/// <summary>
/// Get all NCs in the forest.
/// </summary>
/// <param name="dc">The DC in the forest.</param>
/// <returns>All NC DNs in the forest.</returns>
public string[] ListNCs(DsServer dc)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string partitionDn = "CN=Partitions," + rootDse.configurationNamingContext;
SearchResultEntryCollection results = null;
ResultCode re = LdapUtility.Search(
dc,
partitionDn,
"(objectClass=crossRef)",
System.DirectoryServices.Protocols.SearchScope.Subtree,
new string[] { "nCName" },
out results);
if (re != ResultCode.Success)
{
return(null);
}
List <string> ncs = new List <string>();
foreach (SearchResultEntry e in results)
{
DirectoryAttribute attr = e.Attributes["nCName"];
string dn = (string)attr[0];
ncs.Add(dn);
}
return(ncs.ToArray());
}
public void DRSR_DRSCloneDC_V1_Success()
{
DrsrTestChecker.Check();
DsServer svr = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
AddObjectUpdate machineAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
svr.ComputerObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName));
updateStorage.PushUpdate(machineAccount);
AddObjectUpdate ntdsContainerAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
"CN=" + EnvironmentConfig.ClonedDCNetbiosName + "," + DrsrHelper.GetParentDNFromChildDN(DrsrHelper.GetParentDNFromChildDN(svr.NtdsDsaObjectName)));
updateStorage.PushUpdate(ntdsContainerAccount);
AddObjectUpdate ntdsAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
svr.NtdsDsaObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName));
updateStorage.PushUpdate(ntdsAccount);
BaseTestSite.Assert.IsTrue(ldapAdapter.GrantControlAccess(svr,
EnvironmentConfig.UserStore[EnvironmentConfig.User.MainDCAccount],
svr.Domain.Name,
System.DirectoryServices.ActiveDirectoryRights.ExtendedRight,
System.Security.AccessControl.AccessControlType.Allow,
DRSConstants.ExtendRights.DSCloneDomainController),
"Grant control access to clone DC firstly");
drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.MainDCAccount, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
drsTestClient.DrsAddCloneDC(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.ClonedDCNetbiosName, svr.Site.CN);
}
/// <summary>
/// Get all site objects in the forest where the DC is located.
/// </summary>
/// <param name="dc">The DC in the forest.</param>
/// <returns>All site objects in the forest.</returns>
public DsSite[] ListSites(DsServer dc)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
// Forest, so start with the root of config nc
string siteRoot = "CN=Sites," + rootDse.configurationNamingContext;
SearchResultEntryCollection results = null;
ResultCode ret = Search(
dc,
siteRoot,
"(objectClass=site)",
System.DirectoryServices.Protocols.SearchScope.OneLevel,
null,
out results
);
List <DsSite> sites = new List <DsSite>();
foreach (SearchResultEntry site in results)
{
string dn = site.DistinguishedName;
sites.Add(GetSite(dc, dn));
}
return(sites.ToArray());
}
public static string GetDnFromNcType(DsServer srv, NamingContext ncType)
{
string baseDn = "";
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
switch (ncType)
{
case NamingContext.DomainNC:
baseDn = rootDse.defaultNamingContext;
break;
case NamingContext.ConfigNC:
baseDn = rootDse.configurationNamingContext;
break;
case NamingContext.SchemaNC:
baseDn = rootDse.schemaNamingContext;
break;
default:
throw new NotImplementedException();
//break;
}
return(baseDn);
}
bool IsObjectReplicated(DsServer orig, DsServer dest, NamingContext ncType, string objectDn)
{
// FIXME: likezh-11-06-2013:
// Correct me if this is wrong, but it seems to be working quite well...
