/// <summary>
/// This method is to help enable the compound identity feature on the computer account in the specific domain.
/// </summary>
/// <param name="domainName">The domain name of the service principal.</param>
/// <param name="computerName">The host name of the service principal.</param>
/// <param name="adminName">Need administrator's credential to modify active directory account.</param>
/// <param name="adminPwd">Need administrator's credential to modify active directory account.</param>
public void enableCompId(string domainName, string computerName, string adminName, string adminPwd)
{
LdapConnection connection = new LdapConnection(domainName);
NetworkCredential cred = new NetworkCredential(adminName, adminPwd, domainName);
connection.Credential = cred;
string dn = PacHelper.GetDomainDnFromDomainName(domainName);
string targetOu = "cn=Computers," + dn;
computerName = computerName.Replace("$", "");
string filter = "cn=" + computerName;
string[] attributesToReturn = new string[] { "msDS-SupportedEncryptionTypes" };
SearchRequest searchRequest = new SearchRequest(targetOu, filter, SearchScope.Subtree, attributesToReturn);
SearchResponse searchResponse = (SearchResponse)connection.SendRequest(searchRequest);
SearchResultAttributeCollection attributes = searchResponse.Entries[0].Attributes;
object attributeValue = null;
attributeValue = PacHelper.getAttributeValue(attributes, "msDS-SupportedEncryptionTypes");
uint?supportedEncTypes = (uint?)Convert.ToInt32(attributeValue);
uint compIdFlag = 131072;
if ((supportedEncTypes.Value & compIdFlag) != compIdFlag)
{
string computerDN = filter + "," + targetOu;
supportedEncTypes = supportedEncTypes + compIdFlag;
ModifyRequest modRequest = new ModifyRequest(computerDN, DirectoryAttributeOperation.Replace, "msDS-SupportedEncryptionTypes", supportedEncTypes.ToString());
ModifyResponse modResponse = (ModifyResponse)connection.SendRequest(modRequest);
}
}
/// <summary>
/// Replace an attribute's value in the specified entry in the directory, or replaces all values in a multivalued entry.
/// </summary>
/// <param name="dn">The distinguished name of the entry to replace the attribute value of.</param>
/// <param name="attributeName">The name of the attribute to replace.</param>
/// <param name="values">The values associated with the attribute to replace.</param>
/// <returns>True if replaced, false otherwise.</returns>
private bool ReplaceAttribute(string dn, string attributeName, object[] values)
{
if (!string.IsNullOrWhiteSpace(dn) && !string.IsNullOrWhiteSpace(attributeName))
{
ModifyRequest request = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, attributeName, values);
try
{
ModifyResponse response = (ModifyResponse)connection.SendRequest(request);
// Check that a response was received.
if (response != null)
{
// A response was received.
if (response.ResultCode == ResultCode.Success)
{
return(true);
}
}
else
{
// A response was not received.
return(false);
}
}
catch
{
}
}
return(false);
}
/// <summary>
/// Adds or Replaces an attribute's value in the specified entry in the directory.
/// </summary>
/// <param name="dn">The distinguished name of the entry to add or replace an attribute of.</param>
/// <param name="attributeName">The name of the attribute to add or replace a value for.</param>
/// <param name="values">The values associated with the attribute to add or replace.</param>
/// <returns>True if added or replaced, false otherwise.</returns>
public bool AddOrReplaceAttribute(string dn, string attributeName, object[] values)
{
if (!string.IsNullOrWhiteSpace(dn) && !string.IsNullOrWhiteSpace(attributeName))
{
ModifyRequest request = new ModifyRequest(dn, DirectoryAttributeOperation.Add, attributeName, values);
try
{
ModifyResponse response = (ModifyResponse)connection.SendRequest(request);
// Check that a response was received.
if (response != null)
{
// A response was received.
if (response.ResultCode == ResultCode.Success)
{
return(true);
}
}
else
{
// A response was not received.
return(false);
}
}
catch (DirectoryOperationException)
{
// The attribute already has a value.
