Skip to content

Commit

Permalink
Added rest of error cases for LocalGroupProcessorTest.cs
Browse files Browse the repository at this point in the history
  • Loading branch information
ktstrader committed Nov 20, 2024
1 parent b99a490 commit 9e426e2
Show file tree
Hide file tree
Showing 6 changed files with 302 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Security.Principal;
using SharpHoundRPC;
using SharpHoundRPC.Wrappers;

namespace CommonLibTest.Facades
{
[SuppressMessage("Interoperability", "CA1416:Validate platform compatibility")]
public class MockFailAliasAdministrators_PreviouslyCached : ISAMAlias
{
public Result<IEnumerable<SecurityIdentifier>> GetMembers()
{
return new List<SecurityIdentifier>()
{
new("S-1-5-21-321011808-3761883066-353627080-1000"),
new("S-1-5-21-321011808-3761883066-353627080-1000"),
new("S-1-5-21-4243161961-3815211218-2888324771-512"),
};
}

public void Dispose()
{
throw new System.NotImplementedException();
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Security.Principal;
using SharpHoundRPC;
using SharpHoundRPC.Wrappers;

namespace CommonLibTest.Facades
{
[SuppressMessage("Interoperability", "CA1416:Validate platform compatibility")]
public class MockFailAlias_PreviouslyCached : ISAMAlias
{
public Result<IEnumerable<SecurityIdentifier>> GetMembers()
{
return new List<SecurityIdentifier>()
{
new("S-1-5-21-321011808-3761883066-353627080-1003"),
new("S-1-5-21-321011808-3761883066-353627080-1003"),
new("S-1-5-32-544"),
};
}

public void Dispose()
{
throw new System.NotImplementedException();
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
using System;
using System.Collections.Generic;
using SharpHoundRPC;
using SharpHoundRPC.SAMRPCNative;
using SharpHoundRPC.Shared;
using SharpHoundRPC.Wrappers;

namespace CommonLibTest.Facades
{
public class MockFailDomainBuiltIn_PreviouslyCached : ISAMDomain
{
public Result<(string Name, SharedEnums.SidNameUse Type)> LookupPrincipalByRid(int rid)
{
throw new System.NotImplementedException();
}

public Result<IEnumerable<(string Name, int Rid)>> GetAliases()
{
var result = new List<(string, int)>
{
("administrators", 544),
("remote desktop users", 555)
};
return result;
}

public Result<ISAMAlias> OpenAlias(int rid, SAMEnums.AliasOpenFlags desiredAccess = SAMEnums.AliasOpenFlags.ListMembers)
{
if (rid == 544)
{
return new MockFailAliasAdministrators_PreviouslyCached();
}
if (rid == 555)
{
return new MockFailAlias_PreviouslyCached();
}

throw new NotImplementedException();
}

public Result<ISAMAlias> OpenAlias(string name)
{
throw new System.NotImplementedException();
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
using System;
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Security.Principal;
using SharpHoundRPC;
using SharpHoundRPC.SAMRPCNative;
using SharpHoundRPC.Shared;
using SharpHoundRPC.Wrappers;

namespace CommonLibTest.Facades
{
[SuppressMessage("Interoperability", "CA1416:Validate platform compatibility")]
public class MockFailSAMServer_LookupPrincipalBySid : ISAMServer
{
public bool IsNull { get; }
public Result<IEnumerable<(string Name, int Rid)>> GetDomains()
{
var domains = new List<(string, int)>
{
("WIN10", 0),
("BUILTIN", 1)
};
return domains;
}

public Result<SecurityIdentifier> LookupDomain(string name)
{
throw new NotImplementedException();
}

public Result<SecurityIdentifier> GetMachineSid(string testName = null)
{
var securityIdentifier = new SecurityIdentifier(Consts.MockWorkstationMachineSid);
return Result<SecurityIdentifier>.Ok(securityIdentifier);
}

