protected void LoadHashes(DirectoryObject dsObject, DirectorySecretDecryptor pek)
{
if (pek == null)
{
// Do not continue if we do not have a decryption key
return;
}
// NTHash:
byte[] encryptedNtHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHash, out encryptedNtHash);
if (encryptedNtHash != null)
{
this.NTHash = pek.DecryptHash(encryptedNtHash, this.Sid.GetRid());
}
// LMHash
byte[] encryptedLmHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHash, out encryptedLmHash);
if (encryptedLmHash != null)
{
this.LMHash = pek.DecryptHash(encryptedLmHash, this.Sid.GetRid());
}
// NTHashHistory:
byte[] encryptedNtHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHashHistory, out encryptedNtHashHistory);
if (encryptedNtHashHistory != null)
{
this.NTHashHistory = pek.DecryptHashHistory(encryptedNtHashHistory, this.Sid.GetRid());
}
// LMHashHistory:
byte[] encryptedLmHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHashHistory, out encryptedLmHashHistory);
if (encryptedLmHashHistory != null)
{
this.LMHashHistory = pek.DecryptHashHistory(encryptedLmHashHistory, this.Sid.GetRid());
}
// SupplementalCredentials:
byte[] encryptedSupplementalCredentials;
dsObject.ReadAttribute(CommonDirectoryAttributes.SupplementalCredentials, out encryptedSupplementalCredentials);
if (encryptedSupplementalCredentials != null)
{
byte[] binarySupplementalCredentials = pek.DecryptSecret(encryptedSupplementalCredentials);
this.SupplementalCredentials = new SupplementalCredentials(binarySupplementalCredentials);
}
}
public DPAPIBackupKey(DirectoryObject dsObject, DirectorySecretDecryptor pek)
{
// Parameter validation
Validator.AssertNotNull(dsObject, "dsObject");
Validator.AssertNotNull(pek, "pek");
// TODO: Test Object type
// Decrypt the secret value
byte[] encryptedSecret;
dsObject.ReadAttribute(CommonDirectoryAttributes.CurrentValue, out encryptedSecret);
this.RawKeyData = pek.DecryptSecret(encryptedSecret);
// Parse DN to get key ID or pointer type:
this.DistinguishedName = dsObject.DistinguishedName;
var keyName = GetSecretNameFromDN(this.DistinguishedName);
switch (keyName)
{
case null:
// We could not parse the DN, so exit with Unknown as the key type
this.Type = DPAPIBackupKeyType.Unknown;
break;
case PreferredRSAKeyPointerName:
this.Type = DPAPIBackupKeyType.PreferredRSAKeyPointer;
// Interpret the raw data as Guid
this.KeyId = new Guid(this.RawKeyData);
break;
case PreferredLegacyKeyPointerName:
this.Type = DPAPIBackupKeyType.PreferredLegacyKeyPointer;
// Interpret the raw data as Guid
this.KeyId = new Guid(this.RawKeyData);
break;
default:
// Actual Key, so we parse its Guid and version
this.KeyId = Guid.Parse(keyName);
int version = BitConverter.ToInt32(this.RawKeyData, KeyVersionOffset);
switch (version)
{
case 1:
this.Type = DPAPIBackupKeyType.LegacyKey;
// Cut the version out of the data
this.RawKeyData = this.RawKeyData.Cut(KeyVersionSize);
break;
case 2:
this.Type = DPAPIBackupKeyType.RSAKey;
// Combine the certificate and key into PFX and replace the original decrypted data
this.RawKeyData = ConvertRSASecretToPFX(this.RawKeyData);
break;
}
break;
}
}
/// <summary>
/// Loads credential roaming objects and timestamps.
