private static void DumpClaims(KerberosIdentity validated)
{
WriteLine();
WriteLine($"UserName: {validated.Name}");
WriteLine($"AuthType: {validated.AuthenticationType}");
WriteLine($"Validated by: {validated.ValidationMode}");
foreach (var kv in validated.Restrictions)
{
WriteLine($"Restriction: {kv.Key}");
foreach (var restriction in kv.Value)
{
WriteLine($"Type: {restriction.Type}");
WriteLine($"Value: {restriction}");
if (restriction is PrivilegedAttributeCertificate pac)
{
WriteLine($"{pac.DelegationInformation}");
}
}
WriteLine();
}
WriteLine();
foreach (var claim in validated.Claims)
{
WriteLine($"Type: {claim.Type}");
WriteLine($"Value: {claim.Value}");
WriteLine();
}
}
private static IEnumerable <T> AssertAllAreRestrictionType <T>(KerberosIdentity identity, AuthorizationDataType type, int expectedCount)
where T : Restriction
{
if (identity.Restrictions.TryGetValue(type, out IEnumerable <Restriction> restrictions))
{
Assert.IsNotNull(restrictions);
}
Assert.AreEqual(expectedCount, restrictions.Count());
var typedRestrictions = restrictions.Select(r => r as T).Where(r => r != null);
Assert.AreEqual(expectedCount, typedRestrictions.Count());
return(typedRestrictions);
}
private static void DumpClaims(KerberosIdentity validated)
{
WriteLine();
WriteLine($"UserName: {validated.Name}");
WriteLine($"AuthType: {validated.AuthenticationType}");
WriteLine($"Validated by: {validated.ValidationMode}");
foreach (var restriction in validated.Restrictions)
{
WriteLine($"Restriction: {restriction.Key}");
}
WriteLine();
foreach (var claim in validated.Claims)
{
WriteLine($"Type: {claim.Type}");
WriteLine($"Value: {claim.Value}");
WriteLine();
}
}
internal void DescribeTicket(KerberosIdentity identity)
{
this.WriteLine();
var adpac = identity.Restrictions.FirstOrDefault(r => r.Key == AuthorizationDataType.AdWin2kPac);
var pac = (PrivilegedAttributeCertificate)adpac.Value?.FirstOrDefault();
var properties = new List <(string, object)>()
{
(SR.Resource("CommandLine_WhoAmI_UserName"), $"{identity.Name}"),
};
if (this.All || this.Logon)
{
var objects = new object[]
{
pac.LogonInfo,
pac.ClientInformation,
pac.DelegationInformation,
pac.UpnDomainInformation,
pac.CredentialType
};
GetObjectProperties(objects, properties);
}
if (this.All || this.Claims)
{
var others = new List <Claim>();
foreach (var claim in identity.Claims)
{
if (claim.Type == ClaimTypes.Role || claim.Type == ClaimTypes.GroupSid)
{
continue;
}
else
{
others.Add(claim);
}
}
properties.Add(("", SR.Resource("CommandLine_WhoAmI_Claims")));
foreach (var claim in others)
{
properties.Add((CollapseSchemaUrl(claim.Type), claim.Value));
}
}
this.WriteProperties(properties);
if (this.All || this.Groups)
{
this.WriteLine();
this.WriteHeader(SR.Resource("CommandLine_WhoAmI_Groups"));
this.WriteLine();
var certSids = new List <SecurityIdentifier>();
if (pac.CredentialType != null)
{
certSids.Add(SecurityIdentifier.WellKnown.ThisOrganizationCertificate);
}
var sids = certSids.Union(pac.LogonInfo.ExtraSids).Union(pac.LogonInfo.GroupSids).Union(pac.LogonInfo.ResourceGroups).Select(s => new
{
Sid = s,
Name = SecurityIdentifierNames.GetFriendlyName(s.Value, pac.LogonInfo.DomainSid.Value)
});
var max = sids.Max(s => s.Sid.Value.Length);
var maxName = sids.Max(s => s.Name?.Length ?? 0);
foreach (var group in sids.OrderBy(c => c.Sid.Value))
{
this.WriteLine(1, string.Format("{0} {1} {{Attr}}", (group.Name ?? "").PadRight(maxName), group.Sid.Value.PadRight(max)), group.Sid.Attributes);
}
}
}
private void DescribeTicket(KerberosIdentity identity)
{
this.IO.Writer.WriteLine();
var properties = new List <(string, string)>
{
("CommandLine_WhoAmI_UserName", $"{identity.Name}"),
};
var groups = new List <Claim>();
var others = new List <Claim>();
foreach (var claim in identity.Claims)
{
if (claim.Type == ClaimTypes.Role)
{
continue;
}
else if (claim.Type == ClaimTypes.GroupSid)
{
groups.Add(claim);
}
else
{
others.Add(claim);
}
}
properties.Add(("", SR.Resource("CommandLine_WhoAmI_Claims")));
foreach (var claim in others)
{
properties.Add((CollapseSchemaUrl(claim.Type), claim.Value));
}
properties.Add(("", SR.Resource("CommandLine_WhoAmI_Groups")));
foreach (var group in groups.OrderBy(c => c.Value.Length))
{
properties.Add((group.Value, ""));
}
var max = properties.Where(p => !string.IsNullOrWhiteSpace(p.Item2)).Max(p => p.Item1.Length) + 5;
if (max > 50)
{
max = 50;
}
foreach (var prop in properties)
{
if (string.IsNullOrWhiteSpace(prop.Item1))
{
this.IO.Writer.WriteLine();
this.IO.Writer.WriteLine(prop.Item2);
this.IO.Writer.WriteLine();
continue;
}
string key;
if (string.IsNullOrWhiteSpace(prop.Item2))
{
key = SR.Resource(prop.Item1);
}
else
{
key = string.Format("{0}: ", SR.Resource(prop.Item1)).PadLeft(max).PadRight(max);
}
this.IO.Writer.Write(key);
this.IO.Writer.WriteLine(prop.Item2);
}
this.IO.Writer.WriteLine();
}