Ejemplo n.º 1
0
		private static bool MultiStringMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			bool flag;
			string value = (string)filter.Value;
			if (value != null)
			{
				if (de.Properties.Contains(winNTPropertyName) && de.Properties[winNTPropertyName].Count != 0)
				{
					IEnumerator enumerator = de.Properties[winNTPropertyName].GetEnumerator();
					try
					{
						while (enumerator.MoveNext())
						{
							string current = (string)enumerator.Current;
							if (current == null)
							{
								continue;
							}
							flag = QbeMatcher.WildcardStringMatch(filter, value, current);
							return flag;
						}
						return false;
					}
					finally
					{
						IDisposable disposable = enumerator as IDisposable;
						if (disposable != null)
						{
							disposable.Dispose();
						}
					}
					return flag;
				}
			}
			else
			{
				if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || ((string)de.Properties[winNTPropertyName].Value).Length == 0)
				{
					return true;
				}
			}
			return false;
		}
Ejemplo n.º 2
0
		private static bool DateTimeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			DateTime value;
			QbeMatchType qbeMatchType = (QbeMatchType)filter.Value;
			if (qbeMatchType.Value != null)
			{
				if (de.Properties.Contains(winNTPropertyName) && de.Properties[winNTPropertyName].Value != null)
				{
					if (winNTPropertyName != "PasswordAge")
					{
						value = (DateTime)de.Properties[winNTPropertyName].Value;
					}
					else
					{
						PropertyValueCollection item = de.Properties["PasswordAge"];
						if (item.Count == 0)
						{
							return false;
						}
						else
						{
							int num = (int)item[0];
							value = DateTime.UtcNow - new TimeSpan(0, 0, num);
						}
					}
					int num1 = DateTime.Compare(value, (DateTime)qbeMatchType.Value);
					bool flag = true;
					MatchType match = qbeMatchType.Match;
					switch (match)
					{
						case MatchType.Equals:
						{
							flag = num1 == 0;
							break;
						}
						case MatchType.NotEquals:
						{
							flag = num1 != 0;
							break;
						}
						case MatchType.GreaterThan:
						{
							flag = num1 > 0;
							break;
						}
						case MatchType.GreaterThanOrEquals:
						{
							flag = num1 >= 0;
							break;
						}
						case MatchType.LessThan:
						{
							flag = num1 < 0;
							break;
						}
						case MatchType.LessThanOrEquals:
						{
							flag = num1 <= 0;
							break;
						}
						default:
						{
							flag = false;
							break;
						}
					}
					return flag;
				}
			}
			else
			{
				if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
				{
					return true;
				}
			}
			return false;
		}
Ejemplo n.º 3
0
		private static bool GroupTypeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			GroupScope value = (GroupScope)filter.Value;
			if (value != GroupScope.Local)
			{
				return false;
			}
			else
			{
				return true;
			}
		}
Ejemplo n.º 4
0
        protected static string LastLogonConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(filter.Value is QbeMatchType);

            QbeMatchType qmt = (QbeMatchType)filter.Value;

            Debug.Assert(qmt.Value is DateTime);
            Debug.Assert((suggestedAdProperty == "lastLogon") || (suggestedAdProperty == "lastLogonTimestamp"));

            StringBuilder sb = new StringBuilder();
            sb.Append("(|");
            sb.Append(DateTimeFilterBuilder("lastLogon", (DateTime)qmt.Value, LdapConstants.defaultUtcTime, false, qmt.Match));
            sb.Append(DateTimeFilterBuilder("lastLogonTimestamp", (DateTime)qmt.Value, LdapConstants.defaultUtcTime, true, qmt.Match));
            sb.Append(")");

            return (sb.ToString());
        }
Ejemplo n.º 5
0
        private static bool DateTimeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
        {
            QbeMatchType valueToMatch = (QbeMatchType)filter.Value;

            if (null == valueToMatch.Value)
            {
                if ((de.Properties.Contains(winNTPropertyName) == false) ||
                    (de.Properties[winNTPropertyName].Count == 0) ||
                    (de.Properties[winNTPropertyName].Value == null))
                {
                    return(true);
                }
            }
            else
            {
                Debug.Assert(valueToMatch.Value is DateTime);

                if (de.Properties.Contains(winNTPropertyName) && (de.Properties[winNTPropertyName].Value != null))
                {
                    DateTime value;

                    if (winNTPropertyName == "PasswordAge")
                    {
                        PropertyValueCollection values = de.Properties["PasswordAge"];

                        if (values.Count != 0)
                        {
                            Debug.Assert(values.Count == 1);
                            Debug.Assert(values[0] is int);

