectoryRole.</returns>
 public Task <DirectoryRole> CreateAsync(DirectoryRole directoryRoleToCreate)
 {
     return(this.CreateAsync(directoryRoleToCreate, CancellationToken.None));
 }
Ejemplo n.º 13
0
 /// <summary>
 /// Adds the specified DirectoryRole to the collection via POST.
 /// </summary>
 /// <param name="directoryRole">The DirectoryRole to add.</param>
 /// <returns>The created DirectoryRole.</returns>
 public Task <DirectoryRole> AddAsync(DirectoryRole directoryRole)
 {
     return(this.AddAsync(directoryRole, CancellationToken.None));
 }