diff --git a/src/Lithnet.ActiveDirectory.PasswordProtection.sln b/src/Lithnet.ActiveDirectory.PasswordProtection.sln index bb22d70..f0308e1 100644 --- a/src/Lithnet.ActiveDirectory.PasswordProtection.sln +++ b/src/Lithnet.ActiveDirectory.PasswordProtection.sln @@ -46,7 +46,6 @@ Global {F42EF09F-7AB1-484B-BF80-72D455E9E9E4}.Release|x86.Build.0 = Release|x86 {4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|Any CPU.ActiveCfg = Debug|Win32 {4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|x64.ActiveCfg = Debug|x64 - {4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|x64.Build.0 = Debug|x64 {4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|x86.ActiveCfg = Debug|Win32 {4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Debug|x86.Build.0 = Debug|Win32 {4A2761CD-3D07-42C7-8BB9-5CBF3E725D32}.Release|Any CPU.ActiveCfg = Release|Win32 @@ -56,7 +55,6 @@ Global {B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|Any CPU.Build.0 = Debug|Any CPU {B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|x64.ActiveCfg = Debug|x64 - {B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|x64.Build.0 = Debug|x64 {B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|x86.ActiveCfg = Debug|Any CPU {B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Debug|x86.Build.0 = Debug|Any CPU {B94AE2C5-72F3-40FC-BB70-C18B33D19A2B}.Release|Any CPU.ActiveCfg = Release|Any CPU diff --git a/src/ManagedUnitTests/Properties/AssemblyInfo.cs b/src/ManagedUnitTests/Properties/AssemblyInfo.cs index c809094..6545329 100644 --- a/src/ManagedUnitTests/Properties/AssemblyInfo.cs +++ b/src/ManagedUnitTests/Properties/AssemblyInfo.cs @@ -16,5 +16,5 @@ [assembly: Guid("b94ae2c5-72f3-40fc-bb70-c18b33d19a2b")] // [assembly: AssemblyVersion("1.0.*")] -[assembly: AssemblyVersion("1.0.7005.4842")] -[assembly: AssemblyFileVersion("1.0.7005.4842")] +[assembly: AssemblyVersion("1.0.7107.3289")] +[assembly: AssemblyFileVersion("1.0.7107.3289")] diff --git a/src/PasswordFilter/PasswordFilter.rc b/src/PasswordFilter/PasswordFilter.rc index 91e5507..1eb2462 100644 Binary files a/src/PasswordFilter/PasswordFilter.rc and b/src/PasswordFilter/PasswordFilter.rc differ diff --git a/src/PasswordProtection/BinaryStoreInstance.cs b/src/PasswordProtection/BinaryStoreInstance.cs index ef983fc..183ac19 100644 --- a/src/PasswordProtection/BinaryStoreInstance.cs +++ b/src/PasswordProtection/BinaryStoreInstance.cs @@ -51,6 +51,11 @@ public void ClearStore() public HashSet GetHashes(string range) { + if (range == null) + { + throw new ArgumentNullException(nameof(range)); + } + HashSet items = new HashSet(ByteArrayComparer.Comparer); string file = Path.Combine(this.StorePath, $"{range}.db"); @@ -61,12 +66,27 @@ public HashSet GetHashes(string range) public bool IsHashInStore(byte[] hash) { + if (hash == null) + { + throw new ArgumentNullException(nameof(hash)); + } + string file = Path.Combine(this.StorePath, $"{this.GetRangeFromHash(hash)}.db"); return this.IsHashInStoreFile(file, hash); } public void AddHashRangeToStore(HashSet incomingHashes, string range, OperationProgress progress) { + if (incomingHashes == null) + { + throw new ArgumentNullException(nameof(incomingHashes)); + } + + if (range == null) + { + throw new ArgumentNullException(nameof(range)); + } + if (this.IsInBatch) { this.AddHashRangeToTempStore(incomingHashes, range); @@ -100,11 +120,21 @@ public void AddHashRangeToStore(HashSet incomingHashes, string range, Op public string GetRangeFromHash(string hash) { + if (hash == null) + { + throw new ArgumentNullException(nameof(hash)); + } + return hash.Substring(0, this.HashOffset * 2); } public string GetRangeFromHash(byte[] hash) { + if (hash == null) + { + throw new ArgumentNullException(nameof(hash)); + } + return hash.ToHexString(0, this.HashOffset); } diff --git a/src/PasswordProtection/Extensions.cs b/src/PasswordProtection/Extensions.cs index 9896561..0ccf153 100644 --- a/src/PasswordProtection/Extensions.cs +++ b/src/PasswordProtection/Extensions.cs @@ -11,11 +11,31 @@ public static class Extensions { public static string ToHexString(this byte[] hash) { + if (hash == null) + { + throw new ArgumentNullException(nameof(hash), "The binary has provided was null"); + } + return hash.ToHexString(0, hash.Length); } public static string ToHexString(this byte[] hash, int offset, int count) { + if (hash == null) + { + throw new ArgumentNullException(nameof(hash), "The