                            int secondsLapsed = (int)values[0];

                            value = DateTime.UtcNow - new TimeSpan(0, 0, secondsLapsed);
                        }
                        else
                        {
                            // If we don't have a passwordAge then this item will never match.
                            return(false);
                        }
                    }
                    else
                    {
                        value = (DateTime)de.Properties[winNTPropertyName].Value;
                    }

                    int comparisonResult = DateTime.Compare(value, (DateTime)valueToMatch.Value);

                    bool result = valueToMatch.Match switch
                    {
                        MatchType.Equals => comparisonResult == 0,
                        MatchType.NotEquals => comparisonResult != 0,
                        MatchType.GreaterThan => comparisonResult > 0,
                        MatchType.GreaterThanOrEquals => comparisonResult >= 0,
                        MatchType.LessThan => comparisonResult < 0,
                        MatchType.LessThanOrEquals => comparisonResult <= 0,
                        _ => false,
                    };
                    return(result);
                }
            }

            return(false);
        }
Ejemplo n.º 6
0
        private static bool MultiStringMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
        {
            string valueToMatch = (string)filter.Value;

            if (valueToMatch == null)
            {
                if ((de.Properties.Contains(winNTPropertyName) == false) ||
                     (de.Properties[winNTPropertyName].Count == 0) ||
                     (((string)de.Properties[winNTPropertyName].Value).Length == 0))
                    return true;
            }
            else
            {
                if (de.Properties.Contains(winNTPropertyName) && (de.Properties[winNTPropertyName].Count != 0))
                {
                    foreach (string value in de.Properties[winNTPropertyName])
                    {
                        if (value != null)
                        {
                            return WildcardStringMatch(filter, valueToMatch, value);
                        }
                    }
                }
            }

            return false;
        }
Ejemplo n.º 7
0
        protected static string DefaultValutMatchingDateTimeConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(filter.Value is QbeMatchType);

            QbeMatchType qmt = (QbeMatchType)filter.Value;

            Debug.Assert(qmt.Value is DateTime);

            return (DateTimeFilterBuilder(suggestedAdProperty, (DateTime)qmt.Value, LdapConstants.defaultUtcTime, false, qmt.Match));
        }
Ejemplo n.º 8
0
 protected static string BinaryConverter(FilterBase filter, string suggestedAdProperty)
 {
     return(filter.Value != null ?
            $"({suggestedAdProperty}={ADUtils.EscapeBinaryValue((byte[])filter.Value)})" :
            $"(!({suggestedAdProperty}=*)))");
 }
Ejemplo n.º 9
0
        private static bool DateTimeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
        {
            DateTime     value;
            QbeMatchType qbeMatchType = (QbeMatchType)filter.Value;

            if (qbeMatchType.Value != null)
            {
                if (de.Properties.Contains(winNTPropertyName) && de.Properties[winNTPropertyName].Value != null)
                {
                    if (winNTPropertyName != "PasswordAge")
                    {
                        value = (DateTime)de.Properties[winNTPropertyName].Value;
                    }
                    else
                    {
                        PropertyValueCollection item = de.Properties["PasswordAge"];
                        if (item.Count == 0)
                        {
                            return(false);
                        }
                        else
                        {
                            int num = (int)item[0];
                            value = DateTime.UtcNow - new TimeSpan(0, 0, num);
                        }
                    }
                    int       num1  = DateTime.Compare(value, (DateTime)qbeMatchType.Value);
                    bool      flag  = true;
                    MatchType match = qbeMatchType.Match;
                    switch (match)
                    {
                    case MatchType.Equals:
                    {
                        flag = num1 == 0;
                        break;
                    }

                    case MatchType.NotEquals:
                    {
                        flag = num1 != 0;
                        break;
                    }

                    case MatchType.GreaterThan:
                    {
                        flag = num1 > 0;
                        break;
                    }

                    case MatchType.GreaterThanOrEquals:
                    {
                        flag = num1 >= 0;
                        break;
                    }

                    case MatchType.LessThan:
                    {
                        flag = num1 < 0;
                        break;
                    }

                    case MatchType.LessThanOrEquals:
                    {
                        flag = num1 <= 0;
                        break;
                    }

                    default:
                    {
                        flag = false;
                        break;
                    }
                    }
                    return(flag);
                }
            }
            else
            {
                if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
                {
                    return(true);
                }
            }
            return(false);
        }
Ejemplo n.º 10
0
 protected static string CommaStringConverter(FilterBase filter, string suggestedAdProperty)
 {
     return(filter.Value != null ?
            $"({suggestedAdProperty}=*{ADUtils.PAPIQueryToLdapQueryString((string)filter.Value)}*)" :
            $"(!({suggestedAdProperty}=*))");
 }
Ejemplo n.º 11
0
        protected static string UserAccountControlConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(string.Equals(suggestedAdProperty, "userAccountControl", StringComparison.OrdinalIgnoreCase));

            string result = "";