/// </summary>
protected void LoadRoamedCredentials(DirectoryObject dsObject)
{
try
{
byte[] roamingTimeStamp;
dsObject.ReadAttribute(CommonDirectoryAttributes.PKIRoamingTimeStamp, out roamingTimeStamp);
if (roamingTimeStamp == null)
{
// This account does not have roamed credentials, so we skip their processing
return;
}
// The 16B of the value consist of two 8B actual time stamps.
long createdTimeStamp = BitConverter.ToInt64(roamingTimeStamp, 0);
long modifiedTimeStamp = BitConverter.ToInt64(roamingTimeStamp, sizeof(long));
this.RoamedCredentialsCreated = DateTime.FromFileTime(createdTimeStamp);
this.RoamedCredentialsModified = DateTime.FromFileTime(modifiedTimeStamp);
byte[][] masterKeyBlobs;
dsObject.ReadLinkedValues(CommonDirectoryAttributes.PKIDPAPIMasterKeys, out masterKeyBlobs);
byte[][] credentialBlobs;
dsObject.ReadLinkedValues(CommonDirectoryAttributes.PKIAccountCredentials, out credentialBlobs);
// Parse the blobs and combine them into one array.
var credentials = new List <RoamedCredential>();
if (masterKeyBlobs != null)
{
foreach (var blob in masterKeyBlobs)
{
credentials.Add(new RoamedCredential(blob, this.SamAccountName, this.Sid));
}
}
if (credentialBlobs != null)
{
foreach (var blob in credentialBlobs)
{
credentials.Add(new RoamedCredential(blob, this.SamAccountName, this.Sid));
}
}
this.RoamedCredentials = credentials.ToArray();
}
catch (SchemaAttributeNotFoundException)
{
// These attributes have been added in Windows Server 2008, so they might not be present on older DCs.
}
}
public DPAPIBackupKey(DirectoryObject dsObject, DirectorySecretDecryptor pek)
{
// Parameter validation
Validator.AssertNotNull(dsObject, "dsObject");
Validator.AssertNotNull(pek, "pek");
// TODO: Test Object type
// Decrypt the secret value
byte[] encryptedSecret;
dsObject.ReadAttribute(CommonDirectoryAttributes.CurrentValue, out encryptedSecret);
this.RawKeyData = pek.DecryptSecret(encryptedSecret);
// Parse DN to get key ID or pointer type:
this.DistinguishedName = dsObject.DistinguishedName;
var keyName = GetSecretNameFromDN(this.DistinguishedName);
switch(keyName)
{
case null:
// We could not parse the DN, so exit with Unknown as the key type
this.Type = DPAPIBackupKeyType.Unknown;
break;
case PreferredRSAKeyPointerName:
this.Type = DPAPIBackupKeyType.PreferredRSAKeyPointer;
// Interpret the raw data as Guid
this.KeyId = new Guid(this.RawKeyData);
break;
case PreferredLegacyKeyPointerName:
this.Type = DPAPIBackupKeyType.PreferredLegacyKeyPointer;
// Interpret the raw data as Guid
this.KeyId = new Guid(this.RawKeyData);
break;
default:
// Actual Key, so we parse its Guid and version
this.KeyId = Guid.Parse(keyName);
int version = BitConverter.ToInt32(this.RawKeyData, KeyVersionOffset);
switch(version)
{
case 1:
this.Type = DPAPIBackupKeyType.LegacyKey;
// Cut the version out of the data
this.RawKeyData = this.RawKeyData.Cut(KeyVersionSize);
break;
case 2:
this.Type = DPAPIBackupKeyType.RSAKey;
// Combine the certificate and key into PFX and replace the original decrypted data
this.RawKeyData = ConvertRSASecretToPFX(this.RawKeyData);
break;
}
break;
}
}
private const uint PVKHeaderKeySpec = 1; // = AT_KEYEXCHANGE
public DPAPIBackupKey(DirectoryObject dsObject, DirectorySecretDecryptor pek)
{
// Parameter validation
Validator.AssertNotNull(dsObject, "dsObject");
Validator.AssertNotNull(pek, "pek");
// TODO: Test Object type
// Decrypt the secret value
byte[] encryptedSecret;
dsObject.ReadAttribute(CommonDirectoryAttributes.CurrentValue, out encryptedSecret);
byte[] decryptedBlob = pek.DecryptSecret(encryptedSecret);
// Initialize properties
this.Initialize(dsObject.DistinguishedName, decryptedBlob);
}
public DSAccount(DirectoryObject dsObject, DirectorySecretDecryptor pek)
{
// Parameter validation
Validator.AssertNotNull(dsObject, "dsObject");
if (!dsObject.IsAccount)
{
// TODO: Exteption type
throw new Exception("Not an account.");
}
// Guid:
this.Guid = dsObject.Guid;
// DN:
this.DistinguishedName = dsObject.DistinguishedName;
// Sid:
this.Sid = dsObject.Sid;
// SidHistory:
dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out this.sidHistory);
// DisplayName:
dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out this.displayName);
// Description
dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out this.description);
// GivenName:
dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out this.givenName);
// Surname:
dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out this.surname);
// Security Descriptor:
dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out this.securityDescriptor);
// AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out this.adminCount);
// Enabled:
// TODO: Move to DirectoryObject?