return(ReplaceAttribute(dn, attributeName, values));
}
}
return(false);
}
/// <summary>
/// Sets the new security descriptor on an account
/// </summary>
/// <param name="acctName">samaccountname</param>
/// <param name="newSD">binary SD</param>
/// <returns>true/false</returns>
public bool setgMSAPwdReaders(string acctName, byte[] newSD)
{
string dn = getDNFromSamAccountName(acctName);
if (dn != "")
{
//make and send req
ModifyRequest mReq = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, "msDS-GroupMSAMembership", newSD);
try
{
ModifyResponse mResp = (ModifyResponse)theConn.SendRequest(mReq);
if (mResp.ResultCode == ResultCode.Success)
{
return(true);
}
}
catch (DirectoryOperationException dox)
{
throw dox;
}
catch (Exception ex)
{
throw ex;
}
}
return(false);
}
/// <summary>
/// Creates a ModifyResponse packet.
/// </summary>
/// <param name="context">The user context which contains message ID.</param>
/// <param name="resultCode">Result code of previous request, as specified in RFC 2251.</param>
/// <param name="matchedDn">Matched DN.</param>
/// <param name="errorMessage">Error message for result code. Required.</param>
/// <param name="referral">Referral. Optional. Used for LDAP v3 only.</param>
/// <returns>The packet that contains the response.</returns>
internal override AdtsModifyResponsePacket CreateModifyResponse(
AdtsLdapContext context,
MsLdap.ResultCode resultCode,
string matchedDn,
string errorMessage,
string[] referral)
{
ModifyResponse modifyResponse = new ModifyResponse(
new LDAPResult_resultCode((long)resultCode),
new LDAPDN(matchedDn ?? string.Empty),
new LDAPString(errorMessage ?? string.Empty),
CreateReferral(referral));
LDAPMessage_protocolOp operation = new LDAPMessage_protocolOp();
operation.SetData(LDAPMessage_protocolOp.modifyResponse, modifyResponse);
LDAPMessage message = new LDAPMessage(new MessageID(context.MessageId), operation, null);
AdtsModifyResponsePacket packet = new AdtsModifyResponsePacket();
packet.ldapMessagev3 = message;
packet.messageId = context.MessageId;
return(packet);
}
/// <summary>
/// 修改密码
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <param name="newpassword"></param>
/// <returns></returns>
public ModifyResponse ModifyPassword(string username, string password, string newpassword)
{
ModifyResponse modifyResponse = new ModifyResponse();
try
{
if (!CheckUtil.CheckAccount(username, password))
{
return((ModifyResponse)CheckUtil.CreateResponse(ResponseCodeEnum.ACCOUNT_ERROR));
}
if (string.IsNullOrEmpty(newpassword))
{
return((ModifyResponse)CheckUtil.CreateResponse(ResponseCodeEnum.MODIFY_ERROR));
}
modifyResponse.IsSuccess = SmsAccountManage.Instance.UpdatePwd(username, password, newpassword);
if (modifyResponse.IsSuccess)
{
CacheHelper.Remove(CheckUtil.AcctountCachePre + username);
}
}
catch (Exception exception)
{
return((ModifyResponse)CheckUtil.CreateResponse(ResponseCodeEnum.INNER_EXCEPTION, exception.Message));
}
return(modifyResponse);
}
private void AddAttribute(LdapConnection connection, string entryDn, string attributeName, string attributeValue)
{
string dn = entryDn + "," + LdapConfiguration.Configuration.Domain;
ModifyRequest modifyRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Add, attributeName, attributeValue);
ModifyResponse modifyResponse = (ModifyResponse)connection.SendRequest(modifyRequest);
Assert.Equal(ResultCode.Success, modifyResponse.ResultCode);
}
public static void SetObjectSecurity(LdapConnection conn, string dn, System.DirectoryServices.ActiveDirectorySecurity sec, System.DirectoryServices.Protocols.SecurityMasks securityMask)
{
byte[] rawSD = sec.GetSecurityDescriptorBinaryForm();
//get securityDescriptor
ModifyRequest modRq = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, "ntSecurityDescriptor", rawSD);
modRq.Controls.Add(new SecurityDescriptorFlagControl(securityMask));
ModifyResponse rsp = (ModifyResponse)conn.SendRequest(modRq);
}
public override LdapResultCompleteStatus Handle(SafeHandle handle, Native.Native.LdapResultType resType, IntPtr msg, out DirectoryResponse response)
