Skip to content

Commit

Permalink
Added doesanyacegrantownerrights object property
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mayyhem
Mayyhem committed Nov 12, 2024
1 parent 577bf92 commit 27bcd33
Showing 1 changed file with 27 additions and 13 deletions.
40 changes: 27 additions & 13 deletions src/Runtime/ObjectProcessors.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Configuration;
using System.Runtime.Remoting;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
Expand Down Expand Up @@ -131,8 +132,9 @@ private async Task<User> ProcessUserObject(IDirectoryObject entry,
ret.DomainSID = resolvedSearchResult.DomainSid;

if ((_methods & CollectionMethod.ACL) != 0) {
(var aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(var aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership);
ret.Aces = aces.Concat(await _aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)
.ToArrayAsync(cancellationToken: _cancellationToken)).ToArray();
Expand Down Expand Up @@ -188,8 +190,9 @@ private async Task<Computer> ProcessComputerObject(IDirectoryObject entry,
ret.DomainSID = resolvedSearchResult.DomainSid;

if ((_methods & CollectionMethod.ACL) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand Down Expand Up @@ -322,8 +325,9 @@ private async Task<Group> ProcessGroupObject(IDirectoryObject entry,
ret.Properties.Add("samaccountname", entry.GetProperty(LDAPProperties.SAMAccountName));

if ((_methods & CollectionMethod.ACL) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand Down Expand Up @@ -365,8 +369,9 @@ private async Task<Domain> ProcessDomainObject(IDirectoryObject entry,
ret.Properties = new Dictionary<string, object>(GetCommonProperties(entry, resolvedSearchResult));

if ((_methods & CollectionMethod.ACL) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
ret.InheritanceHashes = _aclProcessor.GetInheritedAceHashes(entry, resolvedSearchResult).ToArray();
Expand Down Expand Up @@ -404,8 +409,9 @@ private async Task<GPO> ProcessGPOObject(IDirectoryObject entry,
ret.Properties = new Dictionary<string, object>(GetCommonProperties(entry, resolvedSearchResult));

if ((_methods & CollectionMethod.ACL) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand All @@ -430,8 +436,9 @@ private async Task<OU> ProcessOUObject(IDirectoryObject entry,
ret.Properties = new Dictionary<string, object>(GetCommonProperties(entry, resolvedSearchResult));

if ((_methods & CollectionMethod.ACL) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
ret.InheritanceHashes = _aclProcessor.GetInheritedAceHashes(entry, resolvedSearchResult).ToArray();
Expand Down Expand Up @@ -477,8 +484,9 @@ private async Task<Container> ProcessContainerObject(IDirectoryObject entry,
}

if ((_methods & CollectionMethod.ACL) != 0 || (_methods & CollectionMethod.CertServices) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
ret.InheritanceHashes = _aclProcessor.GetInheritedAceHashes(entry, resolvedSearchResult).ToArray();
Expand Down Expand Up @@ -507,8 +515,9 @@ private async Task<RootCA> ProcessRootCA(IDirectoryObject entry, ResolvedSearchR


if ((_methods & CollectionMethod.ACL) != 0 || (_methods & CollectionMethod.CertServices) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand All @@ -535,8 +544,9 @@ private async Task<AIACA> ProcessAIACA(IDirectoryObject entry, ResolvedSearchRes
ret.Properties = new Dictionary<string, object>(GetCommonProperties(entry, resolvedSearchResult));

if ((_methods & CollectionMethod.ACL) != 0 || (_methods & CollectionMethod.CertServices) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand Down Expand Up @@ -564,8 +574,9 @@ private async Task<EnterpriseCA> ProcessEnterpriseCA(IDirectoryObject entry,
ret.Properties = new Dictionary<string, object>(GetCommonProperties(entry, resolvedSearchResult));

if ((_methods & CollectionMethod.ACL) != 0 || (_methods & CollectionMethod.CertServices) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand Down Expand Up @@ -643,8 +654,9 @@ private async Task<NTAuthStore> ProcessNTAuthStore(IDirectoryObject entry,
ret.Properties = new Dictionary<string, object>(GetCommonProperties(entry, resolvedSearchResult));

if ((_methods & CollectionMethod.ACL) != 0 || (_methods & CollectionMethod.CertServices) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand Down Expand Up @@ -679,8 +691,9 @@ private async Task<CertTemplate> ProcessCertTemplate(IDirectoryObject entry,
ret.Properties = new Dictionary<string, object>(GetCommonProperties(entry, resolvedSearchResult));

if ((_methods & CollectionMethod.ACL) != 0 || (_methods & CollectionMethod.CertServices) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand Down Expand Up @@ -708,8 +721,9 @@ private async Task<IssuancePolicy> ProcessIssuancePolicy(IDirectoryObject entry,
ret.Properties = new Dictionary<string, object>(GetCommonProperties(entry, resolvedSearchResult));

if ((_methods & CollectionMethod.ACL) != 0 || (_methods & CollectionMethod.CertServices) != 0) {
(ret.Aces, bool doesAnyAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
(ret.Aces, bool doesAnyAceGrantOwnerRights, bool doesAnyInheritedAceGrantOwnerRights) = await _aclProcessor.ProcessACL(resolvedSearchResult, entry, true);
ret.Properties.Add("doesanyacegrantownerrights", doesAnyAceGrantOwnerRights);
ret.Properties.Add("doesanyinheritedacegrantownerrights", doesAnyInheritedAceGrantOwnerRights);
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}
Expand Down

0 comments on commit 27bcd33

Please sign in to comment.