//
// The property is replicated if it meets:
// - The originating USN of the property in orig is less or equal to the one in dest
// First get the UTD in dest
UPTODATE_VECTOR_V1_EXT utdVectorDest = ldapAdapter.GetReplUTD(dest, ncType);
// No way to get the object metadata (ENTINF) thru LDAP, so try uSNChanged of the object instead.
uint usnChanged = Convert.ToUInt32(ldapAdapter.GetAttributeValueInString(orig, objectDn, "uSNChanged"));
for (int i = 0; i < utdVectorDest.cNumCursors; ++i)
{
UPTODATE_CURSOR_V1 cursor = utdVectorDest.rgCursors[i];
if (cursor.uuidDsa == orig.InvocationId)
{
long usnHigh = cursor.usnHighPropUpdate;
BaseTestSite.Log.Add(LogEntryKind.Comment, "{0} - usnHigh: {1}, usnChanged: {2}", objectDn, usnHigh, usnChanged);
if (usnHigh >= usnChanged)
{
return(true);
}
}
}
return(false);
}
/// <summary>
/// Get all domains in the forest.
/// </summary>
/// <param name="dc">The DC in the forest.</param>
/// <returns>All domain objects in the forest.</returns>
public DsDomain[] ListDomains(DsServer dc)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string partitionDn = "CN=Partitions," + rootDse.configurationNamingContext;
SearchResultEntryCollection results = null;
ResultCode re = LdapUtility.Search(
dc,
partitionDn,
"(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.804:=2))",
System.DirectoryServices.Protocols.SearchScope.Subtree,
new string[] { "nCName" },
out results);
if (re != ResultCode.Success)
{
return(null);
}
List <DsDomain> domains = new List <DsDomain>();
foreach (SearchResultEntry e in results)
{
DirectoryAttribute attr = e.Attributes["nCName"];
string dn = (string)attr[0];
DsDomain domain = new AddsDomain();
domain.Name = dn;
domains.Add(domain);
}
return(domains.ToArray());
}
/// <summary>
/// Get all DCs in a given site.
/// </summary>
/// <param name="dc">The DC to talk to.</param>
/// <param name="siteDn">The site to query servers from.</param>
/// <returns>All servers in the site.</returns>
public DsServer[] ListServersWithDcsInSite(DsServer dc, string siteDn)
{
SearchResultEntryCollection results = null;
ResultCode re = Search(
dc,
siteDn,
"(&(objectClass=nTDSDSA)(msDS-hasMasterNCs=*))",
System.DirectoryServices.Protocols.SearchScope.Subtree,
new string[] { "distinguishedName" },
out results);
if (re != ResultCode.Success)
{
return(null);
}
List <DsServer> servers = new List <DsServer>();
foreach (SearchResultEntry e in results)
{
DirectoryAttribute attr = e.Attributes["distinguishedName"];
string dn = (string)attr[0];
DsServer srv = new DsServer();
// We need the server DN, not its NTDS DSA object DN.
srv.ServerObjectName = GetParentObjectDn(dn);
srv.NtdsDsaObjectName = dn;
servers.Add(srv);
}
return(servers.ToArray());
}
public static ResultCode Search(
DsServer dc,
string baseDn,
string ldapFilter,
System.DirectoryServices.Protocols.SearchScope searchScope,
string[] attributesToReturn,
out SearchResultEntryCollection results
)
{
SearchResponse response = null;
try
{
SearchRequest request = new SearchRequest(
baseDn,
ldapFilter,
searchScope,
attributesToReturn
);
response = (SearchResponse)dc.LdapConn.SendRequest(request);
}
catch (DirectoryOperationException e)
{
results = null;
return(e.Response.ResultCode);
}
results = response.Entries;
return(response.ResultCode);
}
public static DSNAME?GetPrimaryGroup(
DsServer dc,
string name,
string baseDn)
{
// Construct a primary group SID
int primaryGroupId = Convert.ToInt32(GetAttributeValueInString(dc, name, "primaryGroupID"));
byte[] userSid = GetAttributeValueInBytes(dc, name, "objectSid");
StringBuilder escapedGroupSid = new StringBuilder();
for (uint i = 0; i < userSid.Length - 4; ++i)
{
escapedGroupSid.AppendFormat(@"\{0:x2}", userSid[i]);
}
for (uint i = 0; i < 4; ++i)
{
escapedGroupSid.AppendFormat(@"\{0:x2}", (primaryGroupId & 0xff));
primaryGroupId >>= 8;
}
string tfilter = "(&(objectClass=group)(objectSid=" + escapedGroupSid.ToString() + "))";
