< Summary

Class:	SharpHoundRPC.Wrappers.LSAPolicy
Assembly:	SharpHoundRPC
File(s):	D:\a\SharpHoundCommon\SharpHoundCommon\src\SharpHoundRPC\Wrappers\LSAPolicy.cs
Covered lines:	0
Uncovered lines:	107
Coverable lines:	107
Total lines:	171
Line coverage:	0% (0 of 107)
Covered branches:	0
Total branches:	32
Branch coverage:	0% (0 of 32)

Metrics

Method	Branch coverage	Cyclomatic complexity	Sequence coverage
.ctor(...)	100%	1	0%
GetLocalDomainInformation()	0%	2	0%
GetPrincipalsWithPrivilege(...)	0%	2	0%
GetResolvedPrincipalsWithPrivilege(...)	0%	16	0%
LookupSid(...)	0%	4	0%
LookupSids(...)	0%	6	0%
OpenPolicy(...)	0%	2	0%

File(s)

D:\a\SharpHoundCommon\SharpHoundCommon\src\SharpHoundRPC\Wrappers\LSAPolicy.cs

#	Line	Line coverage
	`1`	`using System;`
	`2`	`using System.Collections.Generic;`
	`3`	`using System.Linq;`
	`4`	`using System.Security.Principal;`
	`5`	`using SharpHoundRPC.Handles;`
	`6`	`using SharpHoundRPC.LSANative;`
	`7`	`using SharpHoundRPC.Shared;`
	`8`
	`9`	`namespace SharpHoundRPC.Wrappers`
	`10`	`{`
	`11`	`public class LSAPolicy : LSABase, ILSAPolicy`
	`12`	`{`
	`13`	`private string _computerName;`
	`14`
0	`15`	`public LSAPolicy(string computerName, LSAHandle handle) : base(handle)`
0	`16`	`{`
0	`17`	`_computerName = computerName;`
0	`18`	`}`
	`19`
	`20`	`public Result<(string Name, string Sid)> GetLocalDomainInformation()`
0	`21`	`{`
0	`22`	`var result = LSAMethods.LsaQueryInformationPolicy(Handle,`
0	`23`	`LSAEnums.LSAPolicyInformation.PolicyAccountDomainInformation);`
	`24`
0	`25`	`if (result.status.IsError()) return result.status;`
	`26`
0	`27`	`var domainInfo = result.pointer.GetData<LSAStructs.PolicyAccountDomainInfo>();`
	`28`	`try`
0	`29`	`{`
0	`30`	`var domainSid = new SecurityIdentifier(domainInfo.DomainSid);`
0	`31`	`return (domainInfo.DomainName.ToString(), domainSid.Value.ToUpper());`
	`32`	`}`
0	`33`	`catch (ArgumentException)`
0	`34`	`{`
0	`35`	`return "Invalid DomainSID returned by LSA";`
	`36`	`}`
0	`37`	`}`
	`38`
	`39`	`public Result<IEnumerable<SecurityIdentifier>> GetPrincipalsWithPrivilege(string userRight)`
0	`40`	`{`
0	`41`	`var (status, sids, count) = LSAMethods.LsaEnumerateAccountsWithUserRight(Handle, userRight);`
	`42`
0	`43`	`if (status.IsError()) return status;`
	`44`
0	`45`	`return Result<IEnumerable<SecurityIdentifier>>.Ok(sids.GetEnumerable<SecurityIdentifier>(count));`
0	`46`	`}`
	`47`
	`48`	`public Result<IEnumerable<(SecurityIdentifier sid, string Name, SharedEnums.SidNameUse Use, string Domain)>>`
	`49`	`GetResolvedPrincipalsWithPrivilege(string userRight)`
0	`50`	`{`
0	`51`	`var (status, sids, count) = LSAMethods.LsaEnumerateAccountsWithUserRight(Handle, userRight);`
0	`52`	`using (sids)`
0	`53`	`{`
0	`54`	`if (status.IsError()) return status;`
	`55`
0	`56`	`var (lookupStatus, referencedDomains, names, lookupCount) =`
0	`57`	`LSAMethods.LsaLookupSids(Handle, sids, count);`
0	`58`	`if (lookupStatus.IsError())`
0	`59`	`{`
0	`60`	`referencedDomains.Dispose();`
0	`61`	`names.Dispose();`
0	`62`	`return lookupStatus;`
	`63`	`}`
	`64`
0	`65`	`var translatedNames = names.GetEnumerable<LSAStructs.LSATranslatedNames>(count).ToArray();`
0	`66`	`var domainList = referencedDomains.GetData<LSAStructs.LSAReferencedDomains>();`
0	`67`	`var safeDomains = new LSAPointer(domainList.Domains);`
0	`68`	`var domains = safeDomains.GetEnumerable<LSAStructs.LSATrustInformation>(domainList.Entries).ToArray();`
0	`69`	`var convertedSids = sids.GetEnumerable<SecurityIdentifier>(lookupCount).ToArray();`
	`70`
0	`71`	`var ret = new List<(SecurityIdentifier sid, string Name, SharedEnums.SidNameUse Use, string Domain)>();`
	`72`
0	`73`	`for (var i = 0; i < count; i++)`
0	`74`	`{`
0	`75`	`var use = translatedNames[i].Use;`
0	`76`	`var sid = convertedSids[i];`
	`77`	`//Special LSALookupSids cases. If we hit any of these cases, we're missing important data, so dont r`
	`78`	`//If use is Domain, The DomainIndex member is valid, but the Name member is not valid and must be ig`
	`79`	`//If use is Unknown or Invalid, Both DomainIndex and Name are not valid and must be ignored.`