            // bitwise-AND

            bool value = (bool)filter.Value;

            switch (filter.PropertyName)
            {
            case AuthPrincEnabledFilter.PropertyNameStatic:
                // UF_ACCOUNTDISABLE
                // Note that the logic is inverted on this one.  We expose "Enabled",
                // but AD stores it as "Disabled".
                result = value ?
                         "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" :
                         "(userAccountControl:1.2.840.113556.1.4.803:=2)";
                break;

            case SmartcardLogonRequiredFilter.PropertyNameStatic:
                // UF_SMARTCARD_REQUIRED
                result = value ?
                         "(userAccountControl:1.2.840.113556.1.4.803:=262144)" :
                         "(!(userAccountControl:1.2.840.113556.1.4.803:=262144))";
                break;

            case DelegationPermittedFilter.PropertyNameStatic:
                // UF_NOT_DELEGATED
                // Note that the logic is inverted on this one.  That's because we expose
                // "delegation allowed", but AD represents it as the inverse, "delegation NOT allowed"
                result = value ?
                         "(!(userAccountControl:1.2.840.113556.1.4.803:=1048576))" :
                         "(userAccountControl:1.2.840.113556.1.4.803:=1048576)";
                break;

            case PasswordNotRequiredFilter.PropertyNameStatic:
                // UF_PASSWD_NOTREQD
                result = value ?
                         "(userAccountControl:1.2.840.113556.1.4.803:=32)" :
                         "(!(userAccountControl:1.2.840.113556.1.4.803:=32))";
                break;

            case PasswordNeverExpiresFilter.PropertyNameStatic:
                // UF_DONT_EXPIRE_PASSWD
                result = value ?
                         "(userAccountControl:1.2.840.113556.1.4.803:=65536)" :
                         "(!(userAccountControl:1.2.840.113556.1.4.803:=65536))";
                break;

            case CannotChangePasswordFilter.PropertyNameStatic:
                // UF_PASSWD_CANT_CHANGE
                // This bit doesn't work correctly in AD (AD models the "user can't change password"
                // setting as special ACEs in the ntSecurityDescriptor).
                throw new InvalidOperationException(
                          SR.Format(
                              SR.StoreCtxUnsupportedPropertyForQuery,
                              PropertyNamesExternal.GetExternalForm(filter.PropertyName)));

            case AllowReversiblePasswordEncryptionFilter.PropertyNameStatic:
                // UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
                result = value ?
                         "(userAccountControl:1.2.840.113556.1.4.803:=128)" :
                         "(!(userAccountControl:1.2.840.113556.1.4.803:=128))";
                break;

            default:
                Debug.Fail("ADStoreCtx.UserAccountControlConverter: fell off end looking for " + filter.PropertyName);
                break;
            }

            return(result);
        }
Ejemplo n.º 12
0
        private static bool GroupTypeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
        {
            Debug.Assert(winNTPropertyName == "groupType");
            Debug.Assert(filter is GroupScopeFilter);

            GroupScope valueToMatch = (GroupScope)filter.Value;

            // All SAM local machine groups are local groups
            if (valueToMatch == GroupScope.Local)
                return true;
            else
                return false;
        }
Ejemplo n.º 13
0
        private static bool ExpirationDateMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
        {
            Debug.Assert(filter is ExpirationDateFilter);
            Debug.Assert(winNTPropertyName == "AccountExpirationDate");

            Nullable<DateTime> valueToCompare = (Nullable<DateTime>)filter.Value;

            if (!valueToCompare.HasValue)
            {
                if ((de.Properties.Contains(winNTPropertyName) == false) ||
                     (de.Properties[winNTPropertyName].Count == 0) ||
                     (de.Properties[winNTPropertyName].Value == null))
                    return true;
            }
            else
            {
                if (de.Properties.Contains(winNTPropertyName) && (de.Properties[winNTPropertyName].Value != null))
                {
                    DateTime value = (DateTime)de.Properties[winNTPropertyName].Value;

                    if (value.Equals(valueToCompare.Value))
                        return true;
                }
            }

            return false;
        }
Ejemplo n.º 14
0
        private static bool BinaryMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
        {
            byte[] valueToMatch = (byte[])filter.Value;

