public bool InGroup(GroupInformation group) { foreach (GroupInformation exGroup in Groups) { if (exGroup.Name == group.Name) { // Copy new sid if old isn't set if (exGroup.SID == null && group.SID != null) exGroup.SID = group.SID; return true; } if (exGroup.SID != null && group.SID != null && exGroup.SID == group.SID) return true; } return false; }
// Adds a group and checks for duplicates (skips if dupl) public bool AddGroup(GroupInformation group) { if (!InGroup(group)) { // No dupl Groups.Add(group); return true; } return false; }
public void SyncToLocalUser() { m_logger.Debug("SyncToLocalUser()"); using (UserPrincipal user = CreateOrGetUserPrincipal(UserInfo)) { // Force password and fullname match (redundant if we just created, but oh well) SyncUserPrincipalInfo(user, UserInfo); try { List<SecurityIdentifier> ignoredSids = new List<SecurityIdentifier>(new SecurityIdentifier[] { new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), // "Authenticated Users" new SecurityIdentifier("S-1-1-0"), // "Everyone" }); // First remove from any local groups they aren't supposed to be in m_logger.Debug("Checking for groups to remove."); List<GroupPrincipal> localGroups = LocalAccount.GetGroups(user); foreach (GroupPrincipal group in localGroups) { m_logger.DebugFormat("Remove {0}?", group.Name); // Skip ignored sids if (!ignoredSids.Contains(group.Sid)) { GroupInformation gi = new GroupInformation() { Name = group.Name, SID = group.Sid, Description = group.Description }; if (!UserInfo.InGroup(gi)) { m_logger.DebugFormat("Removing user {0} from group {1}", user.Name, group.Name); RemoveUserFromGroup(user, group); } } group.Dispose(); } // Now add to any they aren't already in that they should be m_logger.Debug("Checking for groups to add"); foreach (GroupInformation groupInfo in UserInfo.Groups) { m_logger.DebugFormat("Add {0}?", groupInfo.Name); if (!IsUserInGroup(user, groupInfo)) { using (GroupPrincipal group = CreateOrGetGroupPrincipal(groupInfo)) { m_logger.DebugFormat("Adding user {0} to group {1}", user.Name, group.Name); AddUserToGroup(user, group); } } } } catch (Exception e) { throw new GroupSyncException(e); } } m_logger.Debug("End SyncToLocalUser()"); }
private GroupPrincipal CreateOrGetGroupPrincipal(GroupInformation groupInfo) { GroupPrincipal group = null; // If we have a SID, use that, otherwise name group = GetGroupPrincipal(groupInfo.Name); if (group == null) { // We create the GroupPrincipal, but https://connect.microsoft.com/VisualStudio/feedback/details/525688/invalidoperationexception-with-groupprincipal-and-sam-principalcontext-for-setting-any-property-always // prevents us from then setting stuff on it.. so we then have to locate its relative DE // and modify *that* instead. Oi. using (group = new GroupPrincipal(m_machinePrincipal)) { group.Name = groupInfo.Name; group.Save(); using (DirectoryEntry newGroupDe = m_sam.Children.Add(groupInfo.Name, "Group")) { if (!string.IsNullOrEmpty(groupInfo.Description)) { newGroupDe.Properties["Description"].Value = groupInfo.Description; newGroupDe.CommitChanges(); } } // We have to re-fetch to get changes made via underlying DE return GetGroupPrincipal(group.Name); } } return group; }
private bool IsUserInGroup(UserPrincipal user, GroupInformation groupInfo) { using (GroupPrincipal group = GetGroupPrincipal(groupInfo.Name)) { return IsUserInGroup(user, group); } }
public void SyncToLocalUser() { m_logger.Debug("SyncToLocalUser()"); using (UserPrincipal user = CreateOrGetUserPrincipal(UserInfo)) { // Force password and fullname match (redundant if we just created, but oh well) SyncUserPrincipalInfo(UserInfo); try { List<SecurityIdentifier> ignoredSids = new List<SecurityIdentifier>(new SecurityIdentifier[] { new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), // "Authenticated Users" new SecurityIdentifier("S-1-1-0"), // "Everyone" }); // First remove from any local groups they aren't supposed to be in m_logger.Debug("Checking for groups to remove."); List<GroupPrincipal> localGroups = LocalAccount.GetGroups(user); foreach (GroupPrincipal group in localGroups) { m_logger.DebugFormat("Remove {0}?", group.Name); // Skip ignored sids if (!ignoredSids.Contains(group.Sid)) { GroupInformation gi = new GroupInformation() { Name = group.Name, SID = group.Sid, Description = group.Description }; if (!UserInfo.InGroup(gi)) { m_logger.DebugFormat("Removing user {0} from group {1}", user.Name, group.Name); RemoveUserFromGroup(user, group); } } group.Dispose(); } // Now add to any they aren't already in that they should be m_logger.Debug("Checking for groups to add"); foreach (GroupInformation groupInfo in UserInfo.Groups) { m_logger.DebugFormat("Add {0}?", groupInfo.Name); if (!IsUserInGroup(user, groupInfo)) { using (GroupPrincipal group = CreateOrGetGroupPrincipal(groupInfo)) { m_logger.DebugFormat("Adding user {0} to group {1}", user.Name, group.Name); AddUserToGroup(user, group); } } } } catch (Exception e) { throw new GroupSyncException(e); } } //set ntuser.dat permissions if (!String.IsNullOrEmpty(UserInfo.usri4_profile) && !UserInfo.Description.Contains("pgSMB")) { Abstractions.WindowsApi.pInvokes.structenums.OSVERSIONINFOW verinfo = Abstractions.WindowsApi.pInvokes.VersionsInfo(); if (verinfo.dwMajorVersion == 0) { m_logger.WarnFormat("SyncToLocalUser: VersionsInfo() failed. I'm unable to detect OS beyond Windows 8.0"); verinfo.dwBuildNumber = Environment.OSVersion.Version.Build; verinfo.dwMajorVersion = Environment.OSVersion.Version.Major; verinfo.dwMinorVersion = Environment.OSVersion.Version.Minor; verinfo.dwPlatformId = Environment.OSVersion.Version.Build; } string ProfileExtension = (Environment.OSVersion.Version.Major == 6) ? (verinfo.dwMinorVersion > 3)/*greater than 8.1*/ ? ".V5" : ".V2" : ""; if (Connect2share(UserInfo.usri4_profile + ProfileExtension, UserInfo.Username, UserInfo.Password, 3, false)) { if (File.Exists(UserInfo.usri4_profile + ProfileExtension + "\\NTUSER.DAT")) { SetACL(UserInfo, ProfileExtension); Connect2share(UserInfo.usri4_profile + ProfileExtension, null, null, 0, true); } else { Connect2share(UserInfo.usri4_profile + ProfileExtension, null, null, 0, true); } } } m_logger.Debug("End SyncToLocalUser()"); }