diff --git a/test/unit/LocalGroupProcessorTest.cs b/test/unit/LocalGroupProcessorTest.cs index d0725a05..57f5d88a 100644 --- a/test/unit/LocalGroupProcessorTest.cs +++ b/test/unit/LocalGroupProcessorTest.cs @@ -1,110 +1,114 @@ -// using System; -// using System.Linq; -// using System.Threading.Tasks; -// using CommonLibTest.Facades; -// using Moq; -// using SharpHoundCommonLib.Enums; -// using SharpHoundCommonLib.OutputTypes; -// using SharpHoundCommonLib.Processors; -// using Xunit; -// using Xunit.Abstractions; -// -// namespace CommonLibTest -// { -// public class LocalGroupProcessorTest : IDisposable -// { -// private readonly ITestOutputHelper _testOutputHelper; -// -// public LocalGroupProcessorTest(ITestOutputHelper testOutputHelper) -// { -// _testOutputHelper = testOutputHelper; -// } -// -// public void Dispose() -// { -// } -// -// [WindowsOnlyFact] -// public async Task LocalGroupProcessor_TestWorkstation() -// { -// var mockProcessor = new Mock(new MockLDAPUtils(), null); -// var mockSamServer = new MockWorkstationSAMServer(); -// mockProcessor.Setup(x => x.OpenSamServer(It.IsAny())).Returns(mockSamServer); -// var processor = mockProcessor.Object; -// var machineDomainSid = $"{Consts.MockWorkstationMachineSid}-1001"; -// var results = await processor.GetLocalGroups("win10.testlab.local", machineDomainSid, "TESTLAB.LOCAL", false) -// .ToArrayAsync(); -// -// Assert.Equal(3, results.Length); -// var adminGroup = results.First(x => x.ObjectIdentifier.EndsWith("-544")); -// Assert.Single(adminGroup.Results); -// Assert.Equal($"{machineDomainSid}-544", adminGroup.ObjectIdentifier); -// Assert.Equal("S-1-5-21-4243161961-3815211218-2888324771-512", adminGroup.Results[0].ObjectIdentifier); -// var rdpGroup = results.First(x => x.ObjectIdentifier.EndsWith("-555")); -// Assert.Equal(2, rdpGroup.Results.Length); -// Assert.Collection(rdpGroup.Results, -// principal => -// { -// Assert.Equal($"{machineDomainSid}-1003", principal.ObjectIdentifier); -// Assert.Equal(Label.LocalGroup, principal.ObjectType); -// -// }, principal => -// { -// Assert.Equal($"{machineDomainSid}-544", principal.ObjectIdentifier); -// Assert.Equal(Label.LocalGroup, principal.ObjectType); -// }); -// } -// -// [WindowsOnlyFact] -// public async Task LocalGroupProcessor_TestDomainController() -// { -// var mockProcessor = new Mock(new MockLDAPUtils(), null); -// var mockSamServer = new MockDCSAMServer(); -// mockProcessor.Setup(x => x.OpenSamServer(It.IsAny())).Returns(mockSamServer); -// var processor = mockProcessor.Object; -// var machineDomainSid = $"{Consts.MockWorkstationMachineSid}-1000"; -// var results = await processor.GetLocalGroups("primary.testlab.local", machineDomainSid, "TESTLAB.LOCAL", true) -// .ToArrayAsync(); -// -// Assert.Equal(2, results.Length); -// var adminGroup = results.First(x => x.ObjectIdentifier.EndsWith("-544")); -// Assert.Single(adminGroup.Results); -// Assert.Equal("TESTLAB.LOCAL-S-1-5-32-544", adminGroup.ObjectIdentifier); -// Assert.Equal("S-1-5-21-4243161961-3815211218-2888324771-512", adminGroup.Results[0].ObjectIdentifier); -// } -// -// [Fact] -// public async Task LocalGroupProcessor_ResolveGroupName_NonDC() -// { -// var mockUtils = new Mock(); -// var proc = new LocalGroupProcessor(mockUtils.Object); -// -// var result = TestPrivateMethod.InstanceMethod(proc, "ResolveGroupName", -// new object[] -// { -// "ADMINISTRATORS", "WIN10.TESTLAB.LOCAL", "S-1-5-32-123-123-500", "TESTLAB.LOCAL", 