< Summary

Class:	SharpHoundCommonLib.Processors.LocalGroupProcessor
Assembly:	SharpHoundCommonLib
File(s):	D:\a\SharpHoundCommon\SharpHoundCommon\src\CommonLib\Processors\LocalGroupProcessor.cs
Covered lines:	145
Uncovered lines:	114
Coverable lines:	259
Total lines:	387
Line coverage:	55.9% (145 of 259)
Covered branches:	95
Total branches:	149
Branch coverage:	63.7% (95 of 149)

Metrics

Method	Branch coverage	Cyclomatic complexity	Sequence coverage
.ctor(...)	100%	2	100%
OpenSamServer(...)	0%	2	0%
GetLocalGroups(...)	100%	1	0%
GetLocalGroups()	66.38%	119	51.85%
ResolveDomainControllerPrincipal(...)	100%	2	100%
ConvertLocalWellKnownPrincipal(...)	58.33%	12	76.19%
ResolveGroupName(...)	50%	8	69.23%
SendComputerStatus()	25%	4	100%

File(s)

D:\a\SharpHoundCommon\SharpHoundCommon\src\CommonLib\Processors\LocalGroupProcessor.cs

#	Line	Line coverage
	`1`	`using System;`
	`2`	`using System.Collections.Concurrent;`
	`3`	`using System.Collections.Generic;`
	`4`	`using System.Security.Principal;`
	`5`	`using System.Threading.Tasks;`
	`6`	`using Microsoft.Extensions.Logging;`
	`7`	`using SharpHoundCommonLib.Enums;`
	`8`	`using SharpHoundCommonLib.OutputTypes;`
	`9`	`using SharpHoundRPC;`
	`10`	`using SharpHoundRPC.Shared;`
	`11`	`using SharpHoundRPC.Wrappers;`
	`12`
	`13`	`namespace SharpHoundCommonLib.Processors`
	`14`	`{`
	`15`	`public class LocalGroupProcessor`
	`16`	`{`
	`17`	`public delegate Task ComputerStatusDelegate(CSVComputerStatus status);`
	`18`	`private readonly ILogger _log;`
	`19`	`private readonly ILDAPUtils _utils;`
	`20`
4	`21`	`public LocalGroupProcessor(ILDAPUtils utils, ILogger log = null)`
4	`22`	`{`
4	`23`	`_utils = utils;`
4	`24`	`_log = log ?? Logging.LogProvider.CreateLogger("LocalGroupProcessor");`
4	`25`	`}`
	`26`
	`27`	`public event ComputerStatusDelegate ComputerStatusEvent;`
	`28`
	`29`	`public virtual Result<ISAMServer> OpenSamServer(string computerName)`
0	`30`	`{`
0	`31`	`var result = SAMServer.OpenServer(computerName);`
0	`32`	`if (result.IsFailed)`
0	`33`	`{`
0	`34`	`return Result<ISAMServer>.Fail(result.SError);`
	`35`	`}`
	`36`
0	`37`	`return Result<ISAMServer>.Ok(result.Value);`
0	`38`	`}`
	`39`
	`40`	`public IAsyncEnumerable<LocalGroupAPIResult> GetLocalGroups(ResolvedSearchResult result)`
0	`41`	`{`
0	`42`	`return GetLocalGroups(result.DisplayName, result.ObjectId, result.Domain, result.IsDomainController);`
0	`43`	`}`
	`44`
	`45`	`/// <summary>`
	`46`	`/// Gets local groups from a computer`
	`47`	`/// </summary>`
	`48`	`/// <param name="computerName"></param>`
	`49`	`/// <param name="computerObjectId">The objectsid of the computer in the domain</param>`
	`50`	`/// <param name="computerDomain">The domain the computer belongs too</param>`
	`51`	`/// <param name="isDomainController">Is the computer a domain controller</param>`
	`52`	`/// <returns></returns>`
	`53`	`public async IAsyncEnumerable<LocalGroupAPIResult> GetLocalGroups(string computerName, string computerObjectId,`
	`54`	`string computerDomain, bool isDomainController)`
2	`55`	`{`
	`56`	`//Open a handle to the server`
2	`57`	`var openServerResult = OpenSamServer(computerName);`
