PingCastle 2.7.0.0

ADWS/ADDomainInfo.cs

@@ -90,7 +90,6 @@ private static int ExtractIntValue(XmlNode item)
  public static ADDomainInfo Create(DirectoryEntry rootDSE)
  {
  ADDomainInfo info = new ADDomainInfo();
- Trace.WriteLine("rootDse property count: " + rootDSE.Properties.Count);
  info.DefaultNamingContext = rootDSE.Properties["defaultNamingContext"].Value as string;
  info.ConfigurationNamingContext = rootDSE.Properties["configurationNamingContext"].Value as string;
  info.DnsHostName = rootDSE.Properties["dnsHostName"].Value as string;

ADWS/ADWSConnection.cs

@@ -363,7 +363,7 @@ XmlQualifiedName[] BuildProperties(List<string> properties)
  private void EnumerateInternalWithADWS(string distinguishedName, string filter, string[] properties, string scope, ReceiveItems callback)
  {
  bool nTSecurityDescriptor = false;
- List<string> listproperties = new List<string>(properties);
+ List<string> listproperties = new List<string>();
 
  Enumerate enumerate = new Enumerate();
  enumerate.Filter = new FilterType();
@@ -374,10 +374,14 @@ private void EnumerateInternalWithADWS(string distinguishedName, string filter,
  enumerate.Filter.LdapQuery.Scope = scope;
  enumerate.Filter.LdapQuery.Filter = filter;
  Trace.WriteLine("LdapQuery.Filter=" + enumerate.Filter.LdapQuery.Filter);
- enumerate.Selection = new Selection();
 
- enumerate.Selection.SelectionProperty = BuildProperties(listproperties);
+ if (properties != null)
+ {
+ listproperties.AddRange(properties);
+ enumerate.Selection = new Selection();
 
+ enumerate.Selection.SelectionProperty = BuildProperties(listproperties);
+ }
  EnumerateResponse enumerateResponse = null;
 
  Trace.WriteLine("[" + DateTime.Now.ToLongTimeString() + "] Running enumeration");

ADWS/ADWebService.cs

@@ -13,6 +13,7 @@
 using System.DirectoryServices.ActiveDirectory;
 using System.IO;
 using System.Net;
+using System.Runtime.InteropServices;
 using System.Security.Permissions;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
@@ -35,7 +36,7 @@ public enum ADConnectionType
  LDAPThenADWS = 3,
  }
 
- internal class ADWebService : IDisposable
+ internal class ADWebService : IDisposable, IADConnection
  {
 
  public ADWebService(string server, int port, NetworkCredential credential)
@@ -105,7 +106,12 @@ private void EstablishConnection()
  }
  catch(Exception ex2)
  {
- Trace.WriteLine("LDAP exception: " + ex2.Message);
+ Trace.WriteLine("LDAP exception: " + ex2.Message + "(" + ex2.GetType() + ")");
+ if (ex2 as COMException != null)
+ {
+ COMException ex3 = (COMException)ex2;
+ Trace.WriteLine("COMException: " + ex3.ErrorCode);
+ }
  Trace.WriteLine(ex2.StackTrace);
  Trace.WriteLine("Throwing ADWS Exception again");
  throw new ActiveDirectoryServerDownException(ex.Message);
@@ -132,7 +138,7 @@ private void EstablishConnection()
  }
  catch (Exception ex2)
  {
- Trace.WriteLine("ADWS exception: " + ex2.Message);
+ Trace.WriteLine("ADWS exception: " + ex2.Message + "(" + ex2.GetType() + ")");
  Trace.WriteLine(ex2.StackTrace);
  Trace.WriteLine("Throwing LDAP Exception again");
  throw new ActiveDirectoryServerDownException(ex.Message);
@@ -164,6 +170,11 @@ public ADDomainInfo DomainInfo
  }
  }
 
+ public ADDomainInfo GetDomainInfo()
+ {
+ return DomainInfo;
+ }
+
  public class OUExploration: IComparable<OUExploration>
  {
  public string OU { get; set; }

ADWS/LDAPConnection.cs

@@ -9,6 +9,7 @@
 using System.Diagnostics;
 using System.DirectoryServices;
 using System.Net;
+using System.Runtime.InteropServices;
 using System.Security.Permissions;
 using System.Text;
 