{
response = default;
switch (resType)
{
case LdapForNet.Native.Native.LdapResultType.LDAP_RES_MODIFY:
response = new ModifyResponse();
return(LdapResultCompleteStatus.Complete);
default:
return(LdapResultCompleteStatus.Unknown);
}
}
public static ModifyResponse Unmarshall(UnmarshallerContext context)
{
ModifyResponse modifyResponse = new ModifyResponse();
modifyResponse.HttpResponse = context.HttpResponse;
modifyResponse.RequestId = context.StringValue("Modify.RequestId");
modifyResponse.Success = context.BooleanValue("Modify.Success");
modifyResponse.Code = context.StringValue("Modify.Code");
modifyResponse.Message = context.StringValue("Modify.Message");
modifyResponse.Data = context.StringValue("Modify.Data");
return(modifyResponse);
}
public void DeleteAttribut(String dn, String name, String value)
{
try
{
Connect2();
DirectoryAttributeModification directoryAttributModification = new DirectoryAttributeModification();
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Delete, name, new String[] { value });
ModifyResponse modifyResponse = (ModifyResponse)ldapConnexion.SendRequest(modRequest);
}
catch (DirectoryOperationException e)
{
Console.WriteLine(e.Message);
throw e;
}
}
private static LdapPacket BuildError(LdapPacket request, LdapException ex)
{
BaseOperationDone operation = null;
switch (request.ProtocolOperation.Tag.LdapCommand)
{
case LdapCommands.AddRequest:
operation = new AddResponse();
break;
case LdapCommands.BindRequest:
operation = new BindResponse();
break;
case LdapCommands.DelRequest:
operation = new DelResponse();
break;
case LdapCommands.SearchRequest:
operation = new SearchResultDone();
break;
case LdapCommands.ModifyRequest:
operation = new ModifyResponse();
break;
}
operation.Result = new LDAPResult
{
MatchedDN = new DEROctetString(ex.Target),
DiagnosticMessage = new DEROctetString(ex.Message),
ResultCode = new DEREnumerated <LDAPResultCodes>
{
Value = ex.Code
}
};
var ldapPacket = new LdapPacket
{
MessageId = request.MessageId,
ProtocolOperation = new DERProtocolOperation
{
Operation = operation
}
};
return(ldapPacket);
}
public void ReplaceAttribut(String dn, String name, byte[] value)
{
Connect2();
try
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, name, value);
ModifyResponse modifyResponse = (ModifyResponse)ldapConnexion.SendRequest(modRequest);
Console.WriteLine(String.Format("{0} of {1} added successfully.", ldapConnexion, value));
}
catch (DirectoryOperationException e)
{
Console.WriteLine(e.Message);
throw e;
}
catch (Exception e)
{
Console.WriteLine(e.Message);
throw e;
}
}
public void AddAttribut(String dn, String name, byte[][] value)
{
Connect2();
try
{
LdapObj ldapObj = ReadDn(dn, new String[] { name });
if (!ldapObj.HasAttribut(name))
{
ModifyRequest modRequest = new ModifyRequest(dn, DirectoryAttributeOperation.Add, name, value);
// example of modifyrequest not using the response object...
ModifyResponse modifyResponse = (ModifyResponse)ldapConnexion.SendRequest(modRequest);
Console.WriteLine(String.Format("{0} of {1} added successfully.", ldapConnexion, value));
}
else
{
DirectoryAttributeModification directoryAttributeModification = new DirectoryAttributeModification();
directoryAttributeModification.Operation = DirectoryAttributeOperation.Replace;
directoryAttributeModification.Name = name;
ldapObj.ldapAttributs[name].AddRange(value);
foreach (byte[] tbb in ldapObj.ldapAttributs[name].values)
{
directoryAttributeModification.Add(tbb);
}
ModifyRequest modRequest = new ModifyRequest(dn, new DirectoryAttributeModification[] { directoryAttributeModification });
ModifyResponse modifyResponse = (ModifyResponse)ldapConnexion.SendRequest(modRequest);
Console.WriteLine(String.Format("{0} of {1} added successfully.", ldapConnexion, value));
}
}
catch (DirectoryOperationException e)
{
Console.WriteLine(e.Message);
throw e;
}
catch (Exception e)
{
Console.WriteLine(e.Message);
throw e;
}
}
/// <summary>
/// Deletes an attribute's value in the specified entry in the directory.
