Create unit tests for TestConnection

src/CommonLib/DomainControllerCacheKey.cs

@@ -0,0 +1,33 @@
+namespace SharpHoundCommonLib
+{
+    public class DomainControllerCacheKey
+    {
+        public string DomainName;
+        public int Port;
+        public bool GlobalCatalog;
+
+        protected bool Equals(DomainControllerCacheKey other)
+        {
+            return DomainName == other.DomainName && Port == other.Port && GlobalCatalog == other.GlobalCatalog;
+        }
+
+        public override bool Equals(object obj)
+        {
+            if (ReferenceEquals(null, obj)) return false;
+            if (ReferenceEquals(this, obj)) return true;
+            if (obj.GetType() != this.GetType()) return false;
+            return Equals((DomainControllerCacheKey)obj);
+        }
+
+        public override int GetHashCode()
+        {
+            unchecked
+            {
+                var hashCode = (DomainName != null ? DomainName.GetHashCode() : 0);
+                hashCode = (hashCode * 397) ^ Port;
+                hashCode = (hashCode * 397) ^ GlobalCatalog.GetHashCode();
+                return hashCode;
+            }
+        }
+    }
+}

src/CommonLib/DomainWrapper.cs

@@ -0,0 +1,15 @@
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.DirectoryServices.Protocols;
+
+namespace SharpHoundCommonLib
+{
+    public class DomainWrapper
+    {
+        public string DomainSID { get; set; }
+        public string DomainFQDN { get; set; }
+        public string DomainSearchBase { get; set; }
+        public string DomainConfigurationPath { get; set; }
+        public string DomainNetbiosName { get; set; }
+    }
+}

src/CommonLib/Enums/LdapErrorCodes.cs

@@ -5,6 +5,7 @@ public enum LdapErrorCodes : int
         Success = 0,
         Busy = 51,
         ServerDown = 81,
-        LocalError = 82
+        LocalError = 82,
+        KerberosAuthType = 83
     }
 }

src/CommonLib/Exceptions/LdapAuthenticationException.cs

@@ -0,0 +1,12 @@
+using System;
+using System.DirectoryServices.Protocols;
+
+namespace SharpHoundCommonLib.Exceptions
+{
+    public class LdapAuthenticationException : Exception
+    {
+        public LdapAuthenticationException(LdapException exception) : base("Error authenticating to LDAP", exception)
+        {
+        }
+    }
+}

src/CommonLib/Exceptions/LdapConnectionException.cs

@@ -0,0 +1,13 @@
+using System;
+using System.DirectoryServices.Protocols;
+
+namespace SharpHoundCommonLib.Exceptions
+{
+    public class LdapConnectionException : Exception
+    {
+        public LdapConnectionException(LdapException innerException) : base("Failed during ldap connection tests", innerException)
+        {
+
+        }
+    }
+}

src/CommonLib/Exceptions/NoLdapDataException.cs

@@ -0,0 +1,9 @@
+using System;
+
+namespace SharpHoundCommonLib.Exceptions
+{
+    public class NoLdapDataException : Exception
+    {
+
+    }
+}

src/CommonLib/Extensions.cs

@@ -9,6 +9,8 @@
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using SharpHoundCommonLib.Enums;
+using SharpHoundCommonLib.LDAPQueries;
+using SearchScope = System.DirectoryServices.Protocols.SearchScope;
 
 namespace SharpHoundCommonLib
 {
@@ -23,6 +25,83 @@ static Extensions()
             Log = Logging.LogProvider.CreateLogger("Extensions");
         }
 