@@ -65,13 +66,16 @@ private void EnumerateInternalWithLDAP(string distinguishedName, string filter,
  }
 
  bool nTSecurityDescriptor = false;
- foreach (string property in properties)
+ if (properties != null)
  {
- clsDS.PropertiesToLoad.Add(property);
- // prepare the flag for the ntsecuritydescriptor
- if (String.Compare("nTSecurityDescriptor", property, true) == 0)
+ foreach (string property in properties)
  {
- nTSecurityDescriptor = true;
+ clsDS.PropertiesToLoad.Add(property);
+ // prepare the flag for the ntsecuritydescriptor
+ if (String.Compare("nTSecurityDescriptor", property, true) == 0)
+ {
+ nTSecurityDescriptor = true;
+ }
  }
  }
  Trace.WriteLine("[" + DateTime.Now.ToLongTimeString() + "]Calling FindAll");
@@ -119,14 +123,38 @@ protected override ADDomainInfo GetDomainInfoInternal()
  [SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
  private ADDomainInfo GetLDAPDomainInfo()
  {
- DirectoryEntry rootDse = new DirectoryEntry("LDAP://" + Server + "/RootDSE");
- if (Credential == null)
+ DirectoryEntry rootDse;
+ try
  {
- rootDse = new DirectoryEntry(@"LDAP://" + Server + (Port == 0 ? null : ":" + Port) + "/RootDSE", null, null, AuthenticationTypes.ServerBind | AuthenticationTypes.Secure | (Port == 636 ? AuthenticationTypes.SecureSocketsLayer : 0));
+ if (Credential == null)
+ {
+ rootDse = new DirectoryEntry(@"LDAP://" + Server + (Port == 0 ? null : ":" + Port) + "/RootDSE", null, null, AuthenticationTypes.ServerBind | AuthenticationTypes.Secure | (Port == 636 ? AuthenticationTypes.SecureSocketsLayer : 0));
+ }
+ else
+ {
+ rootDse = new DirectoryEntry(@"LDAP://" + Server + (Port == 0 ? null : ":" + Port) + "/RootDSE", Credential.UserName, Credential.Password, AuthenticationTypes.ServerBind | AuthenticationTypes.Secure | (Port == 636 ? AuthenticationTypes.SecureSocketsLayer : 0));
+ }
+ // force the connection to the LDAP server via an access to the "properties" property
+ Trace.WriteLine("rootDse property count: " + rootDse.Properties.Count);
  }
- else
+ catch (COMException ex)
  {
- rootDse = new DirectoryEntry(@"LDAP://" + Server + (Port == 0 ? null : ":" + Port) + "/RootDSE", Credential.UserName, Credential.Password, AuthenticationTypes.ServerBind | AuthenticationTypes.Secure | (Port == 636 ? AuthenticationTypes.SecureSocketsLayer : 0));
+ // Windows 2000 does not support a bind to the rootDse and returns "The server is not operational" (0x8007203A)
+ if (ex.ErrorCode == -2147016646)
+ {
+ if (Credential == null)
+ {
+ rootDse = new DirectoryEntry(@"LDAP://" + Server + (Port == 0 ? null : ":" + Port) + "/RootDSE", null, null, AuthenticationTypes.Secure | (Port == 636 ? AuthenticationTypes.SecureSocketsLayer : 0));
+ }
+ else
+ {
+ rootDse = new DirectoryEntry(@"LDAP://" + Server + (Port == 0 ? null : ":" + Port) + "/RootDSE", Credential.UserName, Credential.Password, AuthenticationTypes.Secure | (Port == 636 ? AuthenticationTypes.SecureSocketsLayer : 0));
+ }
+ }
+ else
+ {
+ throw;
+ }
  }
  return ADDomainInfo.Create(rootDse);
  }

Compatibility.cs

@@ -42,4 +42,13 @@ public ContractNamespaceAttribute(string contractNamespace)
  this.contractNamespace = contractNamespace;
  }
  }
+
+ // available in dotnet 3 but not on dotnet 2 which is needed for Windows 2000
+ [System.AttributeUsage(System.AttributeTargets.Field | System.AttributeTargets.Property, AllowMultiple=false, Inherited=false)]
+ internal sealed class IgnoreDataMemberAttribute : Attribute
+ {
+ public IgnoreDataMemberAttribute()
+ {
+ }
+ }
 }

