/// <summary>
        ///     Finds all immediate child objects of a container.
        /// </summary>
        /// <param name="distinguishedName"></param>
        /// <param name="containerName"></param>
        /// <returns></returns>
        public IEnumerable <TypedPrincipal> GetContainerChildObjects(string distinguishedName, string containerName = "")
        {
            var filter = new LDAPFilter().AddComputers().AddUsers().AddGroups().AddOUs().AddContainers();

            foreach (var childEntry in _utils.QueryLDAP(filter.GetFilter(), SearchScope.OneLevel,
                                                        CommonProperties.ObjectID, Helpers.DistinguishedNameToDomain(distinguishedName),
                                                        adsPath: distinguishedName))
            {
                var dn = childEntry.DistinguishedName;
                if (IsDistinguishedNameFiltered(dn))
                {
                    _log.LogTrace("Skipping filtered child {Child} for {Container}", dn, containerName);
                    continue;
                }

                var id = childEntry.GetObjectIdentifier();
                if (id == null)
                {
                    _log.LogTrace("Got null ID for {ChildDN} under {Container}", childEntry.DistinguishedName,
                                  containerName);
                    continue;
                }

                var res = _utils.ResolveIDAndType(id, Helpers.DistinguishedNameToDomain(dn));
                if (res == null)
                {
                    _log.LogTrace("Failed to resolve principal for {ID}", id);
                    continue;
                }

                yield return(res);
            }
        }
Exemplo n.º 2
0
        /// <summary>
        ///     Processes domain trusts for a domain object
        /// </summary>
        /// <param name="domain"></param>
        /// <returns></returns>
        public IEnumerable <DomainTrust> EnumerateDomainTrusts(string domain)
        {
            var query = CommonFilters.TrustedDomains;

            foreach (var result in _utils.QueryLDAP(query, SearchScope.Subtree, CommonProperties.DomainTrustProps,
                                                    domain))
            {
                var trust          = new DomainTrust();
                var targetSidBytes = result.GetByteProperty(LDAPProperties.SecurityIdentifier);
                if (targetSidBytes == null || targetSidBytes.Length == 0)
                {
                    _log.LogTrace("Trust sid is null or empty for target: {Domain}", domain);
                    continue;
                }

                string sid;
                try
                {
                    sid = new SecurityIdentifier(targetSidBytes, 0).Value;
                }
                catch
                {
                    _log.LogTrace("Failed to convert bytes to SID for target: {Domain}", domain);
                    continue;
                }

                trust.TargetDomainSid = sid;

                if (int.TryParse(result.GetProperty(LDAPProperties.TrustDirection), out var td))
                {
                    trust.TrustDirection = (TrustDirection)td;
                }
                else
                {
                    _log.LogTrace("Failed to convert trustdirection for target: {Domain}", domain);
                    continue;
                }


                TrustAttributes attributes;

                if (int.TryParse(result.GetProperty(LDAPProperties.TrustAttributes), out var ta))
                {
                    attributes = (TrustAttributes)ta;
                }
                else
                {
                    _log.LogTrace("Failed to convert trustattributes for target: {Domain}", domain);
                    continue;
                }

                trust.IsTransitive = (attributes & TrustAttributes.NonTransitive) == 0;
                var name = result.GetProperty(LDAPProperties.CanonicalName)?.ToUpper();
                if (name != null)
                {
                    trust.TargetDomainName = name;
                }

                trust.SidFilteringEnabled = (attributes & TrustAttributes.FilterSids) != 0;
                trust.TrustType           = TrustAttributesToType(attributes);

                yield return(trust);
            }
        }