544, false, false -// }); -// -// Assert.Equal("ADMINISTRATORS@WIN10.TESTLAB.LOCAL", result.PrincipalName); -// ; -// Assert.Equal("S-1-5-32-123-123-500-544", result.ObjectId); -// } -// -// [Fact] -// public async Task LocalGroupProcessor_ResolveGroupName_DC() -// { -// var mockUtils = new Mock(); -// var proc = new LocalGroupProcessor(mockUtils.Object); -// -// var result = TestPrivateMethod.InstanceMethod(proc, "ResolveGroupName", -// new object[] -// { -// "ADMINISTRATORS", "PRIMARY.TESTLAB.LOCAL", "S-1-5-32-123-123-1000", "TESTLAB.LOCAL", 544, true, true -// }); -// -// Assert.Equal("IGNOREME", result.PrincipalName); -// ; -// Assert.Equal("TESTLAB.LOCAL-S-1-5-32-544", result.ObjectId); -// } -// } -// } \ No newline at end of file +using System; +using System.Linq; +using System.Threading.Tasks; +using CommonLibTest.Facades; +using Moq; +using SharpHoundCommonLib.Enums; +using SharpHoundCommonLib.OutputTypes; +using SharpHoundCommonLib.Processors; +using Xunit; +using Xunit.Abstractions; + +namespace CommonLibTest +{ + public class LocalGroupProcessorTest : IDisposable + { + private readonly ITestOutputHelper _testOutputHelper; + + public LocalGroupProcessorTest(ITestOutputHelper testOutputHelper) + { + _testOutputHelper = testOutputHelper; + } + + public void Dispose() + { + } + + [WindowsOnlyFact] + public async Task LocalGroupProcessor_TestWorkstation() + { + var mockProcessor = new Mock(new MockLDAPUtils(), null); + var mockSamServer = new MockWorkstationSAMServer(); + mockProcessor.Setup(x => x.OpenSamServer(It.IsAny())).Returns(mockSamServer); + var processor = mockProcessor.Object; + var machineDomainSid = $"{Consts.MockWorkstationMachineSid}-1001"; + var results = await processor.GetLocalGroups("win10.testlab.local", machineDomainSid, "TESTLAB.LOCAL", false) + .ToArrayAsync(); + + Assert.Equal(3, results.Length); + var adminGroup = results.First(x => x.ObjectIdentifier.EndsWith("-544")); + Assert.Single(adminGroup.Results); + Assert.Equal($"{machineDomainSid}-544", adminGroup.ObjectIdentifier); + Assert.Equal("S-1-5-21-4243161961-3815211218-2888324771-512", adminGroup.Results[0].ObjectIdentifier); + var rdpGroup = results.First(x => x.ObjectIdentifier.EndsWith("-555")); + Assert.Equal(2, rdpGroup.Results.Length); + Assert.Collection(rdpGroup.Results, + principal => + { + Assert.Equal($"{machineDomainSid}-1003", principal.ObjectIdentifier); + Assert.Equal(Label.LocalGroup, principal.ObjectType); + + }, principal => + { + Assert.Equal($"{machineDomainSid}-544", principal.ObjectIdentifier); + Assert.Equal(Label.LocalGroup, principal.ObjectType); + }); + } + + [WindowsOnlyFact] + public async Task LocalGroupProcessor_TestDomainController() + { + var mockProcessor = new Mock(new MockLDAPUtils(), null); + var mockSamServer = new MockDCSAMServer(); + mockProcessor.Setup(x => x.OpenSamServer(It.IsAny())).Returns(mockSamServer); + var processor = mockProcessor.Object; + var machineDomainSid = $"{Consts.MockWorkstationMachineSid}-1000"; + var results = await processor.GetLocalGroups("primary.testlab.local", machineDomainSid, "TESTLAB.LOCAL", true) + .ToArrayAsync(); + + Assert.Equal(2, results.Length); + var adminGroup = results.First(x => x.ObjectIdentifier.EndsWith("-544")); + Assert.Single(adminGroup.Results); + Assert.Equal("TESTLAB.LOCAL-S-1-5-32-544", adminGroup.ObjectIdentifier); + Assert.Equal("S-1-5-21-4243161961-3815211218-2888324771-512", adminGroup.Results[0].ObjectIdentifier); + } + + [Fact] + public