ConsoleMenu.cs

@@ -7,6 +7,26 @@
 
 namespace PingCastle
 {
+
+ public class ConsoleMenuItem
+ {
+ public string Choice { get; set; }
+ public string ShortDescription { get; set; }
+ public string LongDescription { get; set; }
+
+ public ConsoleMenuItem(string choice, string shortDescription)
+ : this(choice, shortDescription, null)
+ {
+ }
+
+ public ConsoleMenuItem(string choice, string shortDescription, string longDescription)
+ {
+ Choice = choice;
+ ShortDescription = shortDescription;
+ LongDescription = longDescription;
+ }
+ }
+
  public class ConsoleMenu
  {
 
@@ -15,15 +35,17 @@ public class ConsoleMenu
  public static string Notice { get; set; }
  public static string Information { get; set; }
 
- static void printSelectMenuStyle0(List<KeyValuePair<string, string>> items, int currentIndex, int top, int left)
+ static void printSelectMenuStyle0(List<ConsoleMenuItem> items, int currentIndex, int top, int left)
  {
  bool hasDescription = false;
+ string description = null;
  int largerChoice = 0;
+ int maxDescription = 0;
  for (int i = 0; i < items.Count; i++)
  {
- if (!String.IsNullOrEmpty(items[i].Value))
+ if (!String.IsNullOrEmpty(items[i].ShortDescription))
  hasDescription = true;
- int l = items[i].Key.Length;
+ int l = items[i].Choice.Length;
  if (l > largerChoice)
  largerChoice = l;
  }
@@ -34,15 +56,18 @@ static void printSelectMenuStyle0(List<KeyValuePair<string, string>> items, int
  {
  Console.BackgroundColor = ConsoleColor.Gray;
  Console.ForegroundColor = ConsoleColor.Black;
+ description = items[i].LongDescription;
  }
- Console.Write(" " + (char)(i < 9 ? i + '1' : i - 9 + 'a') + "-" + items[i].Key);
+ if (!String.IsNullOrEmpty(items[i].LongDescription) && maxDescription < items[i].LongDescription.Length)
+ maxDescription = items[i].LongDescription.Length;
+ Console.Write(" " + (char)(i < 9 ? i + '1' : i - 9 + 'a') + "-" + items[i].Choice);
  if (hasDescription)
  {
- int diff = largerChoice - items[i].Key.Length;
+ int diff = largerChoice - items[i].Choice.Length;
  if (diff > 0)
  Console.Write(new String(' ', diff));
- if (!String.IsNullOrEmpty(items[i].Value))
- Console.Write("-" + items[i].Value);
+ if (!String.IsNullOrEmpty(items[i].ShortDescription))
+ Console.Write("-" + items[i].ShortDescription);
  }
  Console.WriteLine();
  Console.ResetColor();
@@ -54,9 +79,24 @@ static void printSelectMenuStyle0(List<KeyValuePair<string, string>> items, int
  }
  Console.WriteLine(" 0-Exit");
  Console.ResetColor();
+ if (!String.IsNullOrEmpty(description))
+ {
+ Console.ForegroundColor = ConsoleColor.Yellow;
+ Console.WriteLine("==============================");
+ Console.ResetColor();
+ int currentLineCursor = Console.CursorTop;
+ Console.WriteLine(new string(' ', maxDescription));
+ Console.SetCursorPosition(0, currentLineCursor);
+ Console.WriteLine(description);
+ }
+ else
+ {
+ Console.WriteLine(new string(' ', Console.WindowWidth - 1));
+ Console.WriteLine(new string(' ', maxDescription));
+ }
  }
 
- static void printSelectMenuStyle1(List<KeyValuePair<string, string>> items, int currentIndex, int top, int left)
+ static void printSelectMenuStyle1(List<ConsoleMenuItem> items, int currentIndex, int top, int left)
  {
  string description = null;
  Console.SetCursorPosition(left, top);
@@ -68,12 +108,12 @@ static void printSelectMenuStyle1(List<KeyValuePair<string, string>> items, int
  {
  Console.BackgroundColor = ConsoleColor.Gray;
  Console.ForegroundColor = ConsoleColor.Black;
- description = items[i].Value;
+ description = items[i].ShortDescription;
  }
- if (!String.IsNullOrEmpty(items[i].Value) && maxDescription < items[i].Value.Length)
- maxDescription = items[i].Value.Length;
+ if (!String.IsNullOrEmpty(items[i].ShortDescription) && maxDescription < items[i].ShortDescription.Length)
+ maxDescription = items[i].ShortDescription.Length;
 