/// </summary>
/// <param name="dn">The distinguished name of the entry to delete an attribute from.</param>
/// <param name="attributeName">The name of the attribute to delete.</param>
/// <param name="values">Optional: The specific values to delete (if desired). Supplying null will delete all values associated with the attribute.</param>
/// <returns>True if deleted, false otherwise.</returns>
public bool DeleteAttribute(string dn, string attributeName, object[] values = null)
{
if (!string.IsNullOrWhiteSpace(dn) && !string.IsNullOrWhiteSpace(attributeName))
{
ModifyRequest request = null;
if (values != null)
{
request = new ModifyRequest(dn, DirectoryAttributeOperation.Delete, attributeName, values);
}
else
{
request = new ModifyRequest(dn, DirectoryAttributeOperation.Delete, attributeName);
}
// This control allows for deletes of values that don't already exist to succeed without throwing an exception.
// The value is already gone from the attribute so it returns success as if it deleted it.
request.Controls.Add(new PermissiveModifyControl());
ModifyResponse response = (ModifyResponse)connection.SendRequest(request);
// Check that a response was received.
if (response != null)
{
// A response was received.
if (response.ResultCode == ResultCode.Success)
{
return(true);
}
}
else
{
// A response was not received.
return(false);
}
}
return(false);
}
/// <summary>
/// Creates a ModifyResponse packet.
/// </summary>
/// <param name="context">The user context which contains message ID.</param>
/// <param name="resultCode">Result code of previous request, as specified in RFC 2251.</param>
/// <param name="matchedDn">Matched DN.</param>
/// <param name="errorMessage">Error message for result code. Required.</param>
/// <param name="referral">Referral. Optional. Used for LDAP v3 only.</param>
/// <returns>The packet that contains the response.</returns>
internal override AdtsModifyResponsePacket CreateModifyResponse(
AdtsLdapContext context,
MsLdap.ResultCode resultCode,
string matchedDn,
string errorMessage,
string[] referral)
{
ModifyResponse modifyResponse = new ModifyResponse(
new LDAPResult_resultCode((long)resultCode),
new LDAPDN(matchedDn ?? string.Empty),
new LDAPString(errorMessage ?? string.Empty),
CreateReferral(referral));
LDAPMessage_protocolOp operation = new LDAPMessage_protocolOp();
operation.SetData(LDAPMessage_protocolOp.modifyResponse, modifyResponse);
LDAPMessage message = new LDAPMessage(new MessageID(context.MessageId), operation, null);
AdtsModifyResponsePacket packet = new AdtsModifyResponsePacket();
packet.ldapMessagev3 = message;
packet.messageId = context.MessageId;
return packet;
}
public bool RestoreObject(string dc,
ADObjectInfo objectInfo,
QueryControl queryInfo)
{
bool ret = false;
ForestBase.CurrentPorts.SelectedPort = queryInfo.Port;
Connect(dc, ReferralChasingOptions.None);
DirectoryAttributeModification damdel = new DirectoryAttributeModification()
{
Name = "isDeleted", Operation = DirectoryAttributeOperation.Delete
};
string newdn = (objectInfo.ObjectClass.ToLowerInvariant() == "organizationalunit") ? "OU=" : "CN=";
newdn = newdn + objectInfo.LastKnownRDN.ToEscapedLdapComponent() + ",";
newdn = newdn + objectInfo.LastKnownParent;
GlobalEventHandler.RaiseMessageOccured("Restoring:", true);
GlobalEventHandler.RaiseMessageOccured("\t" + objectInfo.Path, true);
GlobalEventHandler.RaiseMessageOccured("to:", true);
GlobalEventHandler.RaiseMessageOccured("\t" + newdn, true);
DirectoryAttributeModification damdn = new DirectoryAttributeModification()
{
Name = "distinguishedName", Operation = DirectoryAttributeOperation.Replace
};
damdn.Add(newdn);