            if (valueToMatch == null)
            {
                if ((de.Properties.Contains(winNTPropertyName) == false) ||
                     (de.Properties[winNTPropertyName].Count == 0) ||
                     (de.Properties[winNTPropertyName].Value == null))
                    return true;
            }
            else
            {
                if (de.Properties.Contains(winNTPropertyName))
                {
                    byte[] value = (byte[])de.Properties[winNTPropertyName].Value;

                    if ((value != null) && Utils.AreBytesEqual(value, valueToMatch))
                        return true;
                }
            }

            return false;
        }
Ejemplo n.º 15
0
		private static bool SidMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			byte[] byteArray = Utils.StringToByteArray((string)filter.Value);
			if (byteArray != null)
			{
				if (de.Properties["objectSid"].Count <= 0 || de.Properties["objectSid"].Value == null)
				{
					return false;
				}
				else
				{
					return Utils.AreBytesEqual(byteArray, (byte[])de.Properties["objectSid"].Value);
				}
			}
			else
			{
				throw new InvalidOperationException(StringResources.StoreCtxSecurityIdentityClaimBadFormat);
			}
		}
Ejemplo n.º 16
0
        private static bool IntMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
        {
            QbeMatchType value = (QbeMatchType)filter.Value;
            bool         flag  = false;

            if (value.Value != null)
            {
                if (de.Properties.Contains(winNTPropertyName))
                {
                    int       num    = (int)de.Properties[winNTPropertyName].Value;
                    int       value1 = (int)value.Value;
                    MatchType match  = value.Match;
                    switch (match)
                    {
                    case MatchType.Equals:
                    {
                        flag = num == value1;
                        break;
                    }

                    case MatchType.NotEquals:
                    {
                        flag = num != value1;
                        break;
                    }

                    case MatchType.GreaterThan:
                    {
                        flag = num > value1;
                        break;
                    }

                    case MatchType.GreaterThanOrEquals:
                    {
                        flag = num >= value1;
                        break;
                    }

                    case MatchType.LessThan:
                    {
                        flag = num < value1;
                        break;
                    }

                    case MatchType.LessThanOrEquals:
                    {
                        flag = num <= value1;
                        break;
                    }

                    default:
                    {
                        flag = false;
                        break;
                    }
                    }
                }
            }
            else
            {
                if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
                {
                    flag = true;
                }
            }
            return(flag);
        }
Ejemplo n.º 17
0
		private static bool UserFlagsMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			bool value = (bool)filter.Value;
			if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0)
			{
				return false;
			}
			else
			{
				int num = (int)de.Properties[winNTPropertyName].Value;
				string propertyName = filter.PropertyName;
				string str = propertyName;
				if (propertyName != null)
				{
					switch (str)
					{
						case "AuthenticablePrincipal.Enabled":
						{
							return (num & 2) != 0 ^ value;
						}
						case "AuthenticablePrincipal.AccountInfo.SmartcardLogonRequired":
						{
							return !((num & 0x40000) != 0 ^ value);
						}
						case "AuthenticablePrincipal.AccountInfo.DelegationPermitted":
						{
							return (num & 0x100000) != 0 ^ value;
						}
						case "AuthenticablePrincipal.PasswordInfo.PasswordNotRequired":
						{
							return !((num & 32) != 0 ^ value);
						}
						case "AuthenticablePrincipal.PasswordInfo.PasswordNeverExpires":
						{
							return !((num & 0x10000) != 0 ^ value);
						}
						case "AuthenticablePrincipal.PasswordInfo.UserCannotChangePassword":
						{
							return !((num & 64) != 0 ^ value);
						}
						case "AuthenticablePrincipal.PasswordInfo.AllowReversiblePasswordEncryption":
						{
							return !((num & 128) != 0 ^ value);
						}
					}
				}
				return false;
			}
		}
Ejemplo n.º 18
0
        protected static string ExtensionCacheConverter(FilterBase filter, string suggestedAdProperty)
        {
            GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter ");

            StringBuilder query = new StringBuilder();

            if (filter.Value != null)
            {
                ExtensionCache ec = (ExtensionCache)filter.Value;

                foreach (KeyValuePair<string, ExtensionCacheValue> kvp in ec.properties)
                {
                    Type type = kvp.Value.Type == null ? kvp.Value.Value.GetType() : kvp.Value.Type;

                    GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter filter type " + type.ToString());
                    GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter match type " + kvp.Value.MatchType.ToString());

                    if (kvp.Value.Value is ICollection)
                    {
                        GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter encountered collection.");

