|
15 | 15 | using System.Security.Cryptography.X509Certificates; |
16 | 16 | using System.Security.Cryptography; |
17 | 17 | using System.Linq; |
| 18 | +using System.ComponentModel; |
| 19 | +using System.Runtime.Remoting.Messaging; |
| 20 | +using System.Security.Principal; |
| 21 | +using System.Runtime.ConstrainedExecution; |
18 | 22 |
|
19 | 23 | namespace SQLCheck |
20 | 24 | { |
@@ -47,10 +51,12 @@ public static void Collect(DataSet ds) |
47 | 51 | CollectSQLAlias(ds); |
48 | 52 | CollectClientSNI(ds); |
49 | 53 | CollectCertificate(ds); |
| 54 | + CollectCertificatePerm(ds); |
50 | 55 | CollectService(ds); |
51 | 56 | CollectSPNAccount(ds); |
52 | 57 | CollectSQLInstance(ds); // dropped SQL 2000 and RS 2000 |
53 | 58 | CollectSQLServer(ds); |
| 59 | + |
54 | 60 | // Collect SSRS |
55 | 61 | // Collect OLAP |
56 | 62 |
|
@@ -3423,5 +3429,54 @@ public static bool CompareAccounts(string account1, string account2) |
3423 | 3429 | // no match |
3424 | 3430 | return false; |
3425 | 3431 | } |
| 3432 | + |
| 3433 | + private static void CollectCertificatePerm(DataSet ds) |
| 3434 | + { |
| 3435 | + DataTable dtCertificatePerm = ds.Tables["CertificatePermissions"]; |
| 3436 | + DataRow Certificate = null; |
| 3437 | + try |
| 3438 | + { |
| 3439 | + |
| 3440 | + X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); //set store to Local Machine/My |
| 3441 | + store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); |
| 3442 | + string keyPath = Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData) + @"/Microsoft/Crypto/RSA/MachineKeys/"; |
| 3443 | + foreach (X509Certificate2 mCert in store.Certificates) //loop through all private keys in store directory |
| 3444 | + { |
| 3445 | + if (mCert.HasPrivateKey)//check to see if the certificate has a private key |
| 3446 | + { |
| 3447 | + try |
| 3448 | + { |
| 3449 | + RSACryptoServiceProvider pkey = (RSACryptoServiceProvider)mCert.PrivateKey; //save private key to a veriable |
| 3450 | + |
| 3451 | + if (pkey != null) |
| 3452 | + { |
| 3453 | + //get private key file name |
| 3454 | + string Container = pkey.CspKeyContainerInfo.KeyContainerName.ToString(); //get private key file name |
| 3455 | + string[] pKeyName = Container.Split('}'); |
| 3456 | + string PrivateKey = pKeyName[pKeyName.Length - 1]; |
| 3457 | + //add private key file name to the folder path |
| 3458 | + if (File.Exists(keyPath + PrivateKey)) |
| 3459 | + { |
| 3460 | + FileSecurity fSecurity = File.GetAccessControl(keyPath + PrivateKey); |
| 3461 | + //loop through all ACL on the file and add it to the data collector |
| 3462 | + foreach (FileSystemAccessRule rule in fSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount))) |
| 3463 | + { |
| 3464 | + Certificate = dtCertificatePerm.NewRow(); |
| 3465 | + Certificate["FriendlyName"] = mCert.FriendlyName; |
| 3466 | + Certificate["Thumbprint"] = mCert.Thumbprint; |
| 3467 | + Certificate["UserID"] = $"{rule.IdentityReference.Value}"; |
| 3468 | + Certificate["Permissions"] = $"{rule.FileSystemRights}"; |
| 3469 | + dtCertificatePerm.Rows.Add(Certificate); |
| 3470 | + } |
| 3471 | + } |
| 3472 | + } |
| 3473 | + } |
| 3474 | + catch { }; |
| 3475 | + } |
| 3476 | + } |
| 3477 | + store.Close(); |
| 3478 | + } |
| 3479 | + catch (Exception ex) { Console.WriteLine(ex); }; |
| 3480 | + } |
3426 | 3481 | } |
3427 | 3482 | } |
0 commit comments