- item = " " + (char)(i < 9 ? i + '1' : i - 9 + 'a') + "-" + items[i].Key;
+ item = " " + (char)(i < 9 ? i + '1' : i - 9 + 'a') + "-" + items[i].Choice;
  Console.SetCursorPosition(left + (i < (items.Count + 1) / 2 ? 0 : Console.WindowWidth / 2), top + i + (i < (items.Count + 1) / 2 ? 0 : -(items.Count + 1) / 2));
  Console.Write(item + new string(' ',Console.WindowWidth / 2 - item.Length - 1));
  Console.ResetColor();
@@ -92,7 +132,6 @@ static void printSelectMenuStyle1(List<KeyValuePair<string, string>> items, int
  Console.ForegroundColor = ConsoleColor.Yellow;
  Console.WriteLine("==============================");
  Console.ResetColor();
- Console.WriteLine("Description:");
  int currentLineCursor = Console.CursorTop;
  Console.WriteLine(new string(' ', maxDescription));
  Console.SetCursorPosition(0, currentLineCursor);
@@ -155,21 +194,21 @@ public static List<string> AskForListString()
  return list;
  }
 
- public static int SelectMenu(List<KeyValuePair<string, string>> items, int defaultIndex = 1)
+ public static int SelectMenu(List<ConsoleMenuItem> items, int defaultIndex = 1)
  {
  DisplayHeader();
  ClearTopic();
  return SelectMenu(items, defaultIndex, 0);
  }
 
- public static int SelectMenuCompact(List<KeyValuePair<string, string>> items, int defaultIndex = 1)
+ public static int SelectMenuCompact(List<ConsoleMenuItem> items, int defaultIndex = 1)
  {
  DisplayHeader();
  ClearTopic();
  return SelectMenu(items, defaultIndex, 1);
  }
 
- protected static int SelectMenu(List<KeyValuePair<string, string>> items, int defaultIndex = 1, int style = 0)
+ protected static int SelectMenu(List<ConsoleMenuItem> items, int defaultIndex = 1, int style = 0)
  {
  int top = Console.CursorTop;
  int left = Console.CursorLeft;

Data/CompromiseGraphData.cs

@@ -59,7 +59,7 @@ public DomainKey Domain
  {
  if (_domain == null)
  {
- _domain = new DomainKey(DomainFQDN, DomainSid, DomainNetBIOS);
+ _domain = DomainKey.Create(DomainFQDN, DomainSid, DomainNetBIOS);
  }
  return _domain;
  }
@@ -241,7 +241,7 @@ public DomainKey Domain
  {
  if (_domain == null)
  {
- _domain = new DomainKey(FQDN, Sid, Netbios);
+ _domain = DomainKey.Create(FQDN, Sid, Netbios);
  }
  return _domain;
  }

Data/DomainKey.cs

@@ -13,7 +13,7 @@
 
 namespace PingCastle.Data
 {
- [DebuggerDisplay("{DomainName} {DomainSID}")]
+ [DebuggerDisplay("FQDN: {DomainName} SID: {DomainSID} NetBIOS: {DomainNetBIOS}")]
  public class DomainKey : IComparable<DomainKey>, IEquatable<DomainKey>
  {
  public string DomainName { get; set; }
@@ -27,7 +27,17 @@ private DomainKey()
 
  static Regex sidRegex = new Regex(@"(^$|^S-\d-(\d+-){1,14}\d+$)");
 
- public DomainKey(string DnsName, string domainSid, string domainNetbios)
+ public static DomainKey Create(string DnsName, string domainSid, string domainNetbios)
+ {
+ var key = new DomainKey(DnsName, domainSid, domainNetbios);
+ if (key.DomainSID == null && key.DomainNetBIOS == key.DomainSID && key.DomainName == key.DomainNetBIOS)
+ {
+ return null;
+ }
+ return key;
+ }
+
+ protected DomainKey(string DnsName, string domainSid, string domainNetbios)
  {
 
  if (!string.IsNullOrEmpty(DnsName))