                        ICollection collection = (ICollection)kvp.Value.Value;
                        foreach (object o in collection)
                        {
                            GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter collection filter type " + o.GetType().ToString());
                            query.Append(ExtensionTypeConverter(kvp.Key, o.GetType(), o, kvp.Value.MatchType));
                        }
                    }
                    else
                    {
                        query.Append(ExtensionTypeConverter(kvp.Key, type, kvp.Value.Value, kvp.Value.MatchType));
                    }
                }
            }

            GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter complete built filter  " + query.ToString());
            return query.ToString();
        }
Ejemplo n.º 19
0
        protected static string GuidConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(String.Compare(suggestedAdProperty, "objectGuid", StringComparison.OrdinalIgnoreCase) == 0);
            Debug.Assert(filter is GuidFilter);

            Nullable<Guid> guid = (Nullable<Guid>)filter.Value;
            StringBuilder sb = new StringBuilder();

            if (guid == null)
            {
                // Spoke with ColinBr.  Both values are used to represent "no expiration date set".
                // sb.Append("(|(accountExpires=9223372036854775807)(accountExpires=0))");
            }
            else
            {
                sb.Append("(objectGuid=");

                // Transform from hex string ("1AFF") to LDAP hex string ("\1A\FF")
                string ldapHexGuid = ADUtils.HexStringToLdapHexString(guid.ToString());

                if (ldapHexGuid == null)
                    throw new InvalidOperationException(StringResources.StoreCtxGuidIdentityClaimBadFormat);

                sb.Append(ldapHexGuid);

                sb.Append(")");
            }

            return sb.ToString();
        }
Ejemplo n.º 20
0
        protected static string AcctDisabledConverter(FilterBase filter, string suggestedAdProperty)
        {
            // Principal property is AccountEnabled  where TRUE = enabled FALSE = disabled.  In ADAM
            // this is stored as accountDisabled where TRUE = disabled and FALSE = enabled so here we need to revese the value.
            StringBuilder sb = new StringBuilder();

            if (filter.Value != null)
            {
                sb.Append("(");
                sb.Append(suggestedAdProperty);
                sb.Append("=");
                sb.Append(!(bool)filter.Value ? "TRUE" : "FALSE");
                sb.Append(")");
            }
            else
            {
                sb.Append("(!(");
                sb.Append(suggestedAdProperty);
                sb.Append("=*))");
            }

            return sb.ToString();
        }
Ejemplo n.º 21
0
        protected static string MatchingDateTimeConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(filter.Value is QbeMatchType);

            QbeMatchType qmt = (QbeMatchType)filter.Value;

            Debug.Assert(qmt.Value is DateTime);

            return (ExtensionTypeConverter(suggestedAdProperty, qmt.Value.GetType(), qmt.Value, qmt.Match));
        }
Ejemplo n.º 22
0
        // Use this function when searching for an attribute where the absence of the attribute = a default setting. 
        // i.e.  ms-DS-UserPasswordNotRequired in ADAM where non existence equals false.
        protected static string DefaultValueBoolConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(NonPresentAttrDefaultStateMapping != null);
            Debug.Assert(NonPresentAttrDefaultStateMapping.ContainsKey(suggestedAdProperty));

            StringBuilder sb = new StringBuilder();

            if (filter.Value != null)
            {
                bool defaultState = NonPresentAttrDefaultStateMapping[suggestedAdProperty];

                if (defaultState == (bool)filter.Value)
                {
                    sb.Append("(|(!(");
                    sb.Append(suggestedAdProperty);
                    sb.Append("=*)(");
                    sb.Append(suggestedAdProperty);
                    sb.Append("=");
                    sb.Append((bool)filter.Value ? "TRUE" : "FALSE");
                    sb.Append(")))");
                }
                else
                {
                    sb.Append("(");
                    sb.Append(suggestedAdProperty);
                    sb.Append("=");
                    sb.Append((bool)filter.Value ? "TRUE" : "FALSE");
                    sb.Append(")");
                }
            }
            else
            {
                sb.Append("(!(");
                sb.Append(suggestedAdProperty);
                sb.Append("=*))");
            }

            return sb.ToString();
        }
Ejemplo n.º 23
0
        protected static string GroupTypeConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(String.Compare(suggestedAdProperty, "groupType", StringComparison.OrdinalIgnoreCase) == 0);
            Debug.Assert(filter is GroupIsSecurityGroupFilter || filter is GroupScopeFilter);

            // 1.2.840.113556.1.4.803 is like a bit-wise AND operator
            switch (filter.PropertyName)
            {
                case GroupIsSecurityGroupFilter.PropertyNameStatic:

                    bool value = (bool)filter.Value;

