public async Task LDAPPropertyProcessor_ReadUserProperties_NullAdminCount() { var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal", new Dictionary <string, object> { { "description", "Test" }, { "useraccountcontrol", "66048" }, { "lastlogon", "132673011142753043" }, { "lastlogontimestamp", "132670318095676525" }, { "homedirectory", @"\\win10\testdir" }, { "serviceprincipalname", new[] { "MSSQLSVC\\win10" } }, { "sidhistory", new[] { Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==") } }, { "pwdlastset", "132131667346106691" } }, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User); var processor = new LDAPPropertyProcessor(new MockLDAPUtils()); var test = await processor.ReadUserProperties(mock); var props = test.Props; var keys = props.Keys; Assert.Contains("admincount", keys); Assert.False((bool)props["admincount"]); }
private async Task <User> ProcessUserObject(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult) { var ret = new User { ObjectIdentifier = resolvedSearchResult.ObjectId }; ret.Properties.Add("domain", resolvedSearchResult.Domain); ret.Properties.Add("name", resolvedSearchResult.DisplayName); ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper()); ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid); if ((_methods & ResolvedCollectionMethod.ACL) != 0) { var aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry); var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership); ret.Aces = aces.Concat(_aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)).ToArray(); ret.IsACLProtected = _aclProcessor.IsACLProtected(entry); } if ((_methods & ResolvedCollectionMethod.Group) != 0) { var pg = entry.GetProperty(LDAPProperties.PrimaryGroupID); ret.PrimaryGroupSID = GroupProcessor.GetPrimaryGroupInfo(pg, resolvedSearchResult.ObjectId); } if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0) { var userProps = await _ldapPropertyProcessor.ReadUserProperties(entry); ret.Properties = ContextUtils.Merge(ret.Properties, userProps.Props); ret.HasSIDHistory = userProps.SidHistory; ret.AllowedToDelegate = userProps.AllowedToDelegate; } if ((_methods & ResolvedCollectionMethod.SPNTargets) != 0) { var spn = entry.GetArrayProperty(LDAPProperties.ServicePrincipalNames); var targets = new List <SPNPrivilege>(); var enumerator = _spnProcessor.ReadSPNTargets(spn, entry.DistinguishedName) .GetAsyncEnumerator(_cancellationToken); while (await enumerator.MoveNextAsync()) { targets.Add(enumerator.Current); } ret.SPNTargets = targets.ToArray(); } return(ret); }
public async Task LDAPPropertyProcessor_ReadUserProperties_TestBadPaths() { var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal", new Dictionary <string, object> { { "description", "Test" }, { "useraccountcontrol", "abc" }, { "lastlogon", "132673011142753043" }, { "lastlogontimestamp", "132670318095676525" }, { "homedirectory", @"\\win10\testdir" }, { "serviceprincipalname", new[] { "MSSQLSVC/win10" } }, { "admincount", "c" }, { "sidhistory", new[] { Array.Empty <byte>() } }, { "pwdlastset", "132131667346106691" } }, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User); var processor = new LDAPPropertyProcessor(new MockLDAPUtils()); var test = await processor.ReadUserProperties(mock); var props = test.Props; var keys = props.Keys; Assert.Contains("sidhistory", keys); Assert.Empty(props["sidhistory"] as string[]); Assert.Contains("admincount", keys); Assert.False((bool)props["admincount"]); Assert.Contains("sensitive", keys); Assert.Contains("dontreqpreauth", keys); Assert.Contains("passwordnotreqd", keys); Assert.Contains("unconstraineddelegation", keys); Assert.Contains("pwdneverexpires", keys); Assert.Contains("enabled", keys); Assert.Contains("trustedtoauth", keys); Assert.False((bool)props["trustedtoauth"]); Assert.False((bool)props["sensitive"]); Assert.False((bool)props["dontreqpreauth"]); Assert.False((bool)props["passwordnotreqd"]); Assert.False((bool)props["unconstraineddelegation"]); Assert.False((bool)props["pwdneverexpires"]); Assert.True((bool)props["enabled"]); }