2	`58`	`if (openServerResult.IsFailed)`
0	`59`	`{`
0	`60`	`_log.LogTrace("OpenServer failed on {ComputerName}: {Error}", computerName, openServerResult.SError);`
0	`61`	`await SendComputerStatus(new CSVComputerStatus`
0	`62`	`{`
0	`63`	`Task = "SamConnect",`
0	`64`	`ComputerName = computerName,`
0	`65`	`Status = openServerResult.SError`
0	`66`	`});`
0	`67`	`yield break;`
	`68`	`}`
	`69`
2	`70`	`var server = openServerResult.Value;`
2	`71`	`var typeCache = new ConcurrentDictionary<string, CachedLocalItem>();`
	`72`
	`73`	`//Try to get the machine sid for the computer if its not already cached`
	`74`	`SecurityIdentifier machineSid;`
2	`75`	`if (!Cache.GetMachineSid(computerObjectId, out var tempMachineSid))`
2	`76`	`{`
2	`77`	`var getMachineSidResult = server.GetMachineSid();`
2	`78`	`if (getMachineSidResult.IsFailed)`
0	`79`	`{`
0	`80`	`_log.LogTrace("GetMachineSid failed on {ComputerName}: {Error}", computerName, getMachineSidResult.S`
0	`81`	`await SendComputerStatus(new CSVComputerStatus`
0	`82`	`{`
0	`83`	`Status = getMachineSidResult.SError,`
0	`84`	`ComputerName = computerName,`
0	`85`	`Task = "GetMachineSid"`
0	`86`	`});`
	`87`	`//If we can't get a machine sid, we wont be able to make local principals with unique object ids, or`
0	`88`	`_log.LogWarning("Unable to get machineSid for {Computer}: {Status}. Abandoning local group processin`
0	`89`	`yield break;`
	`90`	`}`
	`91`
2	`92`	`machineSid = getMachineSidResult.Value;`
2	`93`	`Cache.AddMachineSid(computerObjectId, machineSid.Value);`
2	`94`	`}`
	`95`	`else`
0	`96`	`{`
0	`97`	`machineSid = new SecurityIdentifier(tempMachineSid);`
0	`98`	`}`
	`99`
	`100`	`//Get all available domains in the server`
2	`101`	`var getDomainsResult = server.GetDomains();`
2	`102`	`if (getDomainsResult.IsFailed)`
0	`103`	`{`
0	`104`	`_log.LogTrace("GetDomains failed on {ComputerName}: {Error}", computerName, getDomainsResult.SError);`
0	`105`	`await SendComputerStatus(new CSVComputerStatus`
0	`106`	`{`
0	`107`	`Task = "GetDomains",`
0	`108`	`ComputerName = computerName,`
0	`109`	`Status = getDomainsResult.SError`
0	`110`	`});`
0	`111`	`yield break;`
	`112`	`}`
	`113`
	`114`	`//Loop over each domain result and process its member groups`
12	`115`	`foreach (var domainResult in getDomainsResult.Value)`
3	`116`	`{`
	`117`	`//Skip non-builtin domains on domain controllers`
3	`118`	`if (isDomainController && !domainResult.Name.Equals("builtin", StringComparison.OrdinalIgnoreCase))`
0	`119`	`continue;`
	`120`
	`121`	`//Open a handle to the domain`
3	`122`	`var openDomainResult = server.OpenDomain(domainResult.Name);`
3	`123`	`if (openDomainResult.IsFailed)`
0	`124`	`{`
0	`125`	`_log.LogTrace("Failed to open domain {Domain} on {ComputerName}: {Error}", domainResult.Name, comput`
0	`126`	`await SendComputerStatus(new CSVComputerStatus`
0	`127`	`{`
0	`128`	`Task = $"OpenDomain - {domainResult.Name}",`
0	`129`	`ComputerName = computerName,`
0	`130`	`Status = openDomainResult.SError`
0	`131`	`});`
0	`132`	`continue;`
	`133`	`}`
	`134`
3	`135`	`var domain = openDomainResult.Value;`
	`136`
	`137`	`//Open a handle to the available aliases`