                    // GROUP_TYPE_SECURITY_ENABLED
                    // If group is enabled, it IS security-enabled
                    if (value)
                        return "(groupType:1.2.840.113556.1.4.803:=2147483648)";
                    else
                        return "(!(groupType:1.2.840.113556.1.4.803:=2147483648))";

                case GroupScopeFilter.PropertyNameStatic:

                    GroupScope value2 = (GroupScope)filter.Value;

                    switch (value2)
                    {
                        case GroupScope.Local:
                            // GROUP_TYPE_RESOURCE_GROUP, a.k.a. ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP
                            return "(groupType:1.2.840.113556.1.4.803:=4)";

                        case GroupScope.Global:
                            // GROUP_TYPE_ACCOUNT_GROUP, a.k.a. ADS_GROUP_TYPE_GLOBAL_GROUP
                            return "(groupType:1.2.840.113556.1.4.803:=2)";

                        default:
                            // GROUP_TYPE_UNIVERSAL_GROUP, a.k.a. ADS_GROUP_TYPE_UNIVERSAL_GROUP
                            Debug.Assert(value2 == GroupScope.Universal);
                            return "(groupType:1.2.840.113556.1.4.803:=8)";
                    }

                default:
                    Debug.Fail("ADStoreCtx.GroupTypeConverter: fell off end looking for " + filter.PropertyName);
                    return "";
            }
        }
Ejemplo n.º 24
0
        /*** If standard bool conversion is needed uncomment this function        
                protected static string BoolConverter(FilterBase filter, string suggestedAdProperty)
                {
                    StringBuilder sb = new StringBuilder();

                    if (filter.Value != null)
                    {
                        sb.Append("(");
                        sb.Append(suggestedAdProperty);
                        sb.Append("=");
                        sb.Append( (bool)filter.Value ? "TRUE" : "FALSE" );                
                        sb.Append(")");
                    }
                    else
                    {
                        sb.Append("(!(");
                        sb.Append(suggestedAdProperty);
                        sb.Append("=*))");                
                    }

                    return sb.ToString();
                }
        *****/
        protected static string CommaStringConverter(FilterBase filter, string suggestedAdProperty)
        {
            StringBuilder sb = new StringBuilder();

            if (filter.Value != null)
            {
                sb.Append("(");
                sb.Append(suggestedAdProperty);
                sb.Append("=*");
                sb.Append(ADUtils.PAPIQueryToLdapQueryString((string)filter.Value));
                sb.Append("*");
                sb.Append(")");
            }
            else
            {
                sb.Append("(!(");
                sb.Append(suggestedAdProperty);
                sb.Append("=*))");
            }

            return sb.ToString();
        }
Ejemplo n.º 25
0
		private static bool BinaryMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			byte[] value = (byte[])filter.Value;
			if (value != null)
			{
				if (de.Properties.Contains(winNTPropertyName))
				{
					byte[] numArray = (byte[])de.Properties[winNTPropertyName].Value;
					if (numArray != null && Utils.AreBytesEqual(numArray, value))
					{
						return true;
					}
				}
			}
			else
			{
				if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
				{
					return true;
				}
			}
			return false;
		}
Ejemplo n.º 26
0
        protected static string IdentityClaimConverter(FilterBase filter, string suggestedAdProperty)
        {
            IdentityClaim ic = (IdentityClaim)filter.Value;

            if (ic.UrnScheme == null)
                throw new ArgumentException(StringResources.StoreCtxIdentityClaimMustHaveScheme);

            string urnValue = ic.UrnValue;
            if (urnValue == null)
                urnValue = "";

            string filterString = null;

            IdentityClaimToFilter(urnValue, ic.UrnScheme, ref filterString, true);

            return filterString;
        }
Ejemplo n.º 27
0
		private static bool ExpirationDateMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			DateTime? value = (DateTime?)filter.Value;
			if (value.HasValue)
			{
				if (de.Properties.Contains(winNTPropertyName) && de.Properties[winNTPropertyName].Value != null)
				{
					DateTime dateTime = (DateTime)de.Properties[winNTPropertyName].Value;
					if (dateTime.Equals(value.Value))
					{
						return true;
					}
				}
			}
			else
			{
				if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
				{
					return true;
				}
			}
			return false;
		}
Ejemplo n.º 28
0
        protected static string CertificateConverter(FilterBase filter, string suggestedAdProperty)
        {
            System.Security.Cryptography.X509Certificates.X509Certificate2 certificate =
                                    (System.Security.Cryptography.X509Certificates.X509Certificate2)filter.Value;

            byte[] rawCertificate = certificate.RawData;

