Exemplo n.º 1
0
        public DPAPIBackupKey(DirectoryObject dsObject, DirectorySecretDecryptor pek)
        {
            // Parameter validation
            Validator.AssertNotNull(dsObject, "dsObject");
            Validator.AssertNotNull(pek, "pek");
            // TODO: Test Object type

            // Decrypt the secret value
            byte[] encryptedSecret;
            dsObject.ReadAttribute(CommonDirectoryAttributes.CurrentValue, out encryptedSecret);
            this.RawKeyData = pek.DecryptSecret(encryptedSecret);

            // Parse DN to get key ID or pointer type:
            this.DistinguishedName = dsObject.DistinguishedName;
            var keyName = GetSecretNameFromDN(this.DistinguishedName);

            switch(keyName)
            {
                case null:
                    // We could not parse the DN, so exit with Unknown as the key type
                    this.Type = DPAPIBackupKeyType.Unknown;
                    break;
                case PreferredRSAKeyPointerName:
                    this.Type = DPAPIBackupKeyType.PreferredRSAKeyPointer;
                    // Interpret the raw data as Guid
                    this.KeyId = new Guid(this.RawKeyData);
                    break;
                case PreferredLegacyKeyPointerName:
                    this.Type = DPAPIBackupKeyType.PreferredLegacyKeyPointer;
                    // Interpret the raw data as Guid
                    this.KeyId = new Guid(this.RawKeyData);
                    break;
                default:
                    // Actual Key, so we parse its Guid and version
                    this.KeyId = Guid.Parse(keyName);
                    int version = BitConverter.ToInt32(this.RawKeyData, KeyVersionOffset);
                    switch(version)
                    {
                        case 1:
                            this.Type = DPAPIBackupKeyType.LegacyKey;
                            // Cut the version out of the data
                            this.RawKeyData = this.RawKeyData.Cut(KeyVersionSize);
                            break;
                        case 2:
                            this.Type = DPAPIBackupKeyType.RSAKey;
                            // Combine the certificate and key into PFX and replace the original decrypted data
                            this.RawKeyData = ConvertRSASecretToPFX(this.RawKeyData);
                            break;
                    }
                    break;
            }
        }
Exemplo n.º 2
0
        public DSAccount(DirectoryObject dsObject, DirectorySecretDecryptor pek)
        {
            // Parameter validation
            Validator.AssertNotNull(dsObject, "dsObject");
            if(!dsObject.IsAccount)
            {
                // TODO: Exteption type
                throw new Exception("Not an account.");
            }

            // Guid:
            this.Guid = dsObject.Guid;

            // DN:
            this.DistinguishedName = dsObject.DistinguishedName;
            
            // Sid:
            this.Sid = dsObject.Sid;

            // SidHistory:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out this.sidHistory);

            // DisplayName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out this.displayName);

            // Description
            dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out this.description);

            // GivenName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out this.givenName);

            // Surname:
            dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out this.surname);

            // Enabled:
            // TODO: Move to DirectoryObject?
            int? numericUac;
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out numericUac);
            UserAccountControl uac = (UserAccountControl)numericUac.Value;
            this.Enabled = !uac.HasFlag(UserAccountControl.Disabled);

            // Deleted:
            dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out this.isDeleted);
            
            // LastLogon:
            dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out this.lastLogon);

            // UPN:
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out this.upn);

            // SamAccountName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out this.samAccountName);

            // SamAccountType:
            // TODO: Move to DirectoryObject?
            int? numericAccountType;
            dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out numericAccountType);
            this.SamAccountType = (SamAccountType)numericAccountType.Value;

            // PrimaryGroupId
            int? groupId;
            dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out groupId);
            this.PrimaryGroupId = groupId.Value;

            if(pek == null)
            {
                // Do not continue if we do not have a decryption key
                return;
            }
            // NTHash:
            byte[] encryptedNtHash;
            dsObject.ReadAttribute(CommonDirectoryAttributes.NTHash, out encryptedNtHash);
            if(encryptedNtHash != null)
            {
                this.NTHash = pek.DecryptHash(encryptedNtHash, this.Sid.GetRid());
            }

            // LMHash
            byte[] encryptedLmHash;
            dsObject.ReadAttribute(CommonDirectoryAttributes.LMHash, out encryptedLmHash);
            if (encryptedLmHash != null)
            {
                this.LMHash = pek.DecryptHash(encryptedLmHash, this.Sid.GetRid());
            }

            // NTHashHistory:
            byte[] encryptedNtHashHistory;
            dsObject.ReadAttribute(CommonDirectoryAttributes.NTHashHistory, out encryptedNtHashHistory);
            if (encryptedNtHashHistory != null)
            {
                this.NTHashHistory = pek.DecryptHashHistory(encryptedNtHashHistory, this.Sid.GetRid());
            }

            // LMHashHistory:
            byte[] encryptedLmHashHistory;
            dsObject.ReadAttribute(CommonDirectoryAttributes.LMHashHistory, out encryptedLmHashHistory);
            if (encryptedLmHashHistory != null)
            {
                this.LMHashHistory = pek.DecryptHashHistory(encryptedLmHashHistory, this.Sid.GetRid());
            }

            // SupplementalCredentials:
            byte[] encryptedSupplementalCredentials;
            dsObject.ReadAttribute(CommonDirectoryAttributes.SupplementalCredentials, out encryptedSupplementalCredentials);
            if (encryptedSupplementalCredentials != null)
            {
                byte[] binarySupplementalCredentials = pek.DecryptSecret(encryptedSupplementalCredentials);
                this.SupplementalCredentials = new SupplementalCredentials(binarySupplementalCredentials);
            }

        }