/// <summary> /// The sequence [index .. index + size] of bytes in buffer is converted into a SID structure and returned. /// </summary> /// <param name="buffer"></param> /// <param name="index"></param> /// <param name="size"></param> /// <returns></returns> public static NT4SID ExtractSid(byte[] buffer, uint index, uint size) { NT4SID sid = new NT4SID(); Array.Copy(buffer, index, sid.Data, 0, size); return(sid); }
DSNAME[] LookupSID(DsServer dc, uint flags, NT4SID sid) { List <DSNAME> rt = new List <DSNAME>(); SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0); DSNAME[] rt1 = LookupAttr(dc, flags, "objectSid", secId.ToString()); DSNAME[] rt2 = LookupAttr(dc, flags, "sIDHistory", secId.ToString()); if (rt1 != null) { rt.AddRange(rt1); } if (rt2 != null) { rt.AddRange(rt2); } if (rt.Count > 0) { return(rt.ToArray()); } else { return(null); } }
string DomainNameFromSid(DsServer dc, NT4SID sid) { SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0); RootDSE rootDse = LdapUtility.GetRootDSE(dc); return(DrsrHelper.GetFQDNFromDN(rootDse.defaultNamingContext)); }
/// <summary> /// Returns true if the domain identified by sid is in a forest trusted by the caller's forest, /// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise. /// </summary> /// <param name="dc"></param> /// <param name="sid">The SID of a domain.</param> /// <returns></returns> static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid) { FOREST_TRUST_INFORMATION f; bool b; RootDSE rootDse = LdapUtility.GetRootDSE(dc); string[] tdos = LdapUtility.GetAttributeValuesString( dc, rootDse.rootDomainNamingContext, "distinguishedName", "(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))", System.DirectoryServices.Protocols.SearchScope.Subtree); foreach (string o in tdos) { byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo"); if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f)) { return(false); } foreach (Record e in f.Records) { if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo && (DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) && ((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0)) { b = true; foreach (Record g in f.Records) { if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx && (g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 && ( ((RecordTopLevelName)g.ForestTrustData).TopLevelName == ((RecordDomainInfo)e.ForestTrustData).DnsName || TrustInfo.IsSubdomainOf( ((RecordDomainInfo)e.ForestTrustData).DnsName, ((RecordTopLevelName)g.ForestTrustData).TopLevelName) ) ) { b = false; break; } } if (b) { return(true); } } } } return(false); }
public static string GetObjectDnBySid(DsServer dc, string baseDn, NT4SID sid) { return(GetAttributeValueInString( dc, baseDn, "distinguishedName", "(&(objectClass=*)(objectSid=" + GetBinaryString(sid.Data) + "))", System.DirectoryServices.Protocols.SearchScope.Subtree )); }
NT4SID SidFromStringSid(string name) { const int SidSize = 28; NT4SID sid = new NT4SID(); sid.Data = new byte[SidSize]; SecurityIdentifier secId = new SecurityIdentifier(name); secId.GetBinaryForm(sid.Data, 0); return(sid); }
NT4SID DomainSidFromSid(NT4SID sid) { SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0); SecurityIdentifier domainSid = secId.AccountDomainSid; NT4SID nsid = new NT4SID(); nsid.Data = new byte[28]; domainSid.GetBinaryForm(nsid.Data, 0); return(nsid); }
/// <summary> /// Validate if the specified sid is null sid (all data bytes are 0). /// </summary> /// <param name="sid">The sid.</param> /// <returns>True if null sid, otherwise false.</returns> public static bool IsNullSid(NT4SID sid) { if (sid.Data == null) { return(true); } foreach (byte bd in sid.Data) { if (bd != 0) { return(false); } } return(true); }
DSNAME GetDSNameFromSid(DsServer dc, NT4SID sid) { RootDSE rootDse = LdapUtility.GetRootDSE(dc); string baseDn = rootDse.defaultNamingContext; StringBuilder sidStr = new StringBuilder(); for (int i = 0; i < sid.Data.Length; ++i) { sidStr.AppendFormat(@"\{0:x2}", sid.Data[i]); } string filter = "(objectSid=" + sidStr.ToString() + ")"; string dn = (string)GetAttributeValue(dc, baseDn, "distinguishedName", filter, System.DirectoryServices.Protocols.SearchScope.Subtree); return(LdapUtility.CreateDSNameForObject(dc, dn)); }
/// <summary> /// Compare if two NT4SID equals with each other /// </summary> /// <param name="sid1">Sid 1</param> /// <param name="sid2">Sid 2</param> /// <returns>True if the two sids equal with each other, otherwise false.</returns> public static bool NT4SID_Equals(NT4SID sid1, NT4SID sid2) { if (IsNullSid(sid1) && IsNullSid(sid2)) { return(true); } else if (IsNullSid(sid1) || IsNullSid(sid2)) { return(false); } for (int i = 0; i < sid1.Data.Length; i++) { if (sid1.Data[i] != sid2.Data[i]) { return(false); } } return(true); }
public DRS_MSG_REPMOD createDRS_MSG_REPMOD_Request( EnvironmentConfig.Machine machine, DsServer src, DRS_OPTIONS replicaFlags, DRS_MSG_REPMOD_FIELDS modifyFields, DRS_OPTIONS options ) { #region generate the parameters string ncReplicaDistinguishedName = LdapUtility.ConvertUshortArrayToString(src.Domain.ConfigNC.StringName); Guid ncReplicaObjectGuid = src.Domain.ConfigNC.Guid; NT4SID ncReplicaObjectSid = src.Domain.ConfigNC.Sid; Guid sourceDsaGuid = src.NtdsDsaObjectGuid; string sourceDsaName = src.DsaNetworkAddress; #endregion REPLTIMES s = new REPLTIMES(); s.rgTimes = new byte[84]; for (int i = 0; i < s.rgTimes.Length; i++) { s.rgTimes[i] = 1; } string sid = convertSidToString(ncReplicaObjectSid); DRS_MSG_REPMOD?req = DRSClient.CreateReplicaModifyRequest( ncReplicaDistinguishedName, ncReplicaObjectGuid, sid, sourceDsaGuid, sourceDsaName, s, replicaFlags, modifyFields, options); return((DRS_MSG_REPMOD)req); }