int?numericUac;
dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out numericUac);
UserAccountControl uac = (UserAccountControl)numericUac.Value;
this.Enabled = !uac.HasFlag(UserAccountControl.Disabled);
// Deleted:
dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out this.isDeleted);
// LastLogon:
dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out this.lastLogon);
// UPN:
dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out this.upn);
// SamAccountName:
dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out this.samAccountName);
// SamAccountType:
// TODO: Move to DirectoryObject?
int?numericAccountType;
dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out numericAccountType);
this.SamAccountType = (SamAccountType)numericAccountType.Value;
// PrimaryGroupId
int?groupId;
dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out groupId);
this.PrimaryGroupId = groupId.Value;
if (pek == null)
{
// Do not continue if we do not have a decryption key
return;
}
// NTHash:
byte[] encryptedNtHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHash, out encryptedNtHash);
if (encryptedNtHash != null)
{
this.NTHash = pek.DecryptHash(encryptedNtHash, this.Sid.GetRid());
}
// LMHash
byte[] encryptedLmHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHash, out encryptedLmHash);
if (encryptedLmHash != null)
{
this.LMHash = pek.DecryptHash(encryptedLmHash, this.Sid.GetRid());
}
// NTHashHistory:
byte[] encryptedNtHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHashHistory, out encryptedNtHashHistory);
if (encryptedNtHashHistory != null)
{
this.NTHashHistory = pek.DecryptHashHistory(encryptedNtHashHistory, this.Sid.GetRid());
}
// LMHashHistory:
byte[] encryptedLmHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHashHistory, out encryptedLmHashHistory);
if (encryptedLmHashHistory != null)
{
this.LMHashHistory = pek.DecryptHashHistory(encryptedLmHashHistory, this.Sid.GetRid());
}
// SupplementalCredentials:
byte[] encryptedSupplementalCredentials;
dsObject.ReadAttribute(CommonDirectoryAttributes.SupplementalCredentials, out encryptedSupplementalCredentials);
if (encryptedSupplementalCredentials != null)
{
byte[] binarySupplementalCredentials = pek.DecryptSecret(encryptedSupplementalCredentials);
this.SupplementalCredentials = new SupplementalCredentials(binarySupplementalCredentials);
}
}
protected void LoadAccountInfo(DirectoryObject dsObject)
{
// Guid:
this.Guid = dsObject.Guid;
// DN:
this.DistinguishedName = dsObject.DistinguishedName;
// Sid:
this.Sid = dsObject.Sid;
// SidHistory:
dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out this.sidHistory);
// DisplayName:
dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out this.displayName);
// Description
dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out this.description);
// GivenName:
dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out this.givenName);
// Surname:
dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out this.surname);
// Security Descriptor:
dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out this.securityDescriptor);
// AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out this.adminCount);
// Service Principal Name(s)
dsObject.ReadAttribute(CommonDirectoryAttributes.ServicePrincipalName, out this.spn);
// UAC:
int?numericUac;
dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out numericUac);
this.UserAccountControl = (UserAccountControl)numericUac.Value;
// Deleted:
dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out this.isDeleted);
// LastLogon:
dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out this.lastLogon);
// UPN:
dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out this.upn);
// SamAccountName:
dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out this.samAccountName);
// SamAccountType:
int?numericAccountType;
dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out numericAccountType);
this.SamAccountType = (SamAccountType)numericAccountType.Value;
// PrimaryGroupId
int?groupId;
dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out groupId);
this.PrimaryGroupId = groupId.Value;
//memberOf
// dsObject.ReadAttribute(CommonDirectoryAttributes.Member, out this.member);
}
protected void LoadAccountInfo(DirectoryObject dsObject)
{
// Guid:
this.Guid = dsObject.Guid;
// DN:
this.DistinguishedName = dsObject.DistinguishedName;
// Sid:
this.Sid = dsObject.Sid;
// SidHistory:
dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out SecurityIdentifier[] sidHistory);
this.SidHistory = sidHistory;
// DisplayName:
dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out string displayName);
this.DisplayName = displayName;
// Description
dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out string description);
