public async Task ComputerSessionProcessor_ReadUserSessions_ResolvesLocalHostEquivalent()
{
var mockNativeMethods = new Mock <NativeMethods>();
var apiResult = new NativeMethods.SESSION_INFO_10[]
{
new()
{
sesi10_username = "******",
sesi10_cname = "\\\\127.0.0.1"
}
};
mockNativeMethods.Setup(x => x.CallNetSessionEnum(It.IsAny <string>())).Returns(apiResult);
var expected = new Session[]
{
new()
{
ComputerSID = _computerSid,
UserSID = "S-1-5-21-3130019616-2776909439-2417379446-2116"
}
};
var processor = new ComputerSessionProcessor(new MockLDAPUtils(), "dfm", mockNativeMethods.Object);
var result = await processor.ReadUserSessions("win10", _computerSid, _computerDomain);
Assert.True(result.Collected);
Assert.Equal(expected, result.Results);
}
public async Task ComputerSessionProcessor_ReadUserSessions_FilteringWorks()
{
var mockNativeMethods = new Mock <NativeMethods>();
var apiResult = new NativeMethods.SESSION_INFO_10[]
{
new()
{
sesi10_username = "******",
sesi10_cname = "\\\\192.168.92.110"
},
new()
{
sesi10_cname = "",
sesi10_username = "******"
},
new()
{
sesi10_username = "******",
sesi10_cname = "\\\\192.168.92.110"
}
};
mockNativeMethods.Setup(x => x.CallNetSessionEnum(It.IsAny <string>())).Returns(apiResult);
var processor = new ComputerSessionProcessor(new MockLDAPUtils(), "dfm", mockNativeMethods.Object);
var result = await processor.ReadUserSessions("win10", _computerSid, _computerDomain);
Assert.True(result.Collected);
Assert.Empty(result.Results);
}
public async Task ComputerSessionProcessor_ReadUserSessions_MultipleMatches_AddsAll()
{
var mockNativeMethods = new Mock <NativeMethods>();
var apiResult = new NativeMethods.SESSION_INFO_10[]
{
new()
{
sesi10_username = "******",
sesi10_cname = "\\\\127.0.0.1"
}
};
mockNativeMethods.Setup(x => x.CallNetSessionEnum(It.IsAny <string>())).Returns(apiResult);
var expected = new Session[]
{
new()
{
ComputerSID = _computerSid,
UserSID = "S-1-5-21-3130019616-2776909439-2417379446-500"
},
new()
{
ComputerSID = _computerSid,
UserSID = "S-1-5-21-3084884204-958224920-2707782874-500"
}
};
var processor = new ComputerSessionProcessor(new MockLDAPUtils(), "dfm", mockNativeMethods.Object);
var result = await processor.ReadUserSessions("win10", _computerSid, _computerDomain);
Assert.True(result.Collected);
Assert.Equal(expected, result.Results);
}
public async Task ComputerSessionProcessor_ReadUserSessionsPrivileged_ComputerAccessDenied_ExceptionCaught()
{
var mockNativeMethods = new Mock <NativeMethods>();
//mockNativeMethods.Setup(x => x.CallSamConnect(ref It.Ref<NativeMethods.UNICODE_STRING>.IsAny, out It.Ref<IntPtr>.IsAny, It.IsAny<NativeMethods.SamAccessMasks>(), ref It.Ref<NativeMethods.OBJECT_ATTRIBUTES>.IsAny)).Returns(NativeMethods.NtStatus.StatusAccessDenied);
var ex = new APIException
{
Status = NativeMethods.NERR.ERROR_ACCESS_DENIED.ToString()
};
mockNativeMethods.Setup(x => x.CallNetWkstaUserEnum(It.IsAny <string>())).Throws(ex);
var processor = new ComputerSessionProcessor(new MockLDAPUtils(), "dfm", mockNativeMethods.Object);
var test = processor.ReadUserSessionsPrivileged("test", "test", "test");
Assert.False(test.Collected);
Assert.Equal(NativeMethods.NERR.ERROR_ACCESS_DENIED.ToString(), test.FailureReason);
}
public ObjectProcessors(IContext context, ILogger log)
{
_context = context;
_aclProcessor = new ACLProcessor(context.LDAPUtils);
_spnProcessor = new SPNProcessors(context.LDAPUtils);
_ldapPropertyProcessor = new LDAPPropertyProcessor(context.LDAPUtils);
_domainTrustProcessor = new DomainTrustProcessor(context.LDAPUtils);
_computerAvailability = new ComputerAvailability(context.PortScanTimeout, skipPortScan: context.Flags.SkipPortScan, skipPasswordCheck: context.Flags.SkipPasswordAgeCheck);
_computerSessionProcessor = new ComputerSessionProcessor(context.LDAPUtils);
_groupProcessor = new GroupProcessor(context.LDAPUtils);
_containerProcessor = new ContainerProcessor(context.LDAPUtils);
_gpoLocalGroupProcessor = new GPOLocalGroupProcessor(context.LDAPUtils);
_methods = context.ResolvedCollectionMethods;
_cancellationToken = context.CancellationTokenSource.Token;
_log = log;
}
public async Task ComputerSessionProcessor_ReadUserSessionsPrivileged_FilteringWorks()
{
var mockNativeMethods = new Mock <NativeMethods>();
const string samAccountName = "WIN10";
//This is a sample response from a computer in a test environment. The duplicates are intentional
var apiResults = new NativeMethods.WKSTA_USER_INFO_1[]
{
new()
{
wkui1_logon_domain = "TESTLAB",
wkui1_logon_server = "PRIMARY",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "PRIMARY",
wkui1_logon_server = "",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "",
wkui1_logon_server = "PRIMARY",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "TESTLAB",
wkui1_logon_server = "",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "TESTLAB",
wkui1_logon_server = "",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "TESTLAB",
wkui1_logon_server = "",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "TESTLAB",
wkui1_logon_server = "",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "WIN10",
wkui1_logon_server = "",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "NT AUTHORITY",
wkui1_logon_server = "",
wkui1_oth_domains = "",
wkui1_username = "******"
},
new()
{
wkui1_logon_domain = "TESTLAB",
wkui1_logon_server = "",
wkui1_oth_domains = "",
wkui1_username = "******"
}
};
mockNativeMethods.Setup(x => x.CallNetWkstaUserEnum(It.IsAny <string>())).Returns(apiResults);
var expected = new Session[]
{
new()
{
ComputerSID = _computerSid,
UserSID = "S-1-5-21-3130019616-2776909439-2417379446-1105"
},
new()
{
ComputerSID = _computerSid,
UserSID = "S-1-5-21-3130019616-2776909439-2417379446-500"
}
};
var processor = new ComputerSessionProcessor(new MockLDAPUtils(), nativeMethods: mockNativeMethods.Object);
var test = processor.ReadUserSessionsPrivileged("WIN10.TESTLAB.LOCAL", samAccountName, _computerSid);
Assert.True(test.Collected);
_testOutputHelper.WriteLine(JsonConvert.SerializeObject(test.Results));
Assert.Equal(2, test.Results.Length);
Assert.Equal(expected, test.Results);
}
}
}