public Result<(string Name, SharedEnums.SidNameUse Type)> LookupPrincipalBySid(SecurityIdentifier securityIdentifier)
{
// switch (securityIdentifier.Value)
// {
// case "S-1-5-21-321011808-3761883066-353627080-500":
// return ("Administrator", SharedEnums.SidNameUse.User);
// case "S-1-5-21-321011808-3761883066-353627080-1000":
// return ("DefaultUser", SharedEnums.SidNameUse.User);
// case "S-1-5-21-321011808-3761883066-353627080-1003":
// return ("TestGroup", SharedEnums.SidNameUse.Alias);
// default:
// throw new IndexOutOfRangeException();
// }
return NtStatus.StatusAccessDenied;
}

public Result<ISAMDomain> OpenDomain(string domainName,
SAMEnums.DomainAccessMask requestedDomainAccess = SAMEnums.DomainAccessMask.ListAccounts | SAMEnums.DomainAccessMask.Lookup)
{
if (domainName.Equals("win10", StringComparison.OrdinalIgnoreCase))
{
return new MockWorkstationDomainWIN10();
}
return new MockWorkstationDomainBuiltIn();
}

public Result<ISAMDomain> OpenDomain(SecurityIdentifier securityIdentifier,
SAMEnums.DomainAccessMask requestedDomainAccess = SAMEnums.DomainAccessMask.ListAccounts | SAMEnums.DomainAccessMask.Lookup)
{
return new MockWorkstationDomainBuiltIn();
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
using System;
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Security.Principal;
using SharpHoundRPC;
using SharpHoundRPC.SAMRPCNative;
using SharpHoundRPC.Shared;
using SharpHoundRPC.Wrappers;

namespace CommonLibTest.Facades
{
[SuppressMessage("Interoperability", "CA1416:Validate platform compatibility")]
public class MockFailSAMServer_PreviouslyCached : ISAMServer
{
public bool IsNull { get; }
public Result<IEnumerable<(string Name, int Rid)>> GetDomains()
{
var domains = new List<(string, int)>
{
("WIN10", 0),
("BUILTIN", 1)
};
return domains;
}

public Result<SecurityIdentifier> LookupDomain(string name)
{
throw new NotImplementedException();
}

public Result<SecurityIdentifier> GetMachineSid(string testName = null)
{
var securityIdentifier = new SecurityIdentifier(Consts.MockWorkstationMachineSid);
return Result<SecurityIdentifier>.Ok(securityIdentifier);
}

public Result<(string Name, SharedEnums.SidNameUse Type)> LookupPrincipalBySid(SecurityIdentifier securityIdentifier)
{
switch (securityIdentifier.Value)
{
case "S-1-5-21-321011808-3761883066-353627080-500":
return ("Administrator", SharedEnums.SidNameUse.User);
case "S-1-5-21-321011808-3761883066-353627080-1000":
return ("DefaultUser", SharedEnums.SidNameUse.User);
case "S-1-5-21-321011808-3761883066-353627080-1003":
return ("TestGroup", SharedEnums.SidNameUse.Alias);
default:
throw new IndexOutOfRangeException();
}
}

public Result<ISAMDomain> OpenDomain(string domainName,
SAMEnums.DomainAccessMask requestedDomainAccess = SAMEnums.DomainAccessMask.ListAccounts | SAMEnums.DomainAccessMask.Lookup)
{
if (domainName.Equals("win10", StringComparison.OrdinalIgnoreCase))
{
return new MockWorkstationDomainWIN10();
}
return new MockFailDomainBuiltIn_PreviouslyCached();
}

public Result<ISAMDomain> OpenDomain(SecurityIdentifier securityIdentifier,
SAMEnums.DomainAccessMask requestedDomainAccess = SAMEnums.DomainAccessMask.ListAccounts | SAMEnums.DomainAccessMask.Lookup)
{
return new MockFailDomainBuiltIn_PreviouslyCached();
}
}
}
65 changes: 65 additions & 0 deletions test/unit/LocalGroupProcessorTest.cs
Original file line number Diff line number Diff line change
Expand Up @@ -314,5 +314,70 @@ public async Task LocalGroupProcessor_GetLocalGroups_GetMembersFailed()
var status = receivedStatus[0];
Assert.Equal("StatusAccessDenied", status.Status);
}

