private async Task <User> ProcessUserObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult)
{
var ret = new User
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
var aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry);
var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership);
ret.Aces = aces.Concat(_aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.Group) != 0)
{
var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID);
ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId);
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
var userProps = await _ldapPropertyProcessor.ReadUserProperties(entry);
ret.Properties = ContextUtils.Merge(ret.Properties, userProps.Props);
ret.HasSIDHistory = userProps.SidHistory;
ret.AllowedToDelegate = userProps.AllowedToDelegate;
}
if ((_methods & ResolvedCollectionMethod.SPNTargets) != 0)
{
var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames);
var targets = new List <SPNPrivilege>();
var enumerator = _spnProcessor.ReadSPNTargets(spn, entry.DistinguishedName)
.GetAsyncEnumerator(_cancellationToken);
while (await enumerator.MoveNextAsync())
{
targets.Add(enumerator.Current);
}
ret.SPNTargets = targets.ToArray();
}
return(ret);
}
public async Task ReadSPNTargets_SPNLengthZero_YieldBreak()
{
var processor = new SPNProcessors(new MockLDAPUtils());
var servicePrincipalNames = Array.Empty <string>();
const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local";
await foreach (var spn in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName))
{
Assert.Null(spn);
}
}
public async void ReadSPNTargets_MissingMssqlSvc_NotRead()
{
var processor = new SPNProcessors(new MockLDAPUtils());
string[] servicePrincipalNames = { "myhost.redmond.microsoft.com:1433" };
const string distinguishedName = "CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM";
await foreach (var spn in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName))
{
Assert.Null(spn);
}
}
public async void ReadSPNTargets_SuppliedPort_ParsedCorrectly()
{
var processor = new SPNProcessors(new MockLDAPUtils());
string[] servicePrincipalNames = { "MSSQLSvc/PRIMARY.TESTLAB.LOCAL:2345" };
const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local";
var expected = new SPNPrivilege
{
ComputerSID = "S-1-5-21-3130019616-2776909439-2417379446-1001", Port = 2345, Service = EdgeNames.SQLAdmin
};
await foreach (var actual in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName))
{
Assert.Equal(expected.ComputerSID, actual.ComputerSID);
Assert.Equal(expected.Port, actual.Port);
Assert.Equal(expected.Service, actual.Service);
}
}