binary has provided was null"); + } + + if (offset >= hash.Length) + { + throw new ArgumentException("The value for offset cannot exceed the length of the hash", nameof(offset)); + } + + if (count + offset > hash.Length) + { + throw new ArgumentException("The combined values of offset and count cannot exceed the length of the hash", nameof(offset)); + } + StringBuilder sb = new StringBuilder(hash.Length * 2); for (int i = offset; i < count; i++) @@ -28,6 +48,11 @@ public static string ToHexString(this byte[] hash, int offset, int count) public static byte[] HexStringToBytes(this string hexHash) { + if (hexHash == null) + { + throw new ArgumentNullException(nameof(hexHash)); + } + if (hexHash.Length % 2 != 0) { throw new ArgumentException($"The value supplied must be a hexadecimal representation of the hash"); diff --git a/src/PasswordProtection/Properties/AssemblyInfo.cs b/src/PasswordProtection/Properties/AssemblyInfo.cs index d0bf9ac..039ae60 100644 --- a/src/PasswordProtection/Properties/AssemblyInfo.cs +++ b/src/PasswordProtection/Properties/AssemblyInfo.cs @@ -31,6 +31,6 @@ // // You can specify all the values or you can default the Build and Revision Numbers // by using the '*' as shown below: -// [assembly: AssemblyVersion("1.0.7005.4842")] -[assembly: AssemblyVersion("1.0.7005.4842")] -[assembly: AssemblyFileVersion("1.0.7005.4842")] +// [assembly: AssemblyVersion("1.0.7107.3289")] +[assembly: AssemblyVersion("1.0.7107.3289")] +[assembly: AssemblyFileVersion("1.0.7107.3289")] diff --git a/src/PasswordProtectionPS/Lithnet.ActiveDirectory.PasswordProtection.PowerShell.csproj b/src/PasswordProtectionPS/Lithnet.ActiveDirectory.PasswordProtection.PowerShell.csproj index b314f2d..a906730 100644 --- a/src/PasswordProtectionPS/Lithnet.ActiveDirectory.PasswordProtection.PowerShell.csproj +++ b/src/PasswordProtectionPS/Lithnet.ActiveDirectory.PasswordProtection.PowerShell.csproj @@ -89,6 +89,7 @@ + False ..\packages\System.Management.Automation.6.0.4\ref\netstandard2.0\System.Management.Automation.dll diff --git a/src/PasswordProtectionPS/Properties/AssemblyInfo.cs b/src/PasswordProtectionPS/Properties/AssemblyInfo.cs index d8383c6..085b625 100644 --- a/src/PasswordProtectionPS/Properties/AssemblyInfo.cs +++ b/src/PasswordProtectionPS/Properties/AssemblyInfo.cs @@ -31,6 +31,6 @@ // // You can specify all the values or you can default the Build and Revision Numbers // by using the '*' as shown below: -// [assembly: AssemblyVersion("1.0.7005.4842")] -[assembly: AssemblyVersion("1.0.7005.4842")] -[assembly: AssemblyFileVersion("1.0.7005.4842")] +// [assembly: AssemblyVersion("1.0.7107.3289")] +[assembly: AssemblyVersion("1.0.7107.3289")] +[assembly: AssemblyFileVersion("1.0.7107.3289")] diff --git a/src/PasswordProtectionPS/TestIsADUserPasswordCompromised.cs b/src/PasswordProtectionPS/TestIsADUserPasswordCompromised.cs index e03a839..572a3ed 100644 --- a/src/PasswordProtectionPS/TestIsADUserPasswordCompromised.cs +++ b/src/PasswordProtectionPS/TestIsADUserPasswordCompromised.cs @@ -13,7 +13,7 @@ public class TestIsADUserPasswordCompromised : PSCmdlet [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = false, ParameterSetName = "AccountName"), ValidateNotNullOrEmpty] public string AccountName { get; set; } - [Parameter(Mandatory = true, Position = 2, ValueFromPipeline = false, ParameterSetName = "AccountName"), ValidateNotNullOrEmpty] + [Parameter(Mandatory = false, Position = 2, ValueFromPipeline = false, ParameterSetName = "AccountName"), ValidateNotNullOrEmpty] public string DomainName { get; set; } [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = false, ParameterSetName = "Upn"), ValidateNotNullOrEmpty] @@ -47,6 +47,11 @@ protected override void ProcessRecord() switch (this.ParameterSetName) { case "AccountName": + if (this.DomainName == null) + { + this.DomainName = Environment.GetEnvironmentVariable("UserDomain"); + } + account = this.client.GetAccount(new NTAccount(this.DomainName, this.AccountName)); break; @@ -64,6 +69,16 @@ protected override void ProcessRecord() throw new InvalidOperationException("The account could not be found"); } + if (account.NTHash == null) + { + if (!this.OutputCompromisedHashOnMatch.IsPresent) + { + this.WriteObject(false); + } + + return; + } + bool result = Global.Store.IsInStore(account.NTHash, StoreType.Password); if (this.OutputCompromisedHashOnMatch.IsPresent) {