From 6c70fcf49b9ca6f3b712f84b33073e414cae981c Mon Sep 17 00:00:00 2001 From: JonasBK Date: Fri, 26 Apr 2024 02:11:04 -0700 Subject: [PATCH] feat: collect ECA RoleSeparation --- src/Runtime/ObjectProcessors.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs index ae9779b..3bd7b7d 100644 --- a/src/Runtime/ObjectProcessors.cs +++ b/src/Runtime/ObjectProcessors.cs @@ -634,6 +634,7 @@ private async Task ProcessEnterpriseCA(ISearchResultEntry entry, R var cASecurityCollected = false; var enrollmentAgentRestrictionsCollected = false; var isUserSpecifiesSanEnabledCollected = false; + var roleSeparationEnabledCollected = false; var caName = entry.GetProperty(LDAPProperties.Name); var dnsHostName = entry.GetProperty(LDAPProperties.DNSHostName); if ((_methods & ResolvedCollectionMethod.CARegistry) != 0 && caName != null && dnsHostName != null) @@ -650,6 +651,7 @@ private async Task ProcessEnterpriseCA(ISearchResultEntry entry, R CARegistryData cARegistryData = new() { IsUserSpecifiesSanEnabled = _certAbuseProcessor.IsUserSpecifiesSanEnabled(dnsHostName, caName), + RoleSeparationEnabled = _certAbuseProcessor.RoleSeparationEnabled(dnsHostName, caName), EnrollmentAgentRestrictions = await _certAbuseProcessor.ProcessEAPermissions(caName, resolvedSearchResult.Domain, dnsHostName, ret.HostingComputer), // The CASecurity exist in the AD object DACL and in registry of the CA server. We prefer to use the values from registry as they are the ground truth. @@ -660,12 +662,14 @@ private async Task ProcessEnterpriseCA(ISearchResultEntry entry, R cASecurityCollected = cARegistryData.CASecurity.Collected; enrollmentAgentRestrictionsCollected = cARegistryData.EnrollmentAgentRestrictions.Collected; isUserSpecifiesSanEnabledCollected = cARegistryData.IsUserSpecifiesSanEnabled.Collected; + roleSeparationEnabledCollected = cARegistryData.RoleSeparationEnabled.Collected; ret.CARegistryData = cARegistryData; } ret.Properties.Add("casecuritycollected", cASecurityCollected); ret.Properties.Add("enrollmentagentrestrictionscollected", enrollmentAgentRestrictionsCollected); ret.Properties.Add("isuserspecifiessanenabledcollected", isUserSpecifiesSanEnabledCollected); + ret.Properties.Add("roleseparationenabledcollected", roleSeparationEnabledCollected); } return ret;