public async Task LDAPPropertyProcessor_ReadUserProperties_NullAdminCount()
{
var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal",
new Dictionary <string, object>
{
{ "description", "Test" },
{ "useraccountcontrol", "66048" },
{ "lastlogon", "132673011142753043" },
{ "lastlogontimestamp", "132670318095676525" },
{ "homedirectory", @"\\win10\testdir" },
{
"serviceprincipalname", new[]
{
"MSSQLSVC\\win10"
}
},
{
"sidhistory", new[]
{
Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==")
}
},
{ "pwdlastset", "132131667346106691" }
}, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User);
var processor = new LDAPPropertyProcessor(new MockLDAPUtils());
var test = await processor.ReadUserProperties(mock);
var props = test.Props;
var keys = props.Keys;
Assert.Contains("admincount", keys);
Assert.False((bool)props["admincount"]);
}
private async Task <User> ProcessUserObject(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult)
{
var ret = new User
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};
ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);
if ((_methods & ResolvedCollectionMethod.ACL) != 0)
{
var aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry);
var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership);
ret.Aces = aces.Concat(_aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
}
if ((_methods & ResolvedCollectionMethod.Group) != 0)
{
var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID);
ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId);
}
if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
var userProps = await _ldapPropertyProcessor.ReadUserProperties(entry);
ret.Properties = ContextUtils.Merge(ret.Properties, userProps.Props);
ret.HasSIDHistory = userProps.SidHistory;
ret.AllowedToDelegate = userProps.AllowedToDelegate;
}
if ((_methods & ResolvedCollectionMethod.SPNTargets) != 0)
{
var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames);
var targets = new List <SPNPrivilege>();
var enumerator = _spnProcessor.ReadSPNTargets(spn, entry.DistinguishedName)
.GetAsyncEnumerator(_cancellationToken);
while (await enumerator.MoveNextAsync())
{
targets.Add(enumerator.Current);
}
ret.SPNTargets = targets.ToArray();
}
return(ret);
}
public async Task LDAPPropertyProcessor_ReadUserProperties_TestBadPaths()
{
var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal",
new Dictionary <string, object>
{
{ "description", "Test" },
{ "useraccountcontrol", "abc" },
{ "lastlogon", "132673011142753043" },
{ "lastlogontimestamp", "132670318095676525" },
{ "homedirectory", @"\\win10\testdir" },
{
"serviceprincipalname", new[]
{
"MSSQLSVC/win10"
}
},
{ "admincount", "c" },
{
"sidhistory", new[]
{
Array.Empty <byte>()
}
},
{ "pwdlastset", "132131667346106691" }
}, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User);
var processor = new LDAPPropertyProcessor(new MockLDAPUtils());
var test = await processor.ReadUserProperties(mock);
var props = test.Props;
var keys = props.Keys;
Assert.Contains("sidhistory", keys);
Assert.Empty(props["sidhistory"] as string[]);
Assert.Contains("admincount", keys);
Assert.False((bool)props["admincount"]);
Assert.Contains("sensitive", keys);
Assert.Contains("dontreqpreauth", keys);
Assert.Contains("passwordnotreqd", keys);
Assert.Contains("unconstraineddelegation", keys);
Assert.Contains("pwdneverexpires", keys);
Assert.Contains("enabled", keys);
Assert.Contains("trustedtoauth", keys);
Assert.False((bool)props["trustedtoauth"]);
Assert.False((bool)props["sensitive"]);
Assert.False((bool)props["dontreqpreauth"]);
Assert.False((bool)props["passwordnotreqd"]);
Assert.False((bool)props["unconstraineddelegation"]);
Assert.False((bool)props["pwdneverexpires"]);
Assert.True((bool)props["enabled"]);
}
public async Task LDAPPropertyProcessor_ReadUserProperties_HappyPath()