+        public class LdapConnectionTestResult
+        {
+            public bool Success { get; set; }
+            public LdapException Exception { get; set; }
+            public DomainWrapper DomainInfo { get; set; }
+            public string ServerName { get; set; }
+
+            public LdapConnectionTestResult(bool success, LdapException e, DomainWrapper info, string server)
+            {
+                Success = success;
+                Exception = e;
+                DomainInfo = info;
+                ServerName = server;
+            }
+        }
+
+        public static LdapConnectionTestResult TestConnection(this LdapConnection connection)
+        {
+            try
+            {
+                //Attempt an initial bind. If this fails, likely auth is invalid, or its not a valid target
+                connection.Bind();
+            }
+            catch (LdapException e)
+            {
+                return new LdapConnectionTestResult(false, e, null, null);
+            }
+
+            try
+            {
+                //Do an initial search request to get the rootDSE
+                //This ldap filter is equivalent to (objectclass=*)
+                var searchRequest = new SearchRequest("", new LDAPFilter().AddAllObjects().GetFilter(),
+                    SearchScope.Base, null);
+                searchRequest.Controls.Add(new SearchOptionsControl(SearchOption.DomainScope));
+
+                var response = (SearchResponse)connection.SendRequest(searchRequest);
+                if (response == null)
+                {
+                    return new LdapConnectionTestResult(false, null, null, null);
+                }
+
+                if (response.Entries.Count == 0)
+                {
+                    connection.Dispose();
+                    return new LdapConnectionTestResult(false, new LdapException((int)LdapErrorCodes.KerberosAuthType), null, null);
+                }
+
+                var entry = response.Entries[0];
+                var baseDN = entry.GetProperty(LDAPProperties.PrimaryNamingContext).ToUpper().Trim();
+                var configurationDN = entry.GetProperty(LDAPProperties.ConfigurationNamingContext).ToUpper().Trim();
+                var domainname = Helpers.DistinguishedNameToDomain(baseDN).ToUpper().Trim();
+                var servername = entry.GetProperty(LDAPProperties.ServerName);
+                var compName = servername.Substring(0, servername.IndexOf(',')).Substring(3).Trim();
+                var fullServerName = $"{compName}.{domainname}".ToUpper().Trim();
+
+                return new LdapConnectionTestResult(true, null, new DomainWrapper
+                {
+                    DomainConfigurationPath = configurationDN,
+                    DomainSearchBase = baseDN,
+                    DomainFQDN = domainname
+                }, fullServerName);
+            }
+            catch (LdapException e)
+            {
+                try
+                {
+                    connection.Dispose();
+                }
+                catch
+                {
+                    //pass
+                }
+                return new LdapConnectionTestResult(false, e, null, null);
+            }
+        }
+
         internal static async Task<List<T>> ToListAsync<T>(this IAsyncEnumerable<T> items)
         {
             var results = new List<T>();

src/CommonLib/LDAPConfig.cs

@@ -8,14 +8,20 @@ public class LDAPConfig
         public string Password { get; set; } = null;
         public string Server { get; set; } = null;
         public int Port { get; set; } = 0;
-        public bool SSL { get; set; } = false;
+        public bool ForceSSL { get; set; } = false;
         public bool DisableSigning { get; set; } = false;
         public bool DisableCertVerification { get; set; } = false;
         public AuthType AuthType { get; set; } = AuthType.Kerberos;
 
-        public int GetPort()
+        //Returns the port for connecting to LDAP. Will always respect a user's overridden config over anything else
+        public int GetPort(bool ssl)
         {
-            return Port == 0 ? SSL ? 636 : 389 : Port;
+            if (Port != 0)
+            {
+                return Port;
+            }
+
+            return ssl ? 636 : 389;
         }
     }
 }

src/CommonLib/LDAPConnectionCacheKey.cs

@@ -0,0 +1,36 @@
+namespace SharpHoundCommonLib
+{
+    public class LDAPConnectionCacheKey
+    {
+        public bool GlobalCatalog { get; }
+        public string Domain { get; }
+        public string Server { get; set; }
+
+        public LDAPConnectionCacheKey(string domain, bool globalCatalog)
+        {
+            GlobalCatalog = globalCatalog;
+            Domain = domain;
+        }
+
+        protected bool Equals(LDAPConnectionCacheKey other)
+        {
+            return GlobalCatalog == other.GlobalCatalog && Domain == other.Domain;
+        }
+
+        public override bool Equals(object obj)
+        {
+            if (ReferenceEquals(null, obj)) return false;
+            if (ReferenceEquals(this, obj)) return true;
+            if (obj.GetType() != this.GetType()) return false;
+            return Equals((LDAPConnectionCacheKey)obj);
+        }
+
+        public override int GetHashCode()
+        {
+            unchecked
+            {
+                return (GlobalCatalog.GetHashCode() * 397) ^ (Domain != null ? Domain.GetHashCode() : 0);
+            }
+        }
+    }
+}

src/CommonLib/LDAPProperties.cs

@@ -69,5 +69,10 @@ public static class LDAPProperties
         public const string CertificateTemplates = "certificatetemplates";
         public const string CrossCertificatePair = "crosscertificatepair";
         public const string Flags = "flags";
+        public const string PrimaryNamingContext = "primarynamingcontext";
+        public const string ConfigurationNamingContext = "configurationnamingcontext";
+        public const string NetbiosName = "netbiosName";
+        public const string DnsRoot = "dnsroot";
+        public const string ServerName = "servername";
     }
 }