private static void DumpClaims(KerberosIdentity validated) { WriteLine(); WriteLine($"UserName: {validated.Name}"); WriteLine($"AuthType: {validated.AuthenticationType}"); WriteLine($"Validated by: {validated.ValidationMode}"); foreach (var kv in validated.Restrictions) { WriteLine($"Restriction: {kv.Key}"); foreach (var restriction in kv.Value) { WriteLine($"Type: {restriction.Type}"); WriteLine($"Value: {restriction}"); if (restriction is PrivilegedAttributeCertificate pac) { WriteLine($"{pac.DelegationInformation}"); } } WriteLine(); } WriteLine(); foreach (var claim in validated.Claims) { WriteLine($"Type: {claim.Type}"); WriteLine($"Value: {claim.Value}"); WriteLine(); } }
private static IEnumerable <T> AssertAllAreRestrictionType <T>(KerberosIdentity identity, AuthorizationDataType type, int expectedCount) where T : Restriction { if (identity.Restrictions.TryGetValue(type, out IEnumerable <Restriction> restrictions)) { Assert.IsNotNull(restrictions); } Assert.AreEqual(expectedCount, restrictions.Count()); var typedRestrictions = restrictions.Select(r => r as T).Where(r => r != null); Assert.AreEqual(expectedCount, typedRestrictions.Count()); return(typedRestrictions); }
private static void DumpClaims(KerberosIdentity validated) { WriteLine(); WriteLine($"UserName: {validated.Name}"); WriteLine($"AuthType: {validated.AuthenticationType}"); WriteLine($"Validated by: {validated.ValidationMode}"); foreach (var restriction in validated.Restrictions) { WriteLine($"Restriction: {restriction.Key}"); } WriteLine(); foreach (var claim in validated.Claims) { WriteLine($"Type: {claim.Type}"); WriteLine($"Value: {claim.Value}"); WriteLine(); } }
internal void DescribeTicket(KerberosIdentity identity) { this.WriteLine(); var adpac = identity.Restrictions.FirstOrDefault(r => r.Key == AuthorizationDataType.AdWin2kPac); var pac = (PrivilegedAttributeCertificate)adpac.Value?.FirstOrDefault(); var properties = new List <(string, object)>() { (SR.Resource("CommandLine_WhoAmI_UserName"), $"{identity.Name}"), }; if (this.All || this.Logon) { var objects = new object[] { pac.LogonInfo, pac.ClientInformation, pac.DelegationInformation, pac.UpnDomainInformation, pac.CredentialType }; GetObjectProperties(objects, properties); } if (this.All || this.Claims) { var others = new List <Claim>(); foreach (var claim in identity.Claims) { if (claim.Type == ClaimTypes.Role || claim.Type == ClaimTypes.GroupSid) { continue; } else { others.Add(claim); } } properties.Add(("", SR.Resource("CommandLine_WhoAmI_Claims"))); foreach (var claim in others) { properties.Add((CollapseSchemaUrl(claim.Type), claim.Value)); } } this.WriteProperties(properties); if (this.All || this.Groups) { this.WriteLine(); this.WriteHeader(SR.Resource("CommandLine_WhoAmI_Groups")); this.WriteLine(); var certSids = new List <SecurityIdentifier>(); if (pac.CredentialType != null) { certSids.Add(SecurityIdentifier.WellKnown.ThisOrganizationCertificate); } var sids = certSids.Union(pac.LogonInfo.ExtraSids).Union(pac.LogonInfo.GroupSids).Union(pac.LogonInfo.ResourceGroups).Select(s => new { Sid = s, Name = SecurityIdentifierNames.GetFriendlyName(s.Value, pac.LogonInfo.DomainSid.Value) }); var max = sids.Max(s => s.Sid.Value.Length); var maxName = sids.Max(s => s.Name?.Length ?? 0); foreach (var group in sids.OrderBy(c => c.Sid.Value)) { this.WriteLine(1, string.Format("{0} {1} {{Attr}}", (group.Name ?? "").PadRight(maxName), group.Sid.Value.PadRight(max)), group.Sid.Attributes); } } }
private void DescribeTicket(KerberosIdentity identity) { this.IO.Writer.WriteLine(); var properties = new List <(string, string)> { ("CommandLine_WhoAmI_UserName", $"{identity.Name}"), }; var groups = new List <Claim>(); var others = new List <Claim>(); foreach (var claim in identity.Claims) { if (claim.Type == ClaimTypes.Role) { continue; } else if (claim.Type == ClaimTypes.GroupSid) { groups.Add(claim); } else { others.Add(claim); } } properties.Add(("", SR.Resource("CommandLine_WhoAmI_Claims"))); foreach (var claim in others) { properties.Add((CollapseSchemaUrl(claim.Type), claim.Value)); } properties.Add(("", SR.Resource("CommandLine_WhoAmI_Groups"))); foreach (var group in groups.OrderBy(c => c.Value.Length)) { properties.Add((group.Value, "")); } var max = properties.Where(p => !string.IsNullOrWhiteSpace(p.Item2)).Max(p => p.Item1.Length) + 5; if (max > 50) { max = 50; } foreach (var prop in properties) { if (string.IsNullOrWhiteSpace(prop.Item1)) { this.IO.Writer.WriteLine(); this.IO.Writer.WriteLine(prop.Item2); this.IO.Writer.WriteLine(); continue; } string key; if (string.IsNullOrWhiteSpace(prop.Item2)) { key = SR.Resource(prop.Item1); } else { key = string.Format("{0}: ", SR.Resource(prop.Item1)).PadLeft(max).PadRight(max); } this.IO.Writer.Write(key); this.IO.Writer.WriteLine(prop.Item2); } this.IO.Writer.WriteLine(); }