async Task LocalGroupProcessor_ResolveGroupName_NonDC() + { + var mockUtils = new Mock(); + var proc = new LocalGroupProcessor(mockUtils.Object); + + var resultTask = TestPrivateMethod.InstanceMethod>(proc, "ResolveGroupName", + new object[] + { + "ADMINISTRATORS", "WIN10.TESTLAB.LOCAL", "S-1-5-32-123-123-500", "TESTLAB.LOCAL", 544, false, false + }); + + var result = await resultTask; + + Assert.Equal("ADMINISTRATORS@WIN10.TESTLAB.LOCAL", result.PrincipalName); + ; + Assert.Equal("S-1-5-32-123-123-500-544", result.ObjectId); + } + + [Fact] + public async Task LocalGroupProcessor_ResolveGroupName_DC() + { + var mockUtils = new Mock(); + var proc = new LocalGroupProcessor(mockUtils.Object); + + var resultTask = TestPrivateMethod.InstanceMethod>(proc, "ResolveGroupName", + new object[] + { + "ADMINISTRATORS", "PRIMARY.TESTLAB.LOCAL", "S-1-5-32-123-123-1000", "TESTLAB.LOCAL", 544, true, true + }); + + var result = await resultTask; + + Assert.Equal("IGNOREME", result.PrincipalName); + ; + Assert.Equal("TESTLAB.LOCAL-S-1-5-32-544", result.ObjectId); + } + } +} \ No newline at end of file diff --git a/test/unit/SPNProcessorsTest.cs b/test/unit/SPNProcessorsTest.cs index 03cde9bb..fa83f0e3 100644 --- a/test/unit/SPNProcessorsTest.cs +++ b/test/unit/SPNProcessorsTest.cs @@ -1,107 +1,107 @@ -// using System; -// using System.Threading.Tasks; -// using CommonLibTest.Facades; -// using SharpHoundCommonLib; -// using SharpHoundCommonLib.Enums; -// using SharpHoundCommonLib.OutputTypes; -// using SharpHoundCommonLib.Processors; -// using Xunit; -// -// namespace CommonLibTest -// { -// public class SPNProcessorsTest -// { -// [Fact] -// public async Task ReadSPNTargets_SPNLengthZero_YieldBreak() -// { -// var processor = new SPNProcessors(new MockLDAPUtils()); -// var servicePrincipalNames = Array.Empty(); -// const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local"; -// await foreach (var spn in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) -// Assert.Null(spn); -// } -// -// [Fact] -// public async Task ReadSPNTargets_NoPortSupplied_ParsedCorrectly() -// { -// var processor = new SPNProcessors(new MockLDAPUtils()); -// string[] servicePrincipalNames = {"MSSQLSvc/PRIMARY.TESTLAB.LOCAL"}; -// const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local"; -// -// var expected = new SPNPrivilege -// { -// ComputerSID = "S-1-5-21-3130019616-2776909439-2417379446-1001", Port = 1433, -// Service = EdgeNames.SQLAdmin -// }; -// -// await foreach (var actual in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) -// { -// Assert.Equal(expected.ComputerSID, actual.ComputerSID); -// Assert.Equal(expected.Port, actual.Port); -// Assert.Equal(expected.Service, actual.Service); -// } -// } -// -// [Fact] -// public async Task ReadSPNTargets_BadPortSupplied_ParsedCorrectly() -// { -// var processor = new SPNProcessors(new MockLDAPUtils()); -// string[] servicePrincipalNames = {"MSSQLSvc/PRIMARY.TESTLAB.LOCAL:abcd"}; -// const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local"; -// -// var expected = new SPNPrivilege -// { -// ComputerSID = "S-1-5-21-3130019616-2776909439-2417379446-1001", Port = 1433, -// Service = EdgeNames.SQLAdmin -// }; -// -// await foreach (var actual