{
var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal",
new Dictionary <string, object>
{
{ "description", "Test" },
{ "useraccountcontrol", "66048" },
{ "lastlogon", "132673011142753043" },
{ "lastlogontimestamp", "132670318095676525" },
{ "homedirectory", @"\\win10\testdir" },
{
"serviceprincipalname", new[]
{
"MSSQLSVC/win10"
}
},
{ "admincount", "1" },
{
"sidhistory", new[]
{
Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==")
}
},
{ "pwdlastset", "132131667346106691" }
}, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User);
var processor = new LDAPPropertyProcessor(new MockLDAPUtils());
var test = await processor.ReadUserProperties(mock);
var props = test.Props;
var keys = props.Keys;
//Random Stuff
Assert.Contains("description", keys);
Assert.Equal("Test", props["description"] as string);
Assert.Contains("admincount", keys);
Assert.True((bool)props["admincount"]);
Assert.Contains("lastlogon", keys);
Assert.Equal(1622827514, (long)props["lastlogon"]);
Assert.Contains("lastlogontimestamp", keys);
Assert.Equal(1622558209, (long)props["lastlogontimestamp"]);
Assert.Contains("pwdlastset", keys);
Assert.Equal(1568693134, (long)props["pwdlastset"]);
Assert.Contains("homedirectory", keys);
Assert.Equal(@"\\win10\testdir", props["homedirectory"] as string);
//UAC stuff
Assert.Contains("sensitive", keys);
Assert.False((bool)props["sensitive"]);
Assert.Contains("dontreqpreauth", keys);
Assert.False((bool)props["dontreqpreauth"]);
Assert.Contains("passwordnotreqd", keys);
Assert.False((bool)props["passwordnotreqd"]);
Assert.Contains("unconstraineddelegation", keys);
Assert.False((bool)props["unconstraineddelegation"]);
Assert.Contains("enabled", keys);
Assert.True((bool)props["enabled"]);
Assert.Contains("trustedtoauth", keys);
Assert.False((bool)props["trustedtoauth"]);
//SPN
Assert.Contains("hasspn", keys);
Assert.True((bool)props["hasspn"]);
Assert.Contains("serviceprincipalnames", keys);
Assert.Contains("MSSQLSVC/win10", props["serviceprincipalnames"] as string[]);
//SidHistory
Assert.Contains("sidhistory", keys);
var sh = props["sidhistory"] as string[];
Assert.Single(sh);
Assert.Contains("S-1-5-21-3130019616-2776909439-2417379446-1105", sh);
Assert.Single(test.SidHistory);
Assert.Contains(new TypedPrincipal
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1105",
ObjectType = Label.User
}, test.SidHistory);
}
public async Task LDAPPropertyProcessor_ReadUserProperties_TestTrustedToAuth()
{
var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal",
new Dictionary <string, object>
{
{ "description", "Test" },
{ "useraccountcontrol", 0x1000000.ToString() },
{ "lastlogon", "132673011142753043" },
{ "lastlogontimestamp", "132670318095676525" },
{ "homedirectory", @"\\win10\testdir" },
{
"serviceprincipalname", new[]
{
"MSSQLSVC\\win10"
}
},
{ "admincount", "1" },
{
"sidhistory", new[]
{
Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==")
}
},
{ "pwdlastset", "132131667346106691" },
{
"msds-allowedtodelegateto", new[]
{
"host/primary",
"rdpman/win10"
}
}
}, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User);
var processor = new LDAPPropertyProcessor(new MockLDAPUtils());
var test = await processor.ReadUserProperties(mock);
var props = test.Props;
var keys = props.Keys;
Assert.Contains("allowedtodelegate", keys);
var atd = props["allowedtodelegate"] as string[];
Assert.Equal(2, atd.Length);
Assert.Contains("host/primary", atd);
Assert.Contains("rdpman/win10", atd);
var atdr = test.AllowedToDelegate;
Assert.Equal(2, atdr.Length);
var expected = new TypedPrincipal[]
{
new()
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1001",
ObjectType = Label.Computer
},
new()
{
ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1104",
ObjectType = Label.Computer
}
};
Assert.Equal(expected, atdr);
}