string dn = GetAttributeValueInString(dc, baseDn, "distinguishedName", tfilter, System.DirectoryServices.Protocols.SearchScope.Subtree);
return(CreateDSNameForObject(dc, dn));
}
public void DRSR_DRSReadNgcKey_V1_Success()
{
DrsrTestChecker.Check();
EnvironmentConfig.Machine dcServer = EnvironmentConfig.Machine.WritableDC1;
DsServer dcServerMachine = (DsServer)EnvironmentConfig.MachineStore[dcServer];
uint? outVersion;
DRS_MSG_READNGCKEYREPLY?outMessage;
string newObjDN = ldapAdapter.TestAddComputerObj(dcServerMachine);
AddObjectUpdate addUpdate = new AddObjectUpdate(dcServer, newObjDN);
updateStorage.PushUpdate(addUpdate);
string ngcKey = newObjDN;
ResultCode r = ldapAdapter.SetNgcKey(dcServerMachine, newObjDN, ngcKey);
BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, r, "IDL_DRSReadNgcKey: modify the msDS-KeyCredentialLink of " + newObjDN);
BaseTestSite.Log.Add(LogEntryKind.Comment, "IDL_DRSBind: Binding to DC server: {0}", dcServer);
uint ret = drsTestClient.DrsBind(dcServer, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSBind: Checking return value - got: {0}, expect: 0, should return 0 with a success bind to DC", ret);
ret = drsTestClient.DrsReadNgcKey(dcServer, (uint)1, newObjDN, out outVersion, out outMessage);
BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSReadNgcKey: Checking return value - got: {0}, expect: 0, should return 0 if successful.", ret);
string readNgcKey = Encoding.Unicode.GetString(outMessage.Value.V1.pNgcKey);
BaseTestSite.Assert.AreEqual <string>(ngcKey, readNgcKey, "IDL_DRSReadNgcKey: Checking Ngc Key on an object - got: {0}, expect: {1}", readNgcKey, ngcKey);
}
public static LdapConnection CreateConnection(
string hostDnsName,
DsUser user,
ref DsServer srv,
bool forceCreate = false,
AuthType authType = AuthType.Kerberos)
{
if (!forceCreate && srv.LdapConn != null)
{
// If there is an active connection, return it.
return(srv.LdapConn);
}
LdapConnection conn = new LdapConnection(hostDnsName);
if (authType == AuthType.Basic)
{
conn.AuthType = AuthType.Basic;
conn.Credential = new NetworkCredential(user.Domain.NetbiosName + "\\" + user.Username, user.Password /*, user.Domain.Name*/);
}
else
{
conn.Credential = new NetworkCredential(user.Username, user.Password, user.Domain.DNSName);
}
conn.Timeout = new TimeSpan(0, 5, 0);
// Bind the connection to the server
conn.Bind();
srv.LdapConn = conn;
return(conn);
}
public static string[] GetAttributeValuesString(
DsServer dc, string dn, string attributeName,
string ldapFilter = "(objectClass=*)",
System.DirectoryServices.Protocols.SearchScope searchScope
= System.DirectoryServices.Protocols.SearchScope.Base)
{
SearchResultEntryCollection results = null;
ResultCode ret = Search(
dc,
dn,
ldapFilter,
searchScope,
new string[] { attributeName },
out results);
if (ret != ResultCode.Success)
{
return(null);
}
foreach (SearchResultEntry e in results)
{
DirectoryAttribute attr = e.Attributes[attributeName];
if (attr == null)
{
return(null);
}
else
{
return((string[])attr.GetValues(typeof(string)));
}
}
return(null);
}
/// <summary>
/// try delete object
/// </summary>
/// <returns></returns>
bool op()
{
DsServer dc = (DsServer)EnvironmentConfig.MachineStore[dsServerType];
if (!LdapUtility.IsObjectExist(dc, objectDN))
{
return(true);
}
for (int i = 0; i < 2; i++)
{
try
{
System.DirectoryServices.Protocols.ResultCode rCode = ldapAdapter.DeleteObject(dc, objectDN);
if (rCode == System.DirectoryServices.Protocols.ResultCode.Success)
{
return(true);
}
}
catch
{
System.Threading.Thread.Sleep(1000);
}
}
return(false);
}
string DomainNetBIOSNameFromDomain(DsServer dc, DSNAME domainNc)
{
return(((string)GetAttributeValue(
dc,
LdapUtility.ConvertUshortArrayToString(domainNc.StringName),
"name")).ToUpper());
}
public DSNAME GetObjectNC(DsServer dc, DSNAME obj)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string dn = LdapUtility.ConvertUshortArrayToString(obj.StringName);
string ncDn = "";
// there might be spaces between each RDN of the dn.