DirectoryAttributeModification[] damlist = new DirectoryAttributeModification[] { damdel, damdn };
string delpath = String.Format("<GUID={0}>", objectInfo.ObjectGuid);
delpath = objectInfo.Path;
ModifyRequest mrcall = new ModifyRequest(delpath, damlist);
mrcall.Controls.Add(new ShowDeletedControl {
ServerSide = true
});
mrcall.Controls.Add(new PermissiveModifyControl());
try
{
ModifyResponse mrresult = (ModifyResponse)base.Connection.SendRequest(mrcall);
if (mrresult.ResultCode == ResultCode.Success)
{
GlobalEventHandler.RaiseMessageOccured("Restored " + objectInfo.LastKnownRDN, true);
ret = true;
}
else
{
GlobalEventHandler.RaiseErrorOccured("ERROR: " + mrresult.ResultCode.ToString(), true);
}
}
catch (DirectoryOperationException doex)
{ GlobalEventHandler.RaiseErrorOccured("ERROR: " + doex.Message, true); }
catch (Exception ex)
{ GlobalEventHandler.RaiseErrorOccured("ERROR: " + ex.Message, true); }
return(ret);
}
/// <summary>
/// Updates the entry in the directory.
/// </summary>
/// <param name="connection">The connection to the directory.</param>
/// <param name="entry">The entry to update.</param>
/// <param name="log">The log for query information. Defaults to null.</param>
/// <param name="controls">Any <see cref="DirectoryControl"/>s to be sent with the request</param>
/// <param name="listeners">The event listeners to be notified.</param>
/// <param name="resultProcessing">How the async results are processed</param>
/// <returns></returns>
/// <exception cref="ArgumentNullException">Thrown if <paramref name="entry"/> is null.
/// </exception>
/// <exception cref="DirectoryOperationException">Thrown if the operation fails</exception>
/// <exception cref="LdapException">Thrown if the operation fails</exception>
public static async Task UpdateAsync(this LdapConnection connection, IDirectoryAttributes entry,
ILinqToLdapLogger log = null, DirectoryControl[] controls = null, IEnumerable <IUpdateEventListener> listeners = null,
PartialResultProcessing resultProcessing = LdapConfiguration.DefaultAsyncResultProcessing)
{
string distinguishedName = null;
try
{
if (connection == null)
{
throw new ArgumentNullException("connection");
}
if (entry == null)
{
throw new ArgumentNullException("entry");
}
distinguishedName = entry.DistinguishedName;
if (distinguishedName.IsNullOrEmpty())
{
throw new ArgumentException("entry.DistinguishedName is invalid.");
}
var changes = entry.GetChangedAttributes();
if (changes.Any())
{
var request = new ModifyRequest(distinguishedName, changes.ToArray());
if (controls != null)
{
request.Controls.AddRange(controls);
}
if (listeners != null)
{
var args = new ListenerPreArgs <object, ModifyRequest>(entry, request, connection);
foreach (var eventListener in listeners.OfType <IPreUpdateEventListener>())
{
eventListener.Notify(args);
}
}
if (log != null && log.TraceEnabled)
{
log.Trace(request.ToLogString());
}
ModifyResponse response = null;
#if NET45
await System.Threading.Tasks.Task.Factory.FromAsync(
(callback, state) =>
{
return(connection.BeginSendRequest(request, resultProcessing, callback, state));
},
(asyncresult) =>
{
response = (ModifyResponse)connection.EndSendRequest(asyncresult);
response.AssertSuccess();
},
null
).ConfigureAwait(false);
#else
response = await Task.Run(() => connection.SendRequest(request) as ModifyResponse).ConfigureAwait(false);
response.AssertSuccess();
#endif
if (listeners != null)
{
var args = new ListenerPostArgs <object, ModifyRequest, ModifyResponse>(entry, request, response, connection);
foreach (var eventListener in listeners.OfType <IPostUpdateEventListener>())
{
eventListener.Notify(args);
}
}
}
else
{
if (log != null && log.TraceEnabled)
{