3	`138`	`var getAliasesResult = domain.GetAliases();`
	`139`
3	`140`	`if (getAliasesResult.IsFailed)`
0	`141`	`{`
0	`142`	`_log.LogTrace("Failed to open Aliases on Domain {Domain} on on {ComputerName}: {Error}", domainResul`
0	`143`	`await SendComputerStatus(new CSVComputerStatus`
0	`144`	`{`
0	`145`	`Task = $"GetAliases - {domainResult.Name}",`
0	`146`	`ComputerName = computerName,`
0	`147`	`Status = getAliasesResult.SError`
0	`148`	`});`
0	`149`	`continue;`
	`150`	`}`
	`151`
19	`152`	`foreach (var alias in getAliasesResult.Value)`
5	`153`	`{`
5	`154`	`_log.LogTrace("Opening alias {Alias} with RID {Rid} in domain {Domain} on computer {ComputerName}",`
	`155`	`//Try and resolve the group name using several different criteria`
5	`156`	`var resolvedName = ResolveGroupName(alias.Name, computerName, computerObjectId, computerDomain, alia`
5	`157`	`isDomainController,`
5	`158`	`domainResult.Name.Equals("builtin", StringComparison.OrdinalIgnoreCase));`
	`159`
5	`160`	`var ret = new LocalGroupAPIResult`
5	`161`	`{`
5	`162`	`Name = resolvedName.PrincipalName,`
5	`163`	`ObjectIdentifier = resolvedName.ObjectId`
5	`164`	`};`
	`165`
	`166`	`//Open a handle to the alias`
5	`167`	`var openAliasResult = domain.OpenAlias(alias.Rid);`
5	`168`	`if (openAliasResult.IsFailed)`
0	`169`	`{`
0	`170`	`_log.LogTrace("Failed to open alias {Alias} with RID {Rid} in domain {Domain} on computer {Compu`
0	`171`	`await SendComputerStatus(new CSVComputerStatus`
0	`172`	`{`
0	`173`	`Task = $"OpenAlias - {alias.Name}",`
0	`174`	`ComputerName = computerName,`
0	`175`	`Status = openAliasResult.SError`
0	`176`	`});`
0	`177`	`ret.Collected = false;`
0	`178`	`ret.FailureReason = $"SamOpenAliasInDomain failed with status {openAliasResult.SError}";`
0	`179`	`yield return ret;`
0	`180`	`continue;`
	`181`	`}`
	`182`
5	`183`	`var localGroup = openAliasResult.Value;`
	`184`	`//Call GetMembersInAlias to get raw group members`
5	`185`	`var getMembersResult = localGroup.GetMembers();`
5	`186`	`if (getMembersResult.IsFailed)`
0	`187`	`{`
0	`188`	`_log.LogTrace("Failed to get members in alias {Alias} with RID {Rid} in domain {Domain} on compu`
0	`189`	`await SendComputerStatus(new CSVComputerStatus`
0	`190`	`{`
0	`191`	`Task = $"GetMembersInAlias - {alias.Name}",`
0	`192`	`ComputerName = computerName,`
0	`193`	`Status = getMembersResult.SError`
0	`194`	`});`
0	`195`	`ret.Collected = false;`
0	`196`	`ret.FailureReason = $"SamGetMembersInAlias failed with status {getMembersResult.SError}";`
0	`197`	`yield return ret;`
0	`198`	`continue;`
	`199`	`}`
	`200`
5	`201`	`await SendComputerStatus(new CSVComputerStatus`
5	`202`	`{`
5	`203`	`Task = $"GetMembersInAlias - {alias.Name}",`
5	`204`	`ComputerName = computerName,`
5	`205`	`Status = CSVComputerStatus.StatusSuccess`
5	`206`	`});`
	`207`
5	`208`	`var results = new List<TypedPrincipal>();`
5	`209`	`var names = new List<NamedPrincipal>();`
	`210`
37	`211`	`foreach (var securityIdentifier in getMembersResult.Value)`
11	`212`	`{`
11	`213`	`_log.LogTrace("Got member sid {Sid} in alias {Alias} with RID {Rid} in domain {Domain} on comput`
	`214`	`//Check if the sid is one of our filtered ones. Throw it out if it is`