in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) -// { -// Assert.Equal(expected.ComputerSID, actual.ComputerSID); -// Assert.Equal(expected.Port, actual.Port); -// Assert.Equal(expected.Service, actual.Service); -// } -// } -// -// [Fact] -// public async void ReadSPNTargets_SuppliedPort_ParsedCorrectly() -// { -// var processor = new SPNProcessors(new MockLDAPUtils()); -// string[] servicePrincipalNames = {"MSSQLSvc/PRIMARY.TESTLAB.LOCAL:2345"}; -// const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local"; -// -// var expected = new SPNPrivilege -// { -// ComputerSID = "S-1-5-21-3130019616-2776909439-2417379446-1001", Port = 2345, -// Service = EdgeNames.SQLAdmin -// }; -// -// await foreach (var actual in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) -// { -// Assert.Equal(expected.ComputerSID, actual.ComputerSID); -// Assert.Equal(expected.Port, actual.Port); -// Assert.Equal(expected.Service, actual.Service); -// } -// } -// -// [Fact] -// public async void ReadSPNTargets_MissingMssqlSvc_NotRead() -// { -// var processor = new SPNProcessors(new MockLDAPUtils()); -// string[] servicePrincipalNames = {"myhost.redmond.microsoft.com:1433"}; -// const string distinguishedName = "CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM"; -// await foreach (var spn in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) -// Assert.Null(spn); -// } -// -// [Fact] -// public async void ReadSPNTargets_SPNWithAddressSign_NotRead() -// { -// var processor = new SPNProcessors(new MockLDAPUtils()); -// string[] servicePrincipalNames = {"MSSQLSvc/myhost.redmond.microsoft.com:1433 user@domain"}; -// const string distinguishedName = "CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM"; -// await foreach (var spn in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) -// Assert.Null(spn); -// } -// } -// } \ No newline at end of file +using System; +using System.Threading.Tasks; +using CommonLibTest.Facades; +using SharpHoundCommonLib; +using SharpHoundCommonLib.Enums; +using SharpHoundCommonLib.OutputTypes; +using SharpHoundCommonLib.Processors; +using Xunit; + +namespace CommonLibTest +{ + public class SPNProcessorsTest + { + [Fact] + public async Task ReadSPNTargets_SPNLengthZero_YieldBreak() + { + var processor = new SPNProcessors(new MockLDAPUtils()); + var servicePrincipalNames = Array.Empty(); + const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local"; + await foreach (var spn in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) + Assert.Null(spn); + } + + [Fact] + public async Task ReadSPNTargets_NoPortSupplied_ParsedCorrectly() + { + var processor = new SPNProcessors(new MockLDAPUtils()); + string[] servicePrincipalNames = {"MSSQLSvc/PRIMARY.TESTLAB.LOCAL"}; + const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local"; + + var expected = new SPNPrivilege + { + ComputerSID = "S-1-5-21-3130019616-2776909439-2417379446-1001", Port = 1433, + Service = EdgeNames.SQLAdmin + }; + + await foreach (var actual in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) + { + Assert.Equal(expected.ComputerSID, actual.ComputerSID); + Assert.Equal(expected.Port, actual.Port); + Assert.Equal(expected.Service, actual.Service); + } + } + + [Fact] + public async Task ReadSPNTargets_BadPortSupplied_ParsedCorrectly() + { + var processor = new SPNProcessors(new MockLDAPUtils()); + string[] servicePrincipalNames = {"MSSQLSvc/PRIMARY.TESTLAB.LOCAL:abcd"}; + const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local"; + + var expected = new SPNPrivilege + { + ComputerSID = "S-1-5-21-3130019616-2776909439-2417379446-1001", Port = 1433, + Service = EdgeNames.SQLAdmin + }; + + await foreach (var actual in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) + { + Assert.Equal(expected.ComputerSID, actual.ComputerSID); + Assert.Equal(expected.Port, actual.Port); + Assert.Equal(expected.Service, actual.Service); + } + } + + [Fact] + public async void ReadSPNTargets_SuppliedPort_ParsedCorrectly() + { + var processor = new SPNProcessors(new MockLDAPUtils()); + string[] servicePrincipalNames = {"MSSQLSvc/PRIMARY.TESTLAB.LOCAL:2345"}; + const string distinguishedName = "cn=policies,cn=system,DC=testlab,DC=local"; + + var expected = new SPNPrivilege + { + ComputerSID = "S-1-5-21-3130019616-2776909439-2417379446-1001", Port = 2345, + Service = EdgeNames.SQLAdmin + }; + + await foreach (var actual in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) + { + Assert.Equal(expected.ComputerSID, actual.ComputerSID); + Assert.Equal(expected.Port, actual.Port); + Assert.Equal(expected.Service, actual.Service); + } + } + + [Fact] + public async void ReadSPNTargets_MissingMssqlSvc_NotRead() + { + var processor = new SPNProcessors(new MockLDAPUtils()); + string[] servicePrincipalNames = {"myhost.redmond.microsoft.com:1433"}; + const string distinguishedName = "CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM"; + await foreach (var spn in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) + Assert.Null(spn); + } + + [Fact] + public async void ReadSPNTargets_SPNWithAddressSign_NotRead() + { + var processor = new SPNProcessors(new MockLDAPUtils()); + string[] servicePrincipalNames = {"MSSQLSvc/myhost.redmond.microsoft.com:1433 user@domain"}; + const string distinguishedName = "CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM"; + await foreach (var spn in processor.ReadSPNTargets(servicePrincipalNames, distinguishedName)) + Assert.Null(spn); + } + } +} \ No newline at end of file diff --git a/test/unit/SearchResultEntryTests.cs b/test/unit/SearchResultEntryTests.cs index 2fcaa68a..d49109eb 100644 --- a/test/unit/SearchResultEntryTests.cs +++ b/test/unit/SearchResultEntryTests.cs @@ -1,36 +1,36 @@ -// using System.Collections.Generic; -// using System.Security.Principal; -// using CommonLibTest.Facades; -// using SharpHoundCommonLib; -// using SharpHoundCommonLib.Enums; -// using Xunit; -// -// namespace CommonLibTest -// { -// public class SearchResultEntryTests -// { -// [WindowsOnlyFact] -// public void Test_GetLabelIssuanceOIDObjects() -// { -// var sid = new SecurityIdentifier("S-1-5-21-3130019616-2776909439-2417379446-500"); -// var bsid = new byte[sid.BinaryLength]; -// sid.GetBinaryForm(bsid, 0); -// var attribs = new Dictionary -// { -// { "objectsid", bsid}, -// { "objectclass", "msPKI-Enterprise-Oid" }, -// { "flags", "2" } -// }; -// -// var sre = MockableSearchResultEntry.Construct(attribs, "CN=Test,CN=OID,CN=Public Key Services,CN=Services,CN=Configuration"); -// var success = sre.GetLabel(out var label); -// Assert.True(success); -// Assert.Equal(Label.IssuancePolicy, label); -// -// sre = MockableSearchResultEntry.Construct(attribs, "CN=OID,CN=Public Key Services,CN=Services,CN=Configuration"); -// success = sre.GetLabel(out label); -// Assert.True(success); -// Assert.Equal(Label.Container, label); -// } -// } -// } \ No newline at end of file +using System.Collections.Generic; +using