this.Description = description;
// GivenName:
dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out string givenName);
this.GivenName = givenName;
// Surname:
dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out string surname);
this.Surname = surname;
// Security Descriptor:
dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out RawSecurityDescriptor securityDescriptor);
this.SecurityDescriptor = securityDescriptor;
// AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out bool adminCount);
this.AdminCount = adminCount;
// Service Principal Name(s)
dsObject.ReadAttribute(CommonDirectoryAttributes.ServicePrincipalName, out string[] spn);
this.ServicePrincipalName = spn;
// UAC:
dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out int?numericUac);
this.UserAccountControl = (UserAccountControl)numericUac.Value;
// Deleted:
dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out bool isDeleted);
this.Deleted = isDeleted;
// LastLogon:
dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out DateTime? lastLogon);
this.LastLogon = lastLogon;
// UPN:
dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out string upn);
this.UserPrincipalName = upn;
// SamAccountName:
dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out string samAccountName);
this.SamAccountName = samAccountName;
// SamAccountType:
dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out int?numericAccountType);
this.SamAccountType = (SamAccountType)numericAccountType.Value;
// PrimaryGroupId
dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out int?groupId);
this.PrimaryGroupId = groupId.Value;
}
public KdsRootKey(DirectoryObject dsObject)
{
// Parameter validation
Validator.AssertNotNull(dsObject, "dsObject");
// TODO: Validate object type
// Key format version
// TODO: Check that format == 1
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsVersion, out this.version);
// Domain controller DN
DistinguishedName dcDN;
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsDomainController, out dcDN);
this.DomainController = dcDN.ToString();
// Private key
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsPrivateKey, out this.privateKey);
// Creation time
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsCreationTime, out this.creationTime);
// Effective time
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsEffectiveTime, out this.effectiveTime);
// Guid
string cn;
dsObject.ReadAttribute(CommonDirectoryAttributes.CommonName, out cn);
this.KeyId = Guid.Parse(cn);
// KDF algorithm
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsKdfAlgorithm, out this.kdfAlgorithmName);
// KDF algorithm parameters (only 1 in current implementation)
byte[] rawKdfParams;
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsKdfParameters, out rawKdfParams);
this.KdfParameters = ParseKdfParameters(rawKdfParams);
// Secret agreement algorithm
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsSecretAgreementAlgorithm, out this.secretAgreementAlgorithmName);
// Secret agreement algorithm parameters
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsSecretAgreementParameters, out this.secretAgreementAlgorithmParam);
// Secret agreement private key length
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsSecretAgreementPrivateKeyLength, out this.privateKeyLength);
// Secret agreement public key length
dsObject.ReadAttribute(CommonDirectoryAttributes.KdsSecretAgreementPublicKeyLength, out this.publicKeyLength);
}
protected void LoadAccountInfo(DirectoryObject dsObject, string netBIOSDomainName)
{
// Guid:
this.Guid = dsObject.Guid;
// DN:
this.DistinguishedName = dsObject.DistinguishedName;
// Sid:
this.Sid = dsObject.Sid;
// SidHistory:
dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out SecurityIdentifier[] sidHistory);
this.SidHistory = sidHistory;
// DisplayName:
dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out string displayName);
this.DisplayName = displayName;
// Description
dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out string description);
this.Description = description;
// GivenName:
dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out string givenName);
this.GivenName = givenName;
// Surname:
dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out string surname);
this.Surname = surname;
// Security Descriptor:
dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out RawSecurityDescriptor securityDescriptor);
this.SecurityDescriptor = securityDescriptor;
// AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out bool adminCount);
this.AdminCount = adminCount;
// Service Principal Name(s)
dsObject.ReadAttribute(CommonDirectoryAttributes.ServicePrincipalName, out string[] spn);
