public IList <SecurityDescriptorTarget> GetMatchingTargetsForComputer(IComputer computer, IEnumerable <SecurityDescriptorTarget> targets)
{
List <SecurityDescriptorTarget> matchingTargets = new List <SecurityDescriptorTarget>();
Lazy <List <SecurityIdentifier> > computerTokenSids = new Lazy <List <SecurityIdentifier> >(() => this.directory.GetTokenGroups(computer, computer.Sid.AccountDomainSid).ToList());
Lazy <List <Guid> > computerParents = new Lazy <List <Guid> >(() => computer.GetParentGuids().ToList());
foreach (var target in targets.OrderBy(t => (int)t.Type).ThenByDescending(this.targetDataProvider.GetSortOrder))
{
TargetData targetData = this.targetDataProvider.GetTargetData(target);
try
{
if (target.IsInactive())
{
continue;
}
if (target.Type == TargetType.Container)
{
if (computerParents.Value.Any(t => t == targetData.ContainerGuid))
{
this.logger.LogTrace($"Matched {computer.MsDsPrincipalName} to target OU {target.Target}");
matchingTargets.Add(target);
}
}
else if (target.Type == TargetType.Computer)
{
if (targetData.Sid == computer.Sid)
{
this.logger.LogTrace($"Matched {computer.MsDsPrincipalName} to target {target.Id}");
matchingTargets.Add(target);
}
}
else
{
if (this.directory.IsSidInPrincipalToken(targetData.Sid, computerTokenSids.Value))
{
this.logger.LogTrace($"Matched {computer.MsDsPrincipalName} to target {target.Id}");
matchingTargets.Add(target);
}
}
}
catch (Exception ex)
{
this.logger.LogError(EventIDs.TargetRuleProcessingError, ex, $"An error occurred processing the target {target.Id}:{target.Type}:{target.Target}");
}
}
return(matchingTargets);
}
public TargetData GetTargetData(SecurityDescriptorTarget target)
{
var item = this.targetDataCache.Get <TargetData>(target.Id);
if (item == null || item.Target != target.Target)
{
item = new TargetData()
{
ContainerGuid = this.GetContainerGuid(target),
Target = target.Target,
Sid = this.GetSid(target),
SortOrder = this.GetSortOrderInternal(target)
};
}
this.targetDataCache.Set(target.Id, item);
return(item);
}