System.Security.Principal; +using CommonLibTest.Facades; +using SharpHoundCommonLib; +using SharpHoundCommonLib.Enums; +using Xunit; + +namespace CommonLibTest +{ + public class SearchResultEntryTests + { + [WindowsOnlyFact] + public void Test_GetLabelIssuanceOIDObjects() + { + var sid = new SecurityIdentifier("S-1-5-21-3130019616-2776909439-2417379446-500"); + var bsid = new byte[sid.BinaryLength]; + sid.GetBinaryForm(bsid, 0); + var attribs = new Dictionary + { + { "objectsid", bsid}, + { "objectclass", "msPKI-Enterprise-Oid" }, + { "flags", "2" } + }; + + var sre = MockableSearchResultEntry.Construct(attribs, "CN=Test,CN=OID,CN=Public Key Services,CN=Services,CN=Configuration"); + var success = sre.GetLabel(out var label); + Assert.True(success); + Assert.Equal(Label.IssuancePolicy, label); + + sre = MockableSearchResultEntry.Construct(attribs, "CN=OID,CN=Public Key Services,CN=Services,CN=Configuration"); + success = sre.GetLabel(out label); + Assert.True(success); + Assert.Equal(Label.Container, label); + } + } +} \ No newline at end of file diff --git a/test/unit/UserRightsAssignmentProcessorTest.cs b/test/unit/UserRightsAssignmentProcessorTest.cs index b0bc9562..3bfca790 100644 --- a/test/unit/UserRightsAssignmentProcessorTest.cs +++ b/test/unit/UserRightsAssignmentProcessorTest.cs @@ -1,66 +1,66 @@ -// using System.Linq; -// using System.Threading.Tasks; -// using CommonLibTest.Facades; -// using CommonLibTest.Facades.LSAMocks.DCMocks; -// using CommonLibTest.Facades.LSAMocks.WorkstationMocks; -// using Moq; -// using Newtonsoft.Json; -// using SharpHoundCommonLib.Enums; -// using SharpHoundCommonLib.Processors; -// using Xunit; -// using Xunit.Abstractions; -// -// namespace CommonLibTest -// { -// public class UserRightsAssignmentProcessorTest -// { -// private readonly ITestOutputHelper _testOutputHelper; -// -// public UserRightsAssignmentProcessorTest(ITestOutputHelper testOutputHelper) -// { -// _testOutputHelper = testOutputHelper; -// } -// -// [WindowsOnlyFact] -// public async Task UserRightsAssignmentProcessor_TestWorkstation() -// { -// var mockProcessor = new Mock(new MockLDAPUtils(), null); -// var mockLSAPolicy = new MockWorkstationLSAPolicy(); -// mockProcessor.Setup(x => x.OpenLSAPolicy(It.IsAny())).Returns(mockLSAPolicy); -// var processor = mockProcessor.Object; -// var machineDomainSid = $"{Consts.MockDomainSid}-1001"; -// var results = await processor.GetUserRightsAssignments("win10.testlab.local", machineDomainSid, "testlab.local", false) -// .ToArrayAsync(); -// -// var privilege = results[0]; -// Assert.Equal(LSAPrivileges.RemoteInteractiveLogon, privilege.Privilege); -// Assert.Equal(3, results[0].Results.Length); -// var adminResult = privilege.Results.First(x => x.ObjectIdentifier.EndsWith("-544")); -// Assert.Equal($"{machineDomainSid}-544", adminResult.ObjectIdentifier); -// Assert.Equal(Label.LocalGroup, adminResult.ObjectType); -// var rdpResult = privilege.Results.First(x => x.ObjectIdentifier.EndsWith("-555")); -// Assert.Equal($"{machineDomainSid}-555", rdpResult.ObjectIdentifier); -// Assert.Equal(Label.LocalGroup, rdpResult.ObjectType); -// } -// -// [WindowsOnlyFact] -// public async Task UserRightsAssignmentProcessor_TestDC() -// { -// var mockProcessor = new Mock(new MockLDAPUtils(), null); -// var mockLSAPolicy = new MockDCLSAPolicy(); -// mockProcessor.Setup(x => x.OpenLSAPolicy(It.IsAny())).Returns(mockLSAPolicy); -// var