this.ServicePrincipalName = spn;
// UAC:
dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out int?numericUac);
this.UserAccountControl = (UserAccountControl)numericUac.Value;
// Deleted:
dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out bool isDeleted);
this.Deleted = isDeleted;
// LastLogon:
dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out DateTime? lastLogon);
this.LastLogon = lastLogon;
dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogonTimestamp, out DateTime? lastLogonTimestamp);
this.LastLogonTimestamp = lastLogonTimestamp;
// UPN:
dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out string upn);
this.UserPrincipalName = upn;
// SamAccountName + LogonName:
dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out string samAccountName);
this.SamAccountName = samAccountName;
this.LogonName = new NTAccount(netBIOSDomainName, samAccountName).Value;
// SamAccountType:
dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out int?numericAccountType);
this.SamAccountType = (SamAccountType)numericAccountType.Value;
// PrimaryGroupId
dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out int?groupId);
this.PrimaryGroupId = groupId.Value;
// SuportedEncryptionTypes
dsObject.ReadAttribute(CommonDirectoryAttributes.SupportedEncryptionTypes, out int?numericSupportedEncryptionTypes);
// Note: The value is store as int in the DB, but the documentation says that it is an unsigned int
this.SupportedEncryptionTypes = (SupportedEncryptionTypes?)numericSupportedEncryptionTypes;
}
public DSAccount(DirectoryObject dsObject, DirectorySecretDecryptor pek)
{
// Parameter validation
Validator.AssertNotNull(dsObject, "dsObject");
if(!dsObject.IsAccount)
{
// TODO: Exteption type
throw new Exception("Not an account.");
}
// Guid:
this.Guid = dsObject.Guid;
// DN:
this.DistinguishedName = dsObject.DistinguishedName;
// Sid:
this.Sid = dsObject.Sid;
// SidHistory:
dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out this.sidHistory);
// DisplayName:
dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out this.displayName);
// Description
dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out this.description);
// GivenName:
dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out this.givenName);
// Surname:
dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out this.surname);
// Enabled:
// TODO: Move to DirectoryObject?
int? numericUac;
dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out numericUac);
UserAccountControl uac = (UserAccountControl)numericUac.Value;
this.Enabled = !uac.HasFlag(UserAccountControl.Disabled);
// Deleted:
dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out this.isDeleted);
// LastLogon:
dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out this.lastLogon);
// UPN:
dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out this.upn);
// SamAccountName:
dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out this.samAccountName);
// SamAccountType:
// TODO: Move to DirectoryObject?
int? numericAccountType;
dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out numericAccountType);
this.SamAccountType = (SamAccountType)numericAccountType.Value;
// PrimaryGroupId
int? groupId;
dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out groupId);
this.PrimaryGroupId = groupId.Value;
if(pek == null)
{
// Do not continue if we do not have a decryption key
return;
}
// NTHash:
byte[] encryptedNtHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHash, out encryptedNtHash);
if(encryptedNtHash != null)
{
this.NTHash = pek.DecryptHash(encryptedNtHash, this.Sid.GetRid());
}
// LMHash
byte[] encryptedLmHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHash, out encryptedLmHash);
if (encryptedLmHash != null)
{
this.LMHash = pek.DecryptHash(encryptedLmHash, this.Sid.GetRid());
}
// NTHashHistory:
byte[] encryptedNtHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHashHistory, out encryptedNtHashHistory);
if (encryptedNtHashHistory != null)
{
this.NTHashHistory = pek.DecryptHashHistory(encryptedNtHashHistory, this.Sid.GetRid());
}
// LMHashHistory:
byte[] encryptedLmHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHashHistory, out encryptedLmHashHistory);
if (encryptedLmHashHistory != null)
{
this.LMHashHistory = pek.DecryptHashHistory(encryptedLmHashHistory, this.Sid.GetRid());
}
// SupplementalCredentials:
byte[] encryptedSupplementalCredentials;
dsObject.ReadAttribute(CommonDirectoryAttributes.SupplementalCredentials, out encryptedSupplementalCredentials);
if (encryptedSupplementalCredentials != null)
{
byte[] binarySupplementalCredentials = pek.DecryptSecret(encryptedSupplementalCredentials);
this.SupplementalCredentials = new SupplementalCredentials(binarySupplementalCredentials);
}
}