public static AccountValidationResult HasAllServiceAccountPermissions(
ServiceType serviceType,
string account,
SecurityIdentifier accountSid)
{
AccountValidationResult result = ServiceAccount.AccountValidationResult.Valid;
try
{
if (!DBRoleUtil.IsAccountInTFSIPEXECRole(account))
{
result |= ServiceAccount.AccountValidationResult.NotInTFSIPEXECRole;
}
if (!WindowsGroupUtil.IsMemberOfLocalGroup(Constants.TfsIntegrationExecWorkProcessGroupName, accountSid))
{
result |= ServiceAccount.AccountValidationResult.NotInTFSIPEXECWorkProcessGroup;
}
if (GlobalConfiguration.UseWindowsService)
{
string serviceName = s_serviceNames[serviceType];
if (!WindowsServiceLogonUtil.IsLogonAccountOfService(serviceName, account))
{
result |= ServiceAccount.AccountValidationResult.NotTfsIntegrationServiceLogonAccount;
}
}
}
catch (InvalidConfigurationException e)
{
throw;
}
catch (Exception e)
{
TraceManager.TraceException(e);
result |= ServiceAccount.AccountValidationResult.ValidationFailed;
}
return(result);
}
private AccountValidationResult GrantPermissions(ref AccountValidationResult result)
{
string account = WindowsIdentity.GetCurrent().Name;
if ((result & AccountValidationResult.NotInTFSIPEXECRole) != 0)
{
try
{
var rslt = DBRoleUtil.CreateWindowsLogin(account);
if (rslt != DBRoleUtil.AccountsResult.Fail)
{
rslt = DBRoleUtil.CreateTFSIPEXECRole();
}
if (rslt != DBRoleUtil.AccountsResult.Fail)
{
rslt = DBRoleUtil.AddAccountToTFSIPEXECRole(account);
}
if (rslt != DBRoleUtil.AccountsResult.Fail)
{
result &= ~AccountValidationResult.NotInTFSIPEXECRole;
}
}
catch { }
}
if ((result & AccountValidationResult.NotInTFSIPEXECWorkProcessGroup) != 0)
{
try
{
WindowsGroupUtil.CreateGroup(Constants.TfsIntegrationExecWorkProcessGroupName, Constants.TfsIntegrationExecWorkProcessGroupComment);
WindowsGroupUtil.AddMemberToGroup(Constants.TfsIntegrationExecWorkProcessGroupName, account);
result &= ~AccountValidationResult.NotInTFSIPEXECWorkProcessGroup;
}
catch { }
}
return(result);
}
protected override void OnStartup(StartupEventArgs e)
{
// attach global exception handler
AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(UnhandledExceptionEventHandler);
// check for existing process
Process thisProcess = Process.GetCurrentProcess();
Process[] runningProcesses = Process.GetProcessesByName(thisProcess.ProcessName);
if (runningProcesses.Length > 1)
{
Process existingProcess = runningProcesses.FirstOrDefault(x => x.Id != thisProcess.Id);
Debug.Assert(existingProcess != null);
SetForegroundWindow(existingProcess.MainWindowHandle);
Application.Current.Shutdown();
return;
}
try
{
using (RuntimeEntityModel context = RuntimeEntityModel.CreateInstance())
{
var v = context.RTSessionGroupConfigSet.Count();
}
}
catch (EntityException ex)
{
Exception exception = ex.InnerException ?? ex;
Utilities.HandleException(exception, true, "Connection Error", "Could not connect to database. Please check (1) connection string in MigrationToolServers.config and (2) database permissions.");
Application.Current.Shutdown();
return;
}
// check for running service
if (GlobalConfiguration.UseWindowsService)
{
System.ServiceProcess.ServiceController service = new System.ServiceProcess.ServiceController(Constants.TfsIntegrationServiceName);
try
{
if (service.Status != System.ServiceProcess.ServiceControllerStatus.Running)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendFormat("The TFS Integration Service is not running. The current status is {0}. ", service.Status);
stringBuilder.AppendLine("Please do one of the following:");
stringBuilder.AppendLine();
stringBuilder.AppendLine("1. Start the service using Windows Services.");
stringBuilder.AppendLine("2. Use setup in Control Panel to Change this application and uninstall the TFS Integration Service feature.");
stringBuilder.AppendLine();
stringBuilder.AppendLine("This application will now close.");
MessageBox.Show(stringBuilder.ToString(), "Error", MessageBoxButton.OK, MessageBoxImage.Error);
Application.Current.Shutdown();
return;
}
}
catch (InvalidOperationException)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendLine("The TFS Integration Service is not installed, but the Shell is configured to use the service. Please do one of the following:");
stringBuilder.AppendLine();
stringBuilder.AppendLine("1. Use setup in Control Panel to Change or Repair this application.");
stringBuilder.AppendLine("2. Set UseWindowsService in MigrationToolServers.config to false.");
stringBuilder.AppendLine();
stringBuilder.AppendLine("This application will now close.");
MessageBox.Show(stringBuilder.ToString(), "Error", MessageBoxButton.OK, MessageBoxImage.Error);
Application.Current.Shutdown();
return;
}
}
// check permissions
AccountValidationResult result = ServiceAccountUtility.CurrentAccountHasAllServiceAccountPermissions(ServiceType.TfsIntegrationService);
result &= ~AccountValidationResult.NotTfsIntegrationServiceLogonAccount; // don't care if account does not have service permissions
if ((result & AccountValidationResult.ValidationFailed) != 0)
{
MessageBox.Show("Failed to validate permissions. Please restart application with the appropriate permissions.", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
Application.Current.Shutdown();
return;
}
else if (result != AccountValidationResult.Valid)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.AppendLine("You are missing the following permissions recommended to run this application:");
stringBuilder.AppendLine();
if ((result & AccountValidationResult.NotInTFSIPEXECRole) != 0)
{
stringBuilder.AppendLine("Membership in TFSIP EXEC database role");
}
if ((result & AccountValidationResult.NotInTFSIPEXECWorkProcessGroup) != 0)
{
stringBuilder.AppendLine("Membership in local TFSIP Worker Process Group");
}
stringBuilder.AppendLine();
stringBuilder.AppendLine("Do you wish to attempt to add yourself as a member? Click No to skip and attempt to run with current permissions.");
MessageBoxResult messageBoxResult = MessageBox.Show(stringBuilder.ToString(), "Group Membership Test", MessageBoxButton.YesNo, MessageBoxImage.Question);
if (messageBoxResult == MessageBoxResult.Yes)
{
GrantPermissions(ref result);
if (result != AccountValidationResult.Valid)
{
MessageBox.Show("Unable to change membership. Please run this application as a local administrator.", "Error", MessageBoxButton.OK, MessageBoxImage.Warning);
Application.Current.Shutdown();
}
}
else
{
// continue
}
}
base.OnStartup(e);
}
