internal static async Task <LdapTypeEnum> LookupSidType(string sid)
{
if (CommonPrincipal.GetCommonSid(sid, out var principal))
{
return(principal.Type);
}
if (Cache.Instance.GetSidType(sid, out var type))
{
return(type);
}
if (Options.Instance.DomainController != null)
{
type = await LookupSidTypeLdap(sid);
}
else
{
type = LookupSidTypeAPI(sid);
}
Cache.Instance.Add(sid, type);
return(type);
}
/// <summary>
/// Prepends a common sid with the domain prefix, or just returns the sid back
/// </summary>
/// <param name="sid"></param>
/// <param name="domain"></param>
/// <returns>Prepended SID or same sid</returns>
internal static string ConvertCommonSid(string sid, string domain)
{
if (CommonPrincipal.GetCommonSid(sid, out _))
{
if (sid == "S-1-5-9")
{
var forest = GetForestName(domain);
OutputTasks.SeenCommonPrincipals.TryAdd(forest, sid);
return($"{forest}-{sid}".ToUpper());
}
var nDomain = NormalizeDomainName(domain);
OutputTasks.SeenCommonPrincipals.TryAdd(nDomain, sid);
return($"{nDomain}-{sid}");
}
return(sid);
}
/// <summary>
/// Extension method to determine the type of a SearchResultEntry.
/// Requires objectsid, samaccounttype, objectclass
/// </summary>
/// <param name="searchResultEntry"></param>
/// <returns></returns>
public static LdapTypeEnum GetLdapType(this SearchResultEntry searchResultEntry)
{
var objectSid = searchResultEntry.GetSid();
if (CommonPrincipal.GetCommonSid(objectSid, out var commonPrincipal))
{
return(commonPrincipal.Type);
}
var objectType = LdapTypeEnum.Unknown;
var samAccountType = searchResultEntry.GetProperty("samaccounttype");
//Its not a common principal. Lets use properties to figure out what it actually is
if (samAccountType != null)
{
if (samAccountType == "805306370")
{
return(LdapTypeEnum.Unknown);
}
objectType = Helpers.SamAccountTypeToType(samAccountType);
}
else
{
var objectClasses = searchResultEntry.GetPropertyAsArray("objectClass");
if (objectClasses == null)
{
objectType = LdapTypeEnum.Unknown;
}
else if (objectClasses.Contains("groupPolicyContainer"))
{
objectType = LdapTypeEnum.GPO;
}
else if (objectClasses.Contains("organizationalUnit"))
{
objectType = LdapTypeEnum.OU;
}
else if (objectClasses.Contains("domain"))
{
objectType = LdapTypeEnum.Domain;
}
}
return(objectType);
}
/// <summary>
/// Does some common checks on a SID, and attempts to find the type of the object
/// </summary>
/// <param name="sid"></param>
/// <param name="domain"></param>
/// <returns></returns>
internal static async Task <(string finalSid, LdapTypeEnum type)> ResolveSidAndGetType(string sid, string domain)
{
if (sid.Contains("0ACNF"))
{
return(null, LdapTypeEnum.Unknown);
}
if (CommonPrincipal.GetCommonSid(sid, out var commonPrincipal))
{
var newSid = Helpers.ConvertCommonSid(sid, domain);
return(newSid, commonPrincipal.Type);
}
if (Cache.Instance.GetSidType(sid, out var type))
{
return(sid, type);
}
type = await LookupSidType(sid, domain);
Cache.Instance.Add(sid, type);
return(sid, type);
}