            StringBuilder sb = new StringBuilder();

            sb.Append("(userCertificate=");
            sb.Append(ADUtils.EscapeBinaryValue(rawCertificate));
            sb.Append(")");

            return sb.ToString();
        }
Ejemplo n.º 29
0
		private static bool IntMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			QbeMatchType value = (QbeMatchType)filter.Value;
			bool flag = false;
			if (value.Value != null)
			{
				if (de.Properties.Contains(winNTPropertyName))
				{
					int num = (int)de.Properties[winNTPropertyName].Value;
					int value1 = (int)value.Value;
					MatchType match = value.Match;
					switch (match)
					{
						case MatchType.Equals:
						{
							flag = num == value1;
							break;
						}
						case MatchType.NotEquals:
						{
							flag = num != value1;
							break;
						}
						case MatchType.GreaterThan:
						{
							flag = num > value1;
							break;
						}
						case MatchType.GreaterThanOrEquals:
						{
							flag = num >= value1;
							break;
						}
						case MatchType.LessThan:
						{
							flag = num < value1;
							break;
						}
						case MatchType.LessThanOrEquals:
						{
							flag = num <= value1;
							break;
						}
						default:
						{
							flag = false;
							break;
						}
					}
				}
			}
			else
			{
				if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
				{
					flag = true;
				}
			}
			return flag;
		}
Ejemplo n.º 30
0
        protected static string UserAccountControlConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(String.Compare(suggestedAdProperty, "userAccountControl", StringComparison.OrdinalIgnoreCase) == 0);

            StringBuilder sb = new StringBuilder();

            // bitwise-AND

            bool value = (bool)filter.Value;

            switch (filter.PropertyName)
            {
                case AuthPrincEnabledFilter.PropertyNameStatic:
                    // UF_ACCOUNTDISABLE
                    // Note that the logic is inverted on this one.  We expose "Enabled",
                    // but AD stores it as "Disabled".                    
                    if (value)
                        sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=2))");
                    else
                        sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=2)");
                    break;

                case SmartcardLogonRequiredFilter.PropertyNameStatic:
                    // UF_SMARTCARD_REQUIRED
                    if (value)
                        sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=262144)");
                    else
                        sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=262144))");

                    break;

                case DelegationPermittedFilter.PropertyNameStatic:
                    // UF_NOT_DELEGATED
                    // Note that the logic is inverted on this one.  That's because we expose
                    // "delegation allowed", but AD represents it as the inverse, "delegation NOT allowed"
                    if (value)
                        sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=1048576))");
                    else
                        sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=1048576)");

                    break;

                case PasswordNotRequiredFilter.PropertyNameStatic:
                    // UF_PASSWD_NOTREQD
                    if (value)
                        sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=32)");
                    else
                        sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=32))");

                    break;

                case PasswordNeverExpiresFilter.PropertyNameStatic:
                    // UF_DONT_EXPIRE_PASSWD
                    if (value)
                        sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=65536)");
                    else
                        sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=65536))");

                    break;

                case CannotChangePasswordFilter.PropertyNameStatic:
                    // UF_PASSWD_CANT_CHANGE
                    // This bit doesn't work correctly in AD (AD models the "user can't change password"
                    // setting as special ACEs in the ntSecurityDescriptor).
                    throw new InvalidOperationException(
                                            String.Format(
                                                    CultureInfo.CurrentCulture,
                                                    StringResources.StoreCtxUnsupportedPropertyForQuery,
                                                    PropertyNamesExternal.GetExternalForm(filter.PropertyName)));

                case AllowReversiblePasswordEncryptionFilter.PropertyNameStatic:
                    // UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
                    if (value)
                        sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=128)");
                    else
                        sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=128))");

                    break;

                default:
                    Debug.Fail("ADStoreCtx.UserAccountControlConverter: fell off end looking for " + filter.PropertyName);
                    break;
            }

            return sb.ToString();
        }
Ejemplo n.º 31
0
		private static bool SamAccountNameMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			string str;
			string value = (string)filter.Value;
			int num = value.IndexOf('\\');
			if (num != value.Length - 1)
			{
				if (num != -1)
				{
					str = value.Substring(num + 1);
				}
				else
				{
					str = value;
				}
				string str1 = str;
				if (de.Properties["Name"].Count <= 0 || de.Properties["Name"].Value == null)
				{
					return false;
				}
				else
				{
					return QbeMatcher.WildcardStringMatch(filter, str1, (string)de.Properties["Name"].Value);
				}
			}
			else
			{
				throw new InvalidOperationException(StringResources.StoreCtxNT4IdentityClaimWrongForm);
			}
		}
Ejemplo n.º 32
0
        protected static string BinaryConverter(FilterBase filter, string suggestedAdProperty)
        {
            StringBuilder sb = new StringBuilder();

