Fixes issue #10 - Test-IsAdUserPasswordCompromised fails on an accoun…

…t with no password
lithnet · Jun 17, 2019 · 8604e38 · 8604e38
1 parent 2138d5d
commit 8604e38
Show file tree

Hide file tree

Showing 9 changed files with 80 additions and 11 deletions.
diff --git a/src/Lithnet.ActiveDirectory.PasswordProtection.sln b/src/Lithnet.ActiveDirectory.PasswordProtection.sln
@@ -46,7 +46,6 @@ Global
 		{F42EF09F-7AB1-484B-BF80-72D455E9E9E4}.Release|x86.Build.0 = Release|x86
 		{4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|Any CPU.ActiveCfg = Debug|Win32
 		{4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|x64.ActiveCfg = Debug|x64
-		{4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|x64.Build.0 = Debug|x64
 		{4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|x86.ActiveCfg = Debug|Win32
 		{4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|x86.Build.0 = Debug|Win32
 		{4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Release|Any CPU.ActiveCfg = Release|Win32
@@ -56,7 +55,6 @@ Global
 		{B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|x64.ActiveCfg = Debug|x64
-		{B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|x64.Build.0 = Debug|x64
 		{B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|x86.Build.0 = Debug|Any CPU
 		{B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Release|Any CPU.ActiveCfg = Release|Any CPU

diff --git a/src/ManagedUnitTests/Properties/AssemblyInfo.cs b/src/ManagedUnitTests/Properties/AssemblyInfo.cs
@@ -16,5 +16,5 @@
 [assembly: Guid("b94ae2c5-72f3-40fc-bb70-c18b33d19a2b")]
 
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.7005.4842")]
-[assembly: AssemblyFileVersion("1.0.7005.4842")]
+[assembly: AssemblyVersion("1.0.7107.3289")]
+[assembly: AssemblyFileVersion("1.0.7107.3289")]
diff --git a/src/PasswordFilter/PasswordFilter.rc b/src/PasswordFilter/PasswordFilter.rc
diff --git a/src/PasswordProtection/BinaryStoreInstance.cs b/src/PasswordProtection/BinaryStoreInstance.cs
@@ -51,6 +51,11 @@ public void ClearStore()
 
         public HashSet<byte[]> GetHashes(string range)
         {
+            if (range == null)
+            {
+                throw new ArgumentNullException(nameof(range));
+            }
+
             HashSet<byte[]> items = new HashSet<byte[]>(ByteArrayComparer.Comparer);
             string file = Path.Combine(this.StorePath, $"{range}.db");
 
@@ -61,12 +66,27 @@ public HashSet<byte[]> GetHashes(string range)
 
         public bool IsHashInStore(byte[] hash)
         {
+            if (hash == null)
+            {
+                throw new ArgumentNullException(nameof(hash));
+            }
+
             string file = Path.Combine(this.StorePath, $"{this.GetRangeFromHash(hash)}.db");
             return this.IsHashInStoreFile(file, hash);
         }
 
         public void AddHashRangeToStore(HashSet<byte[]> incomingHashes, string range, OperationProgress progress)
         {
+            if (incomingHashes == null)
+            {
+                throw new ArgumentNullException(nameof(incomingHashes));
+            }
+
+            if (range == null)
+            {
+                throw new ArgumentNullException(nameof(range));
+            }
+
             if (this.IsInBatch)
             {
                 this.AddHashRangeToTempStore(incomingHashes, range);
@@ -100,11 +120,21 @@ public void AddHashRangeToStore(HashSet<byte[]> incomingHashes, string range, Op
 
         public string GetRangeFromHash(string hash)
         {
+            if (hash == null)
+            {
+                throw new ArgumentNullException(nameof(hash));
+            }
+
             return hash.Substring(0, this.HashOffset * 2);
         }
 
         public string GetRangeFromHash(byte[] hash)
         {
+            if (hash == null)
+            {
+                throw new ArgumentNullException(nameof(hash));
+            }
+
             return hash.ToHexString(0, this.HashOffset);
         }
 

diff --git a/src/PasswordProtection/Extensions.cs b/src/PasswordProtection/Extensions.cs
@@ -11,11 +11,31 @@ public static class Extensions
     {
        public static string ToHexString(this byte[] hash)
         {
+            if (hash == null)
+            {
+                throw new ArgumentNullException(nameof(hash), "The binary has provided was null");
+            }
+
             return hash.ToHexString(0, hash.Length);
         }
 