11	`215`	`if (Helpers.IsSidFiltered(securityIdentifier.Value))`
1	`216`	`continue;`
	`217`
10	`218`	`var sidValue = securityIdentifier.Value;`
	`219`
10	`220`	`if (isDomainController)`
5	`221`	`{`
5	`222`	`var result = ResolveDomainControllerPrincipal(sidValue, computerDomain);`
7	`223`	`if (result != null) results.Add(result);`
5	`224`	`continue;`
	`225`	`}`
	`226`
	`227`	`//If we get a local well known principal, we need to convert it using the computer's objectid`
5	`228`	`if (ConvertLocalWellKnownPrincipal(securityIdentifier, computerObjectId, computerDomain, out var`
1	`229`	`{`
	`230`	`//If the principal is null, it means we hit a weird edge case, but this is a local well know`
1	`231`	`if (principal != null)`
1	`232`	`results.Add(principal);`
1	`233`	`continue;`
	`234`	`}`
	`235`
	`236`	`//If the security identifier starts with the machine sid, we need to resolve it as a local objec`
4	`237`	`if (securityIdentifier.IsEqualDomainSid(machineSid))`
3	`238`	`{`
	`239`	`//Check if we've already previously resolved and cached this sid`
3	`240`	`if (typeCache.TryGetValue(sidValue, out var cachedLocalItem))`
0	`241`	`{`
0	`242`	`results.Add(new TypedPrincipal`
0	`243`	`{`
0	`244`	`ObjectIdentifier = sidValue,`
0	`245`	`ObjectType = cachedLocalItem.Type`
0	`246`	`});`
	`247`
0	`248`	`names.Add(new NamedPrincipal`
0	`249`	`{`
0	`250`	`ObjectId = sidValue,`
0	`251`	`PrincipalName = cachedLocalItem.Name`
0	`252`	`});`
	`253`	`//Move on`
0	`254`	`continue;`
	`255`	`}`
	`256`
	`257`	`//Attempt to lookup the principal in the server directly`
3	`258`	`var lookupUserResult = server.LookupPrincipalBySid(securityIdentifier);`
3	`259`	`if (lookupUserResult.IsFailed)`
0	`260`	`{`
0	`261`	`_log.LogTrace("Unable to resolve local sid {SID}: {Error}", sidValue, lookupUserResult.S`
0	`262`	`continue;`
	`263`	`}`
	`264`
3	`265`	`var (name, use) = lookupUserResult.Value;`
3	`266`	`var objectType = use switch`
3	`267`	`{`
2	`268`	`SharedEnums.SidNameUse.User => Label.LocalUser,`
0	`269`	`SharedEnums.SidNameUse.Group => Label.LocalGroup,`
1	`270`	`SharedEnums.SidNameUse.Alias => Label.LocalGroup,`
0	`271`	`_ => Label.Base`
3	`272`	`};`
	`273`
	`274`	`// Cache whatever we looked up for future lookups`
3	`275`	`typeCache.TryAdd(sidValue, new CachedLocalItem(name, objectType));`
	`276`
	`277`	`// Throw out local users`
3	`278`	`if (objectType == Label.LocalUser)`
2	`279`	`continue;`
	`280`
1	`281`	`var newSid = $"{computerObjectId}-{securityIdentifier.Rid()}";`
	`282`
1	`283`	`results.Add(new TypedPrincipal`
1	`284`	`{`
1	`285`	`ObjectIdentifier = newSid,`
1	`286`	`ObjectType = objectType`
1	`287`	`});`
	`288`
1	`289`	`names.Add(new NamedPrincipal`
1	`290`	`{`
1	`291`	`PrincipalName = name,`
1	`292`	`ObjectId = newSid`
1	`293`	`});`
1	`294`	`continue;`
	`295`	`}`
	`296`
	`297`	`//If we get here, we most likely have a domain principal in a local group`
1	`298`	`var resolvedPrincipal = _utils.ResolveIDAndType(sidValue, computerDomain);`
2	`299`	`if (resolvedPrincipal != null) results.Add(resolvedPrincipal);`
1	`300`	`}`
	`301`
5	`302`	`ret.Collected = true;`
