Skip to content

Commit 7c45bd1

Browse files
santisqsantisq
committed
more progress
1 parent 330be7a commit 7c45bd1

File tree

3 files changed

+57
-41
lines changed

3 files changed

+57
-41
lines changed

src/ADEffectiveAccess/DirectoryEntryBuilder.cs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@ internal sealed class DirectoryEntryBuilder : IDisposable
1212

1313
private readonly AuthenticationTypes _authenticationTypes;
1414

15-
internal DirectoryEntry RootEntry { get => field ??= Create(); }
15+
internal DirectoryEntry RootEntry { get; }
1616

17-
internal string? Root { get => field ??= RootEntry.Properties["distinguishedName"][0]?.ToString(); }
17+
internal string? Root { get; }
1818

1919
internal DirectoryEntryBuilder(
2020
PSCredential? credential,
@@ -23,6 +23,8 @@ internal DirectoryEntryBuilder(
2323
_username = credential?.UserName;
2424
_password = credential?.GetNetworkCredential().Password;
2525
_authenticationTypes = authenticationTypes;
26+
RootEntry = Create();
27+
Root = RootEntry.Properties["distinguishedName"][0]?.ToString();
2628
}
2729

2830
internal DirectoryEntry Create(string? path = null) =>

src/ADEffectiveAccess/Extensions.cs

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,14 +30,14 @@ internal static void WriteInvalidSecurityDescriptorError(this SearchResult obj,
3030
new InvalidOperationException($"No Security Descriptor found for '{obj.Path}'."),
3131
"InvalidSecurityDescriptorType", ErrorCategory.InvalidResult, obj));
3232

33-
// internal static void WriteIdentityNotFoundError(this DirectoryEntry root, string identity, PSCmdlet cmdlet)
34-
// => cmdlet.WriteError(
35-
// new ErrorRecord(
36-
// new IdentityNotMappedException(
37-
// $"Cannot find an object with identity: '{identity}' under: '{root.Properties["distinguishedName"][0]}'."),
38-
// "IvalidIdentity", ErrorCategory.InvalidResult, identity));
33+
internal static void WriteIdentityNotFoundError(this IdentityNotMappedException exception, PSCmdlet cmdlet)
34+
=> cmdlet.WriteError(
35+
new ErrorRecord(exception, "IvalidIdentity", ErrorCategory.InvalidResult, null));
36+
37+
internal static void WriteUnderterminedError(this Exception exception, PSCmdlet cmdlet)
38+
=> cmdlet.WriteError(
39+
new ErrorRecord(exception, "UnderterminedError", ErrorCategory.NotSpecified, null));
3940

4041
internal static IdentityNotMappedException ToIdentityNotFoundException(this string identity, string? rootDn)
41-
=> new IdentityNotMappedException(
42-
$"Cannot find an object with identity: '{identity}' under: '{rootDn}'.");
42+
=> new($"Cannot find an object with identity: '{identity}' under: '{rootDn}'.");
4343
}

src/ADEffectiveAccess/GetADEffectiveAccessComand.cs

Lines changed: 45 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -18,16 +18,15 @@ public sealed class GetADEffectiveAccessComand : PSCmdlet, IDisposable
1818

1919
private DirectoryEntryBuilder? _entryBuilder;
2020

21-
// [ThreadStatic]
22-
// private static GuidResolver? _map;
23-
2421
private GuidResolver? _map;
2522

2623
[Parameter(
2724
Position = 0,
2825
Mandatory = true,
26+
ValueFromPipeline = true,
2927
ValueFromPipelineByPropertyName = true,
3028
ParameterSetName = IdentitySet)]
29+
[Alias("DistinguishedName", "ObjectGuid", "ObjectSid", "SamAccountName")]
3130
public string Identity { get; set; } = null!;
3231

3332
[Parameter(Position = 0, ParameterSetName = FilterSet)]
@@ -82,45 +81,60 @@ protected override void BeginProcessing()
8281
protected override void ProcessRecord()
8382
{
8483
if (_entryBuilder is null) return;
85-
if (_map is null) return;
8684

87-
using DirectoryEntry root = GetRootEntry(_entryBuilder);
88-
using DirectorySearcher searcher = new(root, LdapFilter, [SecurityDescriptor])
89-
{
90-
SizeLimit = Top,
91-
Tombstone = IncludeDeletedObjects,
92-
SearchScope = SearchScope,
93-
PageSize = PageSize,
94-
SecurityMasks = SecurityMasks.Group |
95-
SecurityMasks.Dacl |
96-
SecurityMasks.Owner
97-
};
98-
99-
if (Audit)
85+
try
10086
{
101-
searcher.SecurityMasks |= SecurityMasks.Sacl;
102-
}
87+
using DirectoryEntry root = GetRootEntry(_entryBuilder);
88+
using DirectorySearcher searcher = new(root, LdapFilter, [SecurityDescriptor])
89+
{
90+
SizeLimit = Top,
91+
Tombstone = IncludeDeletedObjects,
92+
SearchScope = SearchScope,
93+
PageSize = PageSize,
94+
SecurityMasks = SecurityMasks.Group |
95+
SecurityMasks.Dacl |
96+
SecurityMasks.Owner
97+
};
10398

104-
foreach (SearchResult obj in searcher.FindAll())
105-
{
106-
if (obj.Properties[SecurityDescriptor][0] is not byte[] descriptor)
99+
if (Audit)
107100
{
108-
obj.WriteInvalidSecurityDescriptorError(this);
109-
continue;
101+
searcher.SecurityMasks |= SecurityMasks.Sacl;
110102
}
111103

112-
AclBuilder builder = new(obj.Path, descriptor);
113-
WriteObject(
114-
builder.EnumerateAccessRules(_map),
115-
enumerateCollection: true);
116-
117-
if (Audit)
104+
foreach (SearchResult obj in searcher.FindAll())
118105
{
106+
if (!obj.Properties.Contains(SecurityDescriptor) ||
107+
obj.Properties[SecurityDescriptor][0] is not byte[] descriptor)
108+
{
109+
obj.WriteInvalidSecurityDescriptorError(this);
110+
continue;
111+
}
112+
113+
AclBuilder builder = new(obj.Path, descriptor);
119114
WriteObject(
120-
builder.EnumerateAuditRules(_map),
115+
builder.EnumerateAccessRules(_map!),
121116
enumerateCollection: true);
117+
118+
if (Audit)
119+
{
120+
WriteObject(
121+
builder.EnumerateAuditRules(_map!),
122+
enumerateCollection: true);
123+
}
122124
}
123125
}
126+
catch (Exception _) when (_ is PipelineStoppedException or FlowControlException)
127+
{
128+
throw;
129+
}
130+
catch (IdentityNotMappedException exception)
131+
{
132+
exception.WriteIdentityNotFoundError(this);
133+
}
134+
catch (Exception exception)
135+
{
136+
exception.WriteUnderterminedError(this);
137+
}
124138
}
125139

126140
private string? TryGetIdentityPath(string? identity) => identity switch

0 commit comments

Comments
 (0)