            if (filter.Value != null)
            {
                sb.Append("(");
                sb.Append(suggestedAdProperty);
                sb.Append("=");
                sb.Append(ADUtils.EscapeBinaryValue((byte[])filter.Value));
            }
            else
            {
                sb.Append("(!(");
                sb.Append(suggestedAdProperty);
                sb.Append("=*))");
            }

            sb.Append(")");

            return sb.ToString();
        }
Ejemplo n.º 33
0
		private static bool StringMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
		{
			string value = (string)filter.Value;
			if (value != null)
			{
				if (de.Properties.Contains(winNTPropertyName))
				{
					string str = (string)de.Properties[winNTPropertyName].Value;
					if (str != null)
					{
						return QbeMatcher.WildcardStringMatch(filter, value, str);
					}
				}
			}
			else
			{
				if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || ((string)de.Properties[winNTPropertyName].Value).Length == 0)
				{
					return true;
				}
			}
			return false;
		}
Ejemplo n.º 34
0
        protected static string ExpirationDateConverter(FilterBase filter, string suggestedAdProperty)
        {
            Debug.Assert(String.Compare(suggestedAdProperty, "accountExpires", StringComparison.OrdinalIgnoreCase) == 0);
            Debug.Assert(filter is ExpirationDateFilter);

            Nullable<DateTime> date = (Nullable<DateTime>)filter.Value;
            StringBuilder sb = new StringBuilder();

            if (!date.HasValue)
            {
                // Spoke with ColinBr.  Both values are used to represent "no expiration date set".
                sb.Append("(|(accountExpires=9223372036854775807)(accountExpires=0))");
            }
            else
            {
                sb.Append("(accountExpires=");
                sb.Append(ADUtils.DateTimeToADString(date.Value));
                sb.Append(")");
            }

            return sb.ToString();
        }
Ejemplo n.º 35
0
		private static bool WildcardStringMatch(FilterBase filter, string wildcardFilter, string property)
		{
			Regex extra = filter.Extra as Regex;
			if (extra == null)
			{
				extra = new Regex(SAMUtils.PAPIQueryToRegexString(wildcardFilter), RegexOptions.Singleline);
				filter.Extra = extra;
			}
			Match match = extra.Match(property);
			return match.Success;
		}
Ejemplo n.º 36
0
        private static bool UserFlagsMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
        {
            Debug.Assert(winNTPropertyName == "UserFlags");

            bool valueToMatch = (bool)filter.Value;

            // If it doesn't contain the property, it certainly can't match the user's value
            if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0)
                return false;

            int value = (int)de.Properties[winNTPropertyName].Value;

            switch (filter.PropertyName)
            {
                // We want to return true iff both value and valueToMatch are true, or both are false
                // (i.e., NOT XOR)

                case AuthPrincEnabledFilter.PropertyNameStatic:
                    // UF_ACCOUNTDISABLE
                    // Note that the logic is inverted on this one.  We expose "Enabled",
                    // but SAM stores it as "Disabled".                    
                    return (((value & 0x0002) != 0) ^ valueToMatch);

                case SmartcardLogonRequiredFilter.PropertyNameStatic:
                    // UF_SMARTCARD_REQUIRED
                    return !(((value & 0x40000) != 0) ^ valueToMatch);

                case DelegationPermittedFilter.PropertyNameStatic:
                    // UF_NOT_DELEGATED
                    // Note that the logic is inverted on this one.  That's because we expose
                    // "delegation allowed", but AD represents it as the inverse, "delegation NOT allowed"
                    return (((value & 0x100000) != 0) ^ valueToMatch);

                case PasswordNotRequiredFilter.PropertyNameStatic:
                    // UF_PASSWD_NOTREQD
                    return !(((value & 0x0020) != 0) ^ valueToMatch);

                case PasswordNeverExpiresFilter.PropertyNameStatic:
                    // UF_DONT_EXPIRE_PASSWD
                    return !(((value & 0x10000) != 0) ^ valueToMatch);

                case CannotChangePasswordFilter.PropertyNameStatic:
                    // UF_PASSWD_CANT_CHANGE
                    return !(((value & 0x0040) != 0) ^ valueToMatch);

                case AllowReversiblePasswordEncryptionFilter.PropertyNameStatic:
                    // UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
                    return !(((value & 0x0080) != 0) ^ valueToMatch);

                default:
                    Debug.Fail("SAMQuerySet.UserFlagsMatcher: fell off end looking for " + filter.PropertyName);
                    return false;
            }
        }