         public static string ToHexString(this byte[] hash, int offset, int count)
         {
+            if (hash == null)
+            {
+                throw new ArgumentNullException(nameof(hash), "The binary has provided was null");
+            }
+
+            if (offset >= hash.Length)
+            {
+                throw new ArgumentException("The value for offset cannot exceed the length of the hash", nameof(offset));
+            }
+
+            if (count + offset > hash.Length)
+            {
+                throw new ArgumentException("The combined values of offset and count cannot exceed the length of the hash", nameof(offset));
+            }
+
             StringBuilder sb = new StringBuilder(hash.Length * 2);
 
             for (int i = offset; i < count; i++)
@@ -28,6 +48,11 @@ public static string ToHexString(this byte[] hash, int offset, int count)
 
         public static byte[] HexStringToBytes(this string hexHash)
         {
+            if (hexHash == null)
+            {
+                throw new ArgumentNullException(nameof(hexHash));
+            }
+
             if (hexHash.Length % 2 != 0)
             {
                 throw new ArgumentException($"The value supplied must be a hexadecimal representation of the hash");

diff --git a/src/PasswordProtection/Properties/AssemblyInfo.cs b/src/PasswordProtection/Properties/AssemblyInfo.cs
@@ -31,6 +31,6 @@
 //
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.7005.4842")]
-[assembly: AssemblyVersion("1.0.7005.4842")]
-[assembly: AssemblyFileVersion("1.0.7005.4842")]
+// [assembly: AssemblyVersion("1.0.7107.3289")]
+[assembly: AssemblyVersion("1.0.7107.3289")]
+[assembly: AssemblyFileVersion("1.0.7107.3289")]
diff --git a/src/PasswordProtectionPS/Lithnet.ActiveDirectory.PasswordProtection.PowerShell.csproj b/src/PasswordProtectionPS/Lithnet.ActiveDirectory.PasswordProtection.PowerShell.csproj
@@ -89,6 +89,7 @@
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
     <Reference Include="System.Core" />
+    <Reference Include="System.DirectoryServices" />
     <Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\System.Management.Automation.6.0.4\ref\netstandard2.0\System.Management.Automation.dll</HintPath>

diff --git a/src/PasswordProtectionPS/Properties/AssemblyInfo.cs b/src/PasswordProtectionPS/Properties/AssemblyInfo.cs
@@ -31,6 +31,6 @@
 //
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.7005.4842")]
-[assembly: AssemblyVersion("1.0.7005.4842")]
-[assembly: AssemblyFileVersion("1.0.7005.4842")]
+// [assembly: AssemblyVersion("1.0.7107.3289")]
+[assembly: AssemblyVersion("1.0.7107.3289")]
+[assembly: AssemblyFileVersion("1.0.7107.3289")]
diff --git a/src/PasswordProtectionPS/TestIsADUserPasswordCompromised.cs b/src/PasswordProtectionPS/TestIsADUserPasswordCompromised.cs
@@ -13,7 +13,7 @@ public class TestIsADUserPasswordCompromised : PSCmdlet
         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = false, ParameterSetName = "AccountName"), ValidateNotNullOrEmpty]
         public string AccountName { get; set; }
 
-        [Parameter(Mandatory = true, Position = 2, ValueFromPipeline = false, ParameterSetName = "AccountName"), ValidateNotNullOrEmpty]
+        [Parameter(Mandatory = false, Position = 2, ValueFromPipeline = false, ParameterSetName = "AccountName"), ValidateNotNullOrEmpty]
         public string DomainName { get; set; }
 
         [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = false, ParameterSetName = "Upn"), ValidateNotNullOrEmpty]
@@ -47,6 +47,11 @@ protected override void ProcessRecord()
             switch (this.ParameterSetName)
             {
                 case "AccountName":
+                    if (this.DomainName == null)
+                    {
+                        this.DomainName = Environment.GetEnvironmentVariable("UserDomain");
+                    }
+
                     account = this.client.GetAccount(new NTAccount(this.DomainName, this.AccountName));
                     break;
 
@@ -64,6 +69,16 @@ protected override void ProcessRecord()
                 throw new InvalidOperationException("The account could not be found");
             }
 
+            if (account.NTHash == null)
+            {
+                if (!this.OutputCompromisedHashOnMatch.IsPresent)
+                {
+                    this.WriteObject(false);
+                }
+
+                return;
+            }
+
             bool result = Global.Store.IsInStore(account.NTHash, StoreType.Password);
             if (this.OutputCompromisedHashOnMatch.IsPresent)
             {