protected void LoadHashes(DirectoryObject dsObject, DirectorySecretDecryptor pek)
{
if (pek == null)
{
// Do not continue if we do not have a decryption key
return;
}
// NTHash:
byte[] encryptedNtHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHash, out encryptedNtHash);
if (encryptedNtHash != null)
{
this.NTHash = pek.DecryptHash(encryptedNtHash, this.Sid.GetRid());
}
// LMHash
byte[] encryptedLmHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHash, out encryptedLmHash);
if (encryptedLmHash != null)
{
this.LMHash = pek.DecryptHash(encryptedLmHash, this.Sid.GetRid());
}
// NTHashHistory:
byte[] encryptedNtHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHashHistory, out encryptedNtHashHistory);
if (encryptedNtHashHistory != null)
{
this.NTHashHistory = pek.DecryptHashHistory(encryptedNtHashHistory, this.Sid.GetRid());
}
// LMHashHistory:
byte[] encryptedLmHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHashHistory, out encryptedLmHashHistory);
if (encryptedLmHashHistory != null)
{
this.LMHashHistory = pek.DecryptHashHistory(encryptedLmHashHistory, this.Sid.GetRid());
}
// SupplementalCredentials:
byte[] encryptedSupplementalCredentials;
dsObject.ReadAttribute(CommonDirectoryAttributes.SupplementalCredentials, out encryptedSupplementalCredentials);
if (encryptedSupplementalCredentials != null)
{
byte[] binarySupplementalCredentials = pek.DecryptSecret(encryptedSupplementalCredentials);
this.SupplementalCredentials = new SupplementalCredentials(binarySupplementalCredentials);
}
}
public DSAccount(DirectoryObject dsObject, DirectorySecretDecryptor pek)
{
// Parameter validation
Validator.AssertNotNull(dsObject, "dsObject");
if (!dsObject.IsAccount)
{
// TODO: Exteption type
throw new Exception("Not an account.");
}
// Guid:
this.Guid = dsObject.Guid;
// DN:
this.DistinguishedName = dsObject.DistinguishedName;
// Sid:
this.Sid = dsObject.Sid;
// SidHistory:
dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out this.sidHistory);
// DisplayName:
dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out this.displayName);
// Description
dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out this.description);
// GivenName:
dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out this.givenName);
// Surname:
dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out this.surname);
// Security Descriptor:
dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out this.securityDescriptor);
// AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out this.adminCount);
// Enabled:
// TODO: Move to DirectoryObject?
int?numericUac;
dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out numericUac);
UserAccountControl uac = (UserAccountControl)numericUac.Value;
this.Enabled = !uac.HasFlag(UserAccountControl.Disabled);
// Deleted:
dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out this.isDeleted);
// LastLogon:
dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out this.lastLogon);
// UPN:
dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out this.upn);
// SamAccountName:
dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out this.samAccountName);
// SamAccountType:
// TODO: Move to DirectoryObject?
int?numericAccountType;
dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out numericAccountType);
this.SamAccountType = (SamAccountType)numericAccountType.Value;
// PrimaryGroupId
int?groupId;
dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out groupId);
this.PrimaryGroupId = groupId.Value;
if (pek == null)
{
// Do not continue if we do not have a decryption key
return;
}
// NTHash:
byte[] encryptedNtHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHash, out encryptedNtHash);
if (encryptedNtHash != null)
{
this.NTHash = pek.DecryptHash(encryptedNtHash, this.Sid.GetRid());
}
// LMHash
byte[] encryptedLmHash;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHash, out encryptedLmHash);
if (encryptedLmHash != null)
{
this.LMHash = pek.DecryptHash(encryptedLmHash, this.Sid.GetRid());
}
// NTHashHistory:
byte[] encryptedNtHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.NTHashHistory, out encryptedNtHashHistory);
if (encryptedNtHashHistory != null)
{
this.NTHashHistory = pek.DecryptHashHistory(encryptedNtHashHistory, this.Sid.GetRid());
}
// LMHashHistory:
byte[] encryptedLmHashHistory;
dsObject.ReadAttribute(CommonDirectoryAttributes.LMHashHistory, out encryptedLmHashHistory);
if (encryptedLmHashHistory != null)
{
this.LMHashHistory = pek.DecryptHashHistory(encryptedLmHashHistory, this.Sid.GetRid());
}
// SupplementalCredentials:
byte[] encryptedSupplementalCredentials;
dsObject.ReadAttribute(CommonDirectoryAttributes.SupplementalCredentials, out encryptedSupplementalCredentials);
if (encryptedSupplementalCredentials != null)
{
byte[] binarySupplementalCredentials = pek.DecryptSecret(encryptedSupplementalCredentials);
this.SupplementalCredentials = new SupplementalCredentials(binarySupplementalCredentials);
}
}