public void GetWellKnownPrincipal_PassingTestSid__ReturnsValidTypedPrincipal()
{
TypedPrincipal typedPrincipal;
bool result = WellKnownPrincipal.GetWellKnownPrincipal("S-1-0-0", out typedPrincipal);
Assert.True(result);
Assert.Equal(Label.User, typedPrincipal.ObjectType);
}
public void GetKnownPrincipal_PassingKnownIds_MatchesNameAndLabel()
{
foreach (var p in GetWellKnownPrincipals())
{
var result = WellKnownPrincipal.GetWellKnownPrincipal(p.sid, out var typedPrincipal);
Assert.True(result);
Assert.Equal(p.label, typedPrincipal.ObjectType);
}
}
/// <summary>
/// Extension method to determine the BloodHound type of a SearchResultEntry using LDAP properties
/// Requires ldap properties objectsid, samaccounttype, objectclass
/// </summary>
/// <param name="entry"></param>
/// <returns></returns>
public static Label GetLabel(this SearchResultEntry entry)
{
//Test if we have the msds-groupmsamembership property first. We want to override this as a user object
if (entry.GetPropertyAsBytes("msds-groupmsamembership") != null)
{
return(Label.User);
}
var objectId = entry.GetObjectIdentifier();
if (objectId.StartsWith("S-1") && WellKnownPrincipal.GetWellKnownPrincipal(objectId, out var commonPrincipal))
{
return(commonPrincipal.ObjectType);
}
var objectType = Label.Unknown;
var samAccountType = entry.GetProperty("samaccounttype");
//Its not a common principal. Lets use properties to figure out what it actually is
if (samAccountType != null)
{
objectType = Helpers.SamAccountTypeToType(samAccountType);
}
else
{
var objectClasses = entry.GetPropertyAsArray("objectClass");
if (objectClasses == null)
{
objectType = Label.Unknown;
}
else if (objectClasses.Contains("groupPolicyContainer"))
{
objectType = Label.GPO;
}
else if (objectClasses.Contains("organizationalUnit"))
{
objectType = Label.OU;
}
else if (objectClasses.Contains("domain"))
{
objectType = Label.Domain;
}
else if (objectClasses.Contains("container"))
{
objectType = Label.Container;
}
}
return(objectType);
}
