public IList <SecurityDescriptorTarget> GetMatchingTargetsForComputer(IComputer computer, IEnumerable <SecurityDescriptorTarget> targets) { List <SecurityDescriptorTarget> matchingTargets = new List <SecurityDescriptorTarget>(); Lazy <List <SecurityIdentifier> > computerTokenSids = new Lazy <List <SecurityIdentifier> >(() => this.directory.GetTokenGroups(computer, computer.Sid.AccountDomainSid).ToList()); Lazy <List <Guid> > computerParents = new Lazy <List <Guid> >(() => computer.GetParentGuids().ToList()); foreach (var target in targets.OrderBy(t => (int)t.Type).ThenByDescending(this.targetDataProvider.GetSortOrder)) { TargetData targetData = this.targetDataProvider.GetTargetData(target); try { if (target.IsInactive()) { continue; } if (target.Type == TargetType.Container) { if (computerParents.Value.Any(t => t == targetData.ContainerGuid)) { this.logger.LogTrace($"Matched {computer.MsDsPrincipalName} to target OU {target.Target}"); matchingTargets.Add(target); } } else if (target.Type == TargetType.Computer) { if (targetData.Sid == computer.Sid) { this.logger.LogTrace($"Matched {computer.MsDsPrincipalName} to target {target.Id}"); matchingTargets.Add(target); } } else { if (this.directory.IsSidInPrincipalToken(targetData.Sid, computerTokenSids.Value)) { this.logger.LogTrace($"Matched {computer.MsDsPrincipalName} to target {target.Id}"); matchingTargets.Add(target); } } } catch (Exception ex) { this.logger.LogError(EventIDs.TargetRuleProcessingError, ex, $"An error occurred processing the target {target.Id}:{target.Type}:{target.Target}"); } } return(matchingTargets); }
public TargetData GetTargetData(SecurityDescriptorTarget target) { var item = this.targetDataCache.Get <TargetData>(target.Id); if (item == null || item.Target != target.Target) { item = new TargetData() { ContainerGuid = this.GetContainerGuid(target), Target = target.Target, Sid = this.GetSid(target), SortOrder = this.GetSortOrderInternal(target) }; } this.targetDataCache.Set(target.Id, item); return(item); }