5	`303`	`ret.LocalNames = names.ToArray();`
5	`304`	`ret.Results = results.ToArray();`
5	`305`	`yield return ret;`
5	`306`	`}`
3	`307`	`}`
2	`308`	`}`
	`309`
	`310`	`private TypedPrincipal ResolveDomainControllerPrincipal(string sid, string computerDomain)`
5	`311`	`{`
	`312`	`//If the server is a domain controller and we have a well known group, use the domain value`
5	`313`	`if (_utils.GetWellKnownPrincipal(sid, computerDomain, out var wellKnown))`
1	`314`	`return wellKnown;`
4	`315`	`return _utils.ResolveIDAndType(sid, computerDomain);`
5	`316`	`}`
	`317`
	`318`	`private bool ConvertLocalWellKnownPrincipal(SecurityIdentifier sid, string computerObjectId, string computerDoma`
5	`319`	`{`
5	`320`	`if (WellKnownPrincipal.GetWellKnownPrincipal(sid.Value, out var common))`
1	`321`	`{`
1	`322`	`if (sid.Value is "S-1-1-0" or "S-1-5-11")`
0	`323`	`{`
0	`324`	`_utils.GetWellKnownPrincipal(sid.Value, computerDomain, out principal);`
0	`325`	`return true;`
	`326`	`}`
	`327`
1	`328`	`principal = new TypedPrincipal`
1	`329`	`{`
1	`330`	`ObjectIdentifier = $"{computerObjectId}-{sid.Rid()}",`
1	`331`	`ObjectType = common.ObjectType switch`
1	`332`	`{`
0	`333`	`Label.User => Label.LocalUser,`
1	`334`	`Label.Group => Label.LocalGroup,`
0	`335`	`_ => common.ObjectType`
1	`336`	`}`
1	`337`	`};`
	`338`
1	`339`	`return true;`
	`340`	`}`
	`341`
4	`342`	`principal = null;`
4	`343`	`return false;`
5	`344`	`}`
	`345`
	`346`	`private NamedPrincipal ResolveGroupName(string baseName, string computerName, string computerDomainSid,`
	`347`	`string domainName, int groupRid, bool isDc, bool isBuiltIn)`
7	`348`	`{`
7	`349`	`if (isDc)`
3	`350`	`{`
3	`351`	`if (isBuiltIn)`
3	`352`	`{`
	`353`	`//If this is the builtin group on the DC, the groups correspond to the domain well known groups`
3	`354`	`_utils.GetWellKnownPrincipal($"S-1-5-32-{groupRid}".ToUpper(), domainName, out var principal);`
3	`355`	`return new NamedPrincipal`
3	`356`	`{`
3	`357`	`ObjectId = principal.ObjectIdentifier,`
3	`358`	`PrincipalName = "IGNOREME"`
3	`359`	`};`
	`360`	`}`
	`361`
0	`362`	`if (computerDomainSid == null)`
0	`363`	`return null;`
	`364`	`//We shouldn't hit this provided our isDC logic is correct since we're skipping non-builtin groups`
0	`365`	`return new NamedPrincipal`
0	`366`	`{`
0	`367`	`ObjectId = $"{computerDomainSid}-{groupRid}".ToUpper(),`
0	`368`	`PrincipalName = "IGNOREME"`
0	`369`	`};`
	`370`	`}`
	`371`
4	`372`	`if (computerDomainSid == null)`
0	`373`	`return null;`
	`374`	`//Take the local machineSid, append the groupRid, and make a name from the group name + computername`
4	`375`	`return new NamedPrincipal`
4	`376`	`{`
4	`377`	`ObjectId = $"{computerDomainSid}-{groupRid}",`
4	`378`	`PrincipalName = $"{baseName}@{computerName}".ToUpper()`
4	`379`	`};`
7	`380`	`}`
	`381`
	`382`	`private async Task SendComputerStatus(CSVComputerStatus status)`
5	`383`	`{`
5	`384`	`if (ComputerStatusEvent is not null) await ComputerStatusEvent(status);`
5	`385`	`}`
	`386`	`}`
	`387`	`}`

< Summary

Metrics

File(s)

D:\a\SharpHoundCommon\SharpHoundCommon\src\CommonLib\Processors\LocalGroupProcessor.cs

Methods/Properties