0	`80`	`if (use is SharedEnums.SidNameUse.Domain or SharedEnums.SidNameUse.Invalid`
0	`81`	`or SharedEnums.SidNameUse.Unknown)`
0	`82`	`{`
0	`83`	`ret.Add((sid, null, use, null));`
0	`84`	`continue;`
	`85`	`}`
	`86`
0	`87`	`var translatedName = translatedNames[i].Name.ToString();`
0	`88`	`var domainIndex = translatedNames[i].DomainIndex;`
	`89`	`//If use is WellKnownGroup, Name is valid, but domainindex is not`
	`90`	`//If there is no corresponding domain for an account, domainindex contains a negative value.`
0	`91`	`var domain = use == SharedEnums.SidNameUse.WellKnownGroup \|\| domainIndex < 0`
0	`92`	`? null`
0	`93`	`: domains[translatedNames[i].DomainIndex].Name.ToString();`
0	`94`	`ret.Add((sid, translatedName, use, domain));`
0	`95`	`}`
	`96`
0	`97`	`referencedDomains.Dispose();`
0	`98`	`names.Dispose();`
0	`99`	`safeDomains.Dispose();`
	`100`
0	`101`	`return ret;`
	`102`	`}`
0	`103`	`}`
	`104`
	`105`	`public Result<(string Name, SharedEnums.SidNameUse Use, string Domains)> LookupSid(SecurityIdentifier sid)`
0	`106`	`{`
0	`107`	`if (sid == null)`
0	`108`	`return "SID cannot be null";`
	`109`
0	`110`	`var (status, referencedDomains, names, count) = LSAMethods.LsaLookupSids(Handle, new[] {sid});`
0	`111`	`if (status.IsError())`
0	`112`	`{`
0	`113`	`names.Dispose();`
0	`114`	`referencedDomains.Dispose();`
0	`115`	`return status;`
	`116`	`}`
	`117`
0	`118`	`var translatedNames = names.GetEnumerable<LSAStructs.LSATranslatedNames>(count).ToArray();`
0	`119`	`var domainList = referencedDomains.GetData<LSAStructs.LSAReferencedDomains>();`
0	`120`	`var safeDomains = new LSAPointer(domainList.Domains);`
0	`121`	`var domains = safeDomains.GetEnumerable<LSAStructs.LSATrustInformation>(domainList.Entries).ToArray();`
0	`122`	`names.Dispose();`
0	`123`	`referencedDomains.Dispose();`
0	`124`	`safeDomains.Dispose();`
0	`125`	`return (translatedNames[0].Name.ToString(), translatedNames[0].Use,`
0	`126`	`domains[translatedNames[0].DomainIndex].Name.ToString());`
0	`127`	`}`
	`128`
	`129`	`public Result<IEnumerable<(SecurityIdentifier Sid, string Name, SharedEnums.SidNameUse Use, string Domain)>>`
	`130`	`LookupSids(`
	`131`	`SecurityIdentifier[] sids)`
0	`132`	`{`
0	`133`	`sids = sids.Where(x => x != null).ToArray();`
0	`134`	`if (sids.Length == 0)`
0	`135`	`return "No non-null SIDs specified";`
	`136`
0	`137`	`var (status, referencedDomains, names, count) = LSAMethods.LsaLookupSids(Handle, sids);`
0	`138`	`if (status.IsError())`
0	`139`	`{`
0	`140`	`referencedDomains.Dispose();`
0	`141`	`names.Dispose();`
0	`142`	`return status;`
	`143`	`}`
	`144`
0	`145`	`var translatedNames = names.GetEnumerable<LSAStructs.LSATranslatedNames>(count).ToArray();`
0	`146`	`var domainList = referencedDomains.GetData<LSAStructs.LSAReferencedDomains>();`
0	`147`	`var safeDomains = new LSAPointer(domainList.Domains);`
0	`148`	`var domains = safeDomains.GetEnumerable<LSAStructs.LSATrustInformation>(domainList.Entries).ToArray();`
	`149`
0	`150`	`var ret = new List<(SecurityIdentifier Sid, string Name, SharedEnums.SidNameUse Use, string Domain)>();`
0	`151`	`for (var i = 0; i < count; i++)`
0	`152`	`ret.Add((sids[i], translatedNames[i].Name.ToString(), translatedNames[i].Use,`
0	`153`	`domains[translatedNames[i].DomainIndex].Name.ToString()));`
	`154`
0	`155`	`referencedDomains.Dispose();`
0	`156`	`names.Dispose();`
0	`157`	`safeDomains.Dispose();`
	`158`
0	`159`	`return ret.ToArray();`
0	`160`	`}`
	`161`
	`162`	`public static Result<LSAPolicy> OpenPolicy(string computerName, LSAEnums.LsaOpenMask desiredAccess =`
	`163`	`LSAEnums.LsaOpenMask.LookupNames \| LSAEnums.LsaOpenMask.ViewLocalInfo)`
0	`164`	`{`
0	`165`	`var (status, handle) = LSAMethods.LsaOpenPolicy(computerName, desiredAccess);`
0	`166`	`if (status.IsError()) return status;`
	`167`
0	`168`	`return new LSAPolicy(computerName, handle);`
0	`169`	`}`
	`170`	`}`
	`171`	`}`

< Summary

Metrics

File(s)

D:\a\SharpHoundCommon\SharpHoundCommon\src\SharpHoundRPC\Wrappers\LSAPolicy.cs

Methods/Properties