public async Task LDAPPropertyProcessor_ReadUserProperties_HappyPath() { var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal", new Dictionary <string, object> { { "description", "Test" }, { "useraccountcontrol", "66048" }, { "lastlogon", "132673011142753043" }, { "lastlogontimestamp", "132670318095676525" }, { "homedirectory", @"\\win10\testdir" }, { "serviceprincipalname", new[] { "MSSQLSVC/win10" } }, { "admincount", "1" }, { "sidhistory", new[] { Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==") } }, { "pwdlastset", "132131667346106691" } }, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User); var processor = new LDAPPropertyProcessor(new MockLDAPUtils()); var test = await processor.ReadUserProperties(mock); var props = test.Props; var keys = props.Keys; //Random Stuff Assert.Contains("description", keys); Assert.Equal("Test", props["description"] as string); Assert.Contains("admincount", keys); Assert.True((bool)props["admincount"]); Assert.Contains("lastlogon", keys); Assert.Equal(1622827514, (long)props["lastlogon"]); Assert.Contains("lastlogontimestamp", keys); Assert.Equal(1622558209, (long)props["lastlogontimestamp"]); Assert.Contains("pwdlastset", keys); Assert.Equal(1568693134, (long)props["pwdlastset"]); Assert.Contains("homedirectory", keys); Assert.Equal(@"\\win10\testdir", props["homedirectory"] as string); //UAC stuff Assert.Contains("sensitive", keys); Assert.False((bool)props["sensitive"]); Assert.Contains("dontreqpreauth", keys); Assert.False((bool)props["dontreqpreauth"]); Assert.Contains("passwordnotreqd", keys); Assert.False((bool)props["passwordnotreqd"]); Assert.Contains("unconstraineddelegation", keys); Assert.False((bool)props["unconstraineddelegation"]); Assert.Contains("enabled", keys); Assert.True((bool)props["enabled"]); Assert.Contains("trustedtoauth", keys); Assert.False((bool)props["trustedtoauth"]); //SPN Assert.Contains("hasspn", keys); Assert.True((bool)props["hasspn"]); Assert.Contains("serviceprincipalnames", keys); Assert.Contains("MSSQLSVC/win10", props["serviceprincipalnames"] as string[]); //SidHistory Assert.Contains("sidhistory", keys); var sh = props["sidhistory"] as string[]; Assert.Single(sh); Assert.Contains("S-1-5-21-3130019616-2776909439-2417379446-1105", sh); Assert.Single(test.SidHistory); Assert.Contains(new TypedPrincipal { ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1105", ObjectType = Label.User }, test.SidHistory); }
public async Task LDAPPropertyProcessor_ReadUserProperties_TestTrustedToAuth() { var mock = new MockSearchResultEntry("CN\u003ddfm,CN\u003dUsers,DC\u003dtestlab,DC\u003dlocal", new Dictionary <string, object> { { "description", "Test" }, { "useraccountcontrol", 0x1000000.ToString() }, { "lastlogon", "132673011142753043" }, { "lastlogontimestamp", "132670318095676525" }, { "homedirectory", @"\\win10\testdir" }, { "serviceprincipalname", new[] { "MSSQLSVC\\win10" } }, { "admincount", "1" }, { "sidhistory", new[] { Helpers.B64ToBytes("AQUAAAAAAAUVAAAAIE+Qun9GhKV2SBaQUQQAAA==") } }, { "pwdlastset", "132131667346106691" }, { "msds-allowedtodelegateto", new[] { "host/primary", "rdpman/win10" } } }, "S-1-5-21-3130019616-2776909439-2417379446-1101", Label.User); var processor = new LDAPPropertyProcessor(new MockLDAPUtils()); var test = await processor.ReadUserProperties(mock); var props = test.Props; var keys = props.Keys; Assert.Contains("allowedtodelegate", keys); var atd = props["allowedtodelegate"] as string[]; Assert.Equal(2, atd.Length); Assert.Contains("host/primary", atd); Assert.Contains("rdpman/win10", atd); var atdr = test.AllowedToDelegate; Assert.Equal(2, atdr.Length); var expected = new TypedPrincipal[] { new() { ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1001", ObjectType = Label.Computer }, new() { ObjectIdentifier = "S-1-5-21-3130019616-2776909439-2417379446-1104", ObjectType = Label.Computer } }; Assert.Equal(expected, atdr); }