log.Trace(string.Format("No changes found for {0}.", distinguishedName));
}
}
}
catch (Exception ex)
{
if (log != null)
{
log.Error(ex, string.Format("An error occurred while trying to update '{0}'.", distinguishedName));
}
throw;
}
}
public void TestAddingMultipleAttributes()
{
using (LdapConnection connection = GetConnection())
{
string ouName = "ProtocolsGroup6";
string dn = "ou=" + ouName;
try
{
DeleteEntry(connection, dn);
AddOrganizationalUnit(connection, dn);
DirectoryAttributeModification mod1 = new DirectoryAttributeModification();
mod1.Operation = DirectoryAttributeOperation.Add;
mod1.Name = "description";
mod1.Add("Description 5");
DirectoryAttributeModification mod2 = new DirectoryAttributeModification();
mod2.Operation = DirectoryAttributeOperation.Add;
mod2.Name = "postalAddress";
mod2.Add("123 4th Ave NE, State, Country");
DirectoryAttributeModification[] mods = new DirectoryAttributeModification[2] {
mod1, mod2
};
string fullDn = dn + "," + LdapConfiguration.Configuration.Domain;
ModifyRequest modRequest = new ModifyRequest(fullDn, mods);
ModifyResponse modResponse = (ModifyResponse)connection.SendRequest(modRequest);
Assert.Equal(ResultCode.Success, modResponse.ResultCode);
Assert.Throws <DirectoryOperationException>(() => (ModifyResponse)connection.SendRequest(modRequest));
SearchResultEntry sre = SearchOrganizationalUnit(connection, LdapConfiguration.Configuration.Domain, ouName);
Assert.NotNull(sre);
Assert.Equal("Description 5", (string)sre.Attributes["description"][0]);
Assert.Throws <DirectoryOperationException>(() => AddAttribute(connection, dn, "description", "Description 5"));
Assert.Equal("123 4th Ave NE, State, Country", (string)sre.Attributes["postalAddress"][0]);
Assert.Throws <DirectoryOperationException>(() => AddAttribute(connection, dn, "postalAddress", "123 4th Ave NE, State, Country"));
mod1 = new DirectoryAttributeModification();
mod1.Operation = DirectoryAttributeOperation.Replace;
mod1.Name = "description";
mod1.Add("Modified Description 5");
mod2 = new DirectoryAttributeModification();
mod2.Operation = DirectoryAttributeOperation.Replace;
mod2.Name = "postalAddress";
mod2.Add("689 5th Ave NE, State, Country");
mods = new DirectoryAttributeModification[2] {
mod1, mod2
};
modRequest = new ModifyRequest(fullDn, mods);
modResponse = (ModifyResponse)connection.SendRequest(modRequest);
Assert.Equal(ResultCode.Success, modResponse.ResultCode);
sre = SearchOrganizationalUnit(connection, LdapConfiguration.Configuration.Domain, ouName);
Assert.NotNull(sre);
Assert.Equal("Modified Description 5", (string)sre.Attributes["description"][0]);
Assert.Throws <DirectoryOperationException>(() => AddAttribute(connection, dn, "description", "Modified Description 5"));
Assert.Equal("689 5th Ave NE, State, Country", (string)sre.Attributes["postalAddress"][0]);
Assert.Throws <DirectoryOperationException>(() => AddAttribute(connection, dn, "postalAddress", "689 5th Ave NE, State, Country"));
mod1 = new DirectoryAttributeModification();
mod1.Operation = DirectoryAttributeOperation.Delete;
mod1.Name = "description";
mod2 = new DirectoryAttributeModification();
mod2.Operation = DirectoryAttributeOperation.Delete;
mod2.Name = "postalAddress";
mods = new DirectoryAttributeModification[2] {
mod1, mod2
};
modRequest = new ModifyRequest(fullDn, mods);
modResponse = (ModifyResponse)connection.SendRequest(modRequest);
Assert.Equal(ResultCode.Success, modResponse.ResultCode);
sre = SearchOrganizationalUnit(connection, LdapConfiguration.Configuration.Domain, ouName);
Assert.NotNull(sre);
Assert.Null(sre.Attributes["description"]);
Assert.Null(sre.Attributes["postalAddress"]);
}
finally
{
DeleteEntry(connection, dn);
}
}
}