[Fact]
public async Task LocalGroupProcessor_GetLocalGroups_LookupPrincipalBySid()
{
var mockProcessor = new Mock<LocalGroupProcessor>(new MockLdapUtils(), null);
var mockSamServer = new MockFailSAMServer_LookupPrincipalBySid();
mockProcessor.Setup(x => x.OpenSamServer(It.IsAny<string>())).Returns(mockSamServer);
var processor = mockProcessor.Object;
var machineDomainSid = $"{Consts.MockWorkstationMachineSid}-1000";
var receivedStatus = new List<CSVComputerStatus>();
processor.ComputerStatusEvent += async status => {
receivedStatus.Add(status);
};
var results = await processor.GetLocalGroups("primary.testlab.local", machineDomainSid, "TESTLAB.LOCAL", false)
.ToArrayAsync();

Assert.Equal(3, results.Length);
var adminGroup = results.First(x => x.ObjectIdentifier.EndsWith("-544"));
Assert.Single(adminGroup.Results);
Assert.Equal($"{machineDomainSid}-544", adminGroup.ObjectIdentifier);
Assert.Equal("S-1-5-21-4243161961-3815211218-2888324771-512", adminGroup.Results[0].ObjectIdentifier);
var rdpGroup = results.First(x => x.ObjectIdentifier.EndsWith("-555"));
Assert.Equal(1, rdpGroup.Results.Length);
Assert.Collection(rdpGroup.Results,
principal =>
{
Assert.Equal($"{machineDomainSid}-544", principal.ObjectIdentifier);
Assert.Equal(Label.LocalGroup, principal.ObjectType);
});
}

[Fact]
public async Task LocalGroupProcessor_GetLocalGroups_PreviouslyCached()
{
var mockProcessor = new Mock<LocalGroupProcessor>(new MockLdapUtils(), null);
var mockSamServer = new MockFailSAMServer_PreviouslyCached();
mockProcessor.Setup(x => x.OpenSamServer(It.IsAny<string>())).Returns(mockSamServer);
var processor = mockProcessor.Object;
var machineDomainSid = $"{Consts.MockWorkstationMachineSid}-1001";
var results = await processor.GetLocalGroups("win10.testlab.local", machineDomainSid, "TESTLAB.LOCAL", false)
.ToArrayAsync();

Assert.Equal(3, results.Length);
var adminGroup = results.First(x => x.ObjectIdentifier.EndsWith("-544"));

Assert.Equal($"{machineDomainSid}-544", adminGroup.ObjectIdentifier);
Assert.Equal("S-1-5-21-4243161961-3815211218-2888324771-512", adminGroup.Results[1].ObjectIdentifier);
var rdpGroup = results.First(x => x.ObjectIdentifier.EndsWith("-555"));
Assert.Equal(3, rdpGroup.Results.Length);
Assert.Collection(rdpGroup.Results,
principal =>
{
Assert.Equal($"{machineDomainSid}-1003", principal.ObjectIdentifier);
Assert.Equal(Label.LocalGroup, principal.ObjectType);

}, principal =>
{
Assert.Equal($"{Consts.MockWorkstationMachineSid}-1003", principal.ObjectIdentifier);
Assert.Equal(Label.LocalGroup, principal.ObjectType);
}, principal =>
{
Assert.Equal($"{machineDomainSid}-544", principal.ObjectIdentifier);
Assert.Equal(Label.LocalGroup, principal.ObjectType);
});
}
}
}

0 comments on commit 9e426e2

Please sign in to comment.