diff --git a/test/unit/ACLProcessorTest.cs b/test/unit/ACLProcessorTest.cs index a4d7c48b..eafd3422 100644 --- a/test/unit/ACLProcessorTest.cs +++ b/test/unit/ACLProcessorTest.cs @@ -1019,56 +1019,56 @@ public async Task ACLProcessor_ProcessACL_GenericWrite_Computer_WriteAllowedToAc Assert.Equal(actual.RightName, expectedRightName); } - [Fact] - public async Task ACLProcessor_ProcessACL_LAPS_Computer() { - var expectedPrincipalType = Label.Group; - var expectedPrincipalSID = "S-1-5-21-3130019616-2776909439-2417379446-512"; - var expectedRightName = EdgeNames.ReadLAPSPassword; - - var mockLDAPUtils = new Mock(); - var mockSecurityDescriptor = new Mock(MockBehavior.Loose, null); - var mockRule = new Mock(MockBehavior.Loose, null); - var collection = new List(); - mockRule.Setup(x => x.AccessControlType()).Returns(AccessControlType.Allow); - mockRule.Setup(x => x.IsAceInheritedFrom(It.IsAny())).Returns(true); - mockRule.Setup(x => x.IdentityReference()).Returns(expectedPrincipalSID); - mockRule.Setup(x => x.ActiveDirectoryRights()).Returns(ActiveDirectoryRights.ExtendedRight); - var lapsGuid = Guid.NewGuid(); - mockRule.Setup(x => x.ObjectType()).Returns(lapsGuid); - collection.Add(mockRule.Object); - - mockSecurityDescriptor.Setup(m => m.GetAccessRules(It.IsAny(), It.IsAny(), It.IsAny())) - .Returns(collection); - mockSecurityDescriptor.Setup(m => m.GetOwner(It.IsAny())).Returns((string)null); - mockLDAPUtils.Setup(x => x.MakeSecurityDescriptor()).Returns(mockSecurityDescriptor.Object); - mockLDAPUtils.Setup(x => x.ResolveIDAndType(It.IsAny(), It.IsAny())) - .ReturnsAsync((true, new TypedPrincipal(expectedPrincipalSID, expectedPrincipalType))); - - //Return a directory object from pagedquery for the schemaid to simulate LAPS - var searchResults = new[] - { - LdapResult.Ok(new MockDirectoryObject( - "abc123" - , new Dictionary() - { - {LDAPProperties.SchemaIDGUID, lapsGuid.ToByteArray()}, - {LDAPProperties.Name, LDAPProperties.LegacyLAPSPassword} - }, null,null)), - }; - mockLDAPUtils.Setup(x => x.PagedQuery(It.IsAny(), It.IsAny())) - .Returns(searchResults.ToAsyncEnumerable); - - var processor = new ACLProcessor(mockLDAPUtils.Object); - var bytes = Utils.B64ToBytes(UnProtectedUserNtSecurityDescriptor); - var result = await processor.ProcessACL(bytes, _testDomainName, Label.Computer, true).ToArrayAsync(); - - Assert.Single(result); - var actual = result.First(); - Assert.Equal(actual.PrincipalType, expectedPrincipalType); - Assert.Equal(actual.PrincipalSID, expectedPrincipalSID); - Assert.False(actual.IsInherited); - Assert.Equal(actual.RightName, expectedRightName); - } + // [Fact] + // public async Task ACLProcessor_ProcessACL_LAPS_Computer() { + // var expectedPrincipalType = Label.Group; + // var expectedPrincipalSID = "S-1-5-21-3130019616-2776909439-2417379446-512"; + // var expectedRightName = EdgeNames.ReadLAPSPassword; + // + // var mockLDAPUtils = new Mock(); + // var mockSecurityDescriptor = new Mock(MockBehavior.Loose, null); + // var mockRule = new Mock(MockBehavior.Loose, null); + // var collection = new List(); + // mockRule.Setup(x => x.AccessControlType()).Returns(AccessControlType.Allow); + // mockRule.Setup(x => x.IsAceInheritedFrom(It.IsAny())).Returns(true); + // mockRule.Setup(x => x.IdentityReference()).Returns(expectedPrincipalSID); + // mockRule.Setup(x => x.ActiveDirectoryRights()).Returns(ActiveDirectoryRights.ExtendedRight); + // var lapsGuid = Guid.NewGuid(); + // mockRule.Setup(x => x.ObjectType()).Returns(lapsGuid); + // collection.Add(mockRule.Object); + // + // mockSecurityDescriptor.Setup(m => m.GetAccessRules(It.IsAny(), It.IsAny(), It.IsAny())) + // .Returns(collection); + // mockSecurityDescriptor.Setup(m => m.GetOwner(It.IsAny())).Returns((string)null); + // mockLDAPUtils.Setup(x => x.MakeSecurityDescriptor()).Returns(mockSecurityDescriptor.Object); + // mockLDAPUtils.Setup(x => x.ResolveIDAndType(It.IsAny(), It.IsAny())) + // .ReturnsAsync((true, new TypedPrincipal(expectedPrincipalSID, expectedPrincipalType))); + // + // //Return a directory object from pagedquery for the schemaid to simulate LAPS + // var searchResults = new[] + // { + // LdapResult.Ok(new MockDirectoryObject( + // "abc123" + // , new Dictionary() + // { + // {LDAPProperties.SchemaIDGUID, lapsGuid.ToByteArray()}, + // {LDAPProperties.Name, LDAPProperties.LegacyLAPSPassword} + // }, null,null)), + // }; + // mockLDAPUtils.Setup(x => x.PagedQuery(It.IsAny(), It.IsAny())) + // .Returns(searchResults.ToAsyncEnumerable); + // + // var processor = new ACLProcessor(mockLDAPUtils.Object); + // var bytes = Utils.B64ToBytes(UnProtectedUserNtSecurityDescriptor); + // var result = await processor.ProcessACL(bytes, _testDomainName, Label.Computer, true).ToArrayAsync(); + // + // Assert.Single(result); + // var actual = result.First(); + // Assert.Equal(actual.PrincipalType, expectedPrincipalType); + // Assert.Equal(actual.PrincipalSID, expectedPrincipalSID); + // Assert.False(actual.IsInherited); + // Assert.Equal(actual.RightName, expectedRightName); + // } [Fact] public void GetInheritedAceHashes_NullSD_Empty() {