processor = mockProcessor.Object; -// var machineDomainSid = $"{Consts.MockDomainSid}-1000"; -// var results = await processor.GetUserRightsAssignments("primary.testlab.local", machineDomainSid, "testlab.local", true) -// .ToArrayAsync(); -// -// var privilege = results[0]; -// _testOutputHelper.WriteLine(JsonConvert.SerializeObject(privilege)); -// Assert.Equal(LSAPrivileges.RemoteInteractiveLogon, privilege.Privilege); -// Assert.Single(results[0].Results); -// var adminResult = privilege.Results.First(x => x.ObjectIdentifier.EndsWith("-544")); -// Assert.Equal("TESTLAB.LOCAL-S-1-5-32-544", adminResult.ObjectIdentifier); -// Assert.Equal(Label.Group, adminResult.ObjectType); -// } -// } -// } \ No newline at end of file +using System.Linq; +using System.Threading.Tasks; +using CommonLibTest.Facades; +using CommonLibTest.Facades.LSAMocks.DCMocks; +using CommonLibTest.Facades.LSAMocks.WorkstationMocks; +using Moq; +using Newtonsoft.Json; +using SharpHoundCommonLib.Enums; +using SharpHoundCommonLib.Processors; +using Xunit; +using Xunit.Abstractions; + +namespace CommonLibTest +{ + public class UserRightsAssignmentProcessorTest + { + private readonly ITestOutputHelper _testOutputHelper; + + public UserRightsAssignmentProcessorTest(ITestOutputHelper testOutputHelper) + { + _testOutputHelper = testOutputHelper; + } + + [WindowsOnlyFact] + public async Task UserRightsAssignmentProcessor_TestWorkstation() + { + var mockProcessor = new Mock(new MockLDAPUtils(), null); + var mockLSAPolicy = new MockWorkstationLSAPolicy(); + mockProcessor.Setup(x => x.OpenLSAPolicy(It.IsAny())).Returns(mockLSAPolicy); + var processor = mockProcessor.Object; + var machineDomainSid = $"{Consts.MockDomainSid}-1001"; + var results = await processor.GetUserRightsAssignments("win10.testlab.local", machineDomainSid, "testlab.local", false) + .ToArrayAsync(); + + var privilege = results[0]; + Assert.Equal(LSAPrivileges.RemoteInteractiveLogon, privilege.Privilege); + Assert.Equal(3, results[0].Results.Length); + var adminResult = privilege.Results.First(x => x.ObjectIdentifier.EndsWith("-544")); + Assert.Equal($"{machineDomainSid}-544", adminResult.ObjectIdentifier); + Assert.Equal(Label.LocalGroup, adminResult.ObjectType); + var rdpResult = privilege.Results.First(x => x.ObjectIdentifier.EndsWith("-555")); + Assert.Equal($"{machineDomainSid}-555", rdpResult.ObjectIdentifier); + Assert.Equal(Label.LocalGroup, rdpResult.ObjectType); + } + + [WindowsOnlyFact] + public async Task UserRightsAssignmentProcessor_TestDC() + { + var mockProcessor = new Mock(new MockLDAPUtils(), null); + var mockLSAPolicy = new MockDCLSAPolicy(); + mockProcessor.Setup(x => x.OpenLSAPolicy(It.IsAny())).Returns(mockLSAPolicy); + var processor = mockProcessor.Object; + var machineDomainSid = $"{Consts.MockDomainSid}-1000"; + var results = await processor.GetUserRightsAssignments("primary.testlab.local", machineDomainSid, "testlab.local", true) + .ToArrayAsync(); + + var privilege = results[0]; + _testOutputHelper.WriteLine(JsonConvert.SerializeObject(privilege)); + Assert.Equal(LSAPrivileges.RemoteInteractiveLogon, privilege.Privilege); + Assert.Single(results[0].Results); + var adminResult = privilege.Results.First(x => x.ObjectIdentifier.EndsWith("-544")); + Assert.Equal("TESTLAB.LOCAL-S-1-5-32-544", adminResult.ObjectIdentifier); + Assert.Equal(Label.Group, adminResult.ObjectType); + } + } +} \ No newline at end of file