dn = TrimDn(dn);
// default first
if (rootDse.defaultNamingContext != null)
{
// AD LDS doesn't have default NC
if (dn.Contains(rootDse.defaultNamingContext))
{
ncDn = rootDse.defaultNamingContext;
}
}
if (dn.Contains(rootDse.configurationNamingContext))
{
ncDn = rootDse.configurationNamingContext;
}
if (dn.Contains(rootDse.schemaNamingContext))
{
ncDn = rootDse.schemaNamingContext;
}
return(LdapUtility.CreateDSNameForObject(dc, ncDn));
}
/// <summary>
/// Travel down the base DN to find the object DN matching a given filter.
/// </summary>
/// <param name="srv">The DC the LDAP connection is connected to.</param>
/// <param name="baseDn">The base DN.</param>
/// <param name="filter">LDAP filter string.</param>
/// <returns>An object DN matching the filter. This DN must be a part of the base DN.</returns>
public static string FindObjectNameWithFilter(DsServer srv, string baseDn, string filter)
{
string[] rDns = baseDn.Split(',');
if (rDns.Length <= 1)
{
return(null);
}
for (int i = 0; i < rDns.Length; ++i)
{
string newDn = "";
for (int j = i; j < rDns.Length - 1; ++j)
{
newDn += (rDns[j] + ", ");
}
newDn += rDns[rDns.Length - 1];
string name = GetAttributeValueInString(
srv,
newDn,
"distinguishedName",
filter,
System.DirectoryServices.Protocols.SearchScope.Base);
if (name != null)
{
return(newDn);
}
}
return(null);
}
DS_NAME_RESULT_ITEMW LookupUnknownName(DsServer dc, uint flags, uint formatDesired, string name)
{
DS_NAME_RESULT_ITEMW result = new DS_NAME_RESULT_ITEMW();
uint[] formatOrder = new uint[] {
(uint)DS_NAME_FORMAT.DS_FQDN_1779_NAME,
(uint)DS_NAME_FORMAT.DS_USER_PRINCIPAL_NAME,
(uint)DS_NAME_FORMAT.DS_NT4_ACCOUNT_NAME,
(uint)DS_NAME_FORMAT.DS_CANONICAL_NAME,
(uint)DS_NAME_FORMAT.DS_UNIQUE_ID_NAME,
(uint)DS_NAME_FORMAT.DS_DISPLAY_NAME,
(uint)DS_NAME_FORMAT.DS_SERVICE_PRINCIPAL_NAME,
(uint)DS_NAME_FORMAT.DS_SID_OR_SID_HISTORY_NAME,
(uint)DS_NAME_FORMAT.DS_CANONICAL_NAME_EX
};
foreach (uint format in formatOrder)
{
result = LookupNames(dc, flags, format, formatDesired, name);
if (result.status != DS_NAME_ERROR.DS_NAME_ERROR_NOT_FOUND)
{
return(result);
}
}
return(result);
}
string GetCanonicalName(DsServer dc, DSNAME obj, bool extended)
{
string result;
string dn = LdapUtility.ConvertUshortArrayToString(obj.StringName);
//if (GetObjectNC(dc, obj).Guid == obj.Guid)
if (RetrieveDCSuffixFromDn(dn) == dn)
{
return(DomainDNSNameFromDomain(dc, obj));
}
DSNAME parentObj = GetDsName(dc, GetParentObjectDn(dn)).Value;
result = GetCanonicalName(dc, parentObj, false);
if (extended == true)
{
result = result + "\n";
}
else
{
result = result + "/";
}
string name = (string)GetAttributeValue(dc, dn, "name");
result = result + name;
return(result);
}
DSNAME[] LookupSID(DsServer dc, uint flags, NT4SID sid)
{
List <DSNAME> rt = new List <DSNAME>();
SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);
DSNAME[] rt1 = LookupAttr(dc, flags, "objectSid", secId.ToString());
DSNAME[] rt2 = LookupAttr(dc, flags, "sIDHistory", secId.ToString());
if (rt1 != null)
{
rt.AddRange(rt1);
}
if (rt2 != null)
{
rt.AddRange(rt2);
}
if (rt.Count > 0)
{
return(rt.ToArray());
}
else
{
return(null);
}
}
public static RootDSE GetRootDSE(DsServer srv)
{
string rootDseDn = ""; // empty DN means rootDSE
RootDSE rootDse = new RootDSE();
rootDse.defaultNamingContext = GetAttributeValueInString(srv, rootDseDn, "defaultNamingContext");
rootDse.configurationNamingContext = GetAttributeValueInString(srv, rootDseDn, "configurationNamingContext");
rootDse.schemaNamingContext = GetAttributeValueInString(srv, rootDseDn, "schemaNamingContext");
rootDse.rootDomainNamingContext = GetAttributeValueInString(srv, rootDseDn, "rootDomainNamingContext");
rootDse.serverName = GetAttributeValueInString(srv, rootDseDn, "serverName");
rootDse.dnsHostName = GetAttributeValueInString(srv, rootDseDn, "dnsHostName");
rootDse.domainControllerFunctionality = Convert.ToInt32(GetAttributeValueInString(srv, rootDseDn, "domainControllerFunctionality"));
rootDse.domainFunctionality = Convert.ToInt32(GetAttributeValueInString(srv, rootDseDn, "domainFunctionality"));
rootDse.forestFunctionality = Convert.ToInt32(GetAttributeValueInString(srv, rootDseDn, "forestFunctionality"));
rootDse.dsServiceName = GetAttributeValueInString(srv, rootDseDn, "dsServiceName");
string gcReady = GetAttributeValueInString(srv, rootDseDn, "isGlobalCatalogReady");
if (gcReady == null || gcReady.ToUpper() != "TRUE")
{
rootDse.isGcReady = false;
}
else
{
rootDse.isGcReady = true;
}
return(rootDse);
}
private void DRSReplicaSync_Invalid_Input_4(DrsReplicaSync_Versions dwInVersion)
{
uint ret = drsTestClient.DrsBind(
EnvironmentConfig.Machine.WritableDC1,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
/* comments from TD */
/*
* if (DRS_SYNC_BYNAME in options and msgIn.pszDsaSrc = null)
* or (not DRS_SYNC_BYNAME in options and msgIn.uuidDsaSrc = null)
* or (not DRS_SYNC_BYNAME in options and msgIn.uuidDsaSrc = NULLGUID) then
* return ERROR_DS_DRA_INVALID_PARAMETER
* endif
*/
/* Create request message */
DRS_MSG_REPSYNC msgIn = new DRS_MSG_REPSYNC();
// NC
DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext);
switch (dwInVersion)
{
case DrsReplicaSync_Versions.V1:
msgIn = drsTestClient.CreateDrsReplicaSyncV1Request();
/* Setting param #1 */
msgIn.V1.ulOptions = 0;
/* Setting param #2 */
msgIn.V1.uuidDsaSrc = Guid.Empty;
msgIn.V1.pNC = ncDsname;
break;
case DrsReplicaSync_Versions.V2:
msgIn = drsTestClient.CreateDrsReplicaSyncV2Request();
/* Setting param #1 */
msgIn.V2.ulOptions = 0;
/* Setting param #2 */
msgIn.V2.uuidDsaSrc = Guid.Empty;
msgIn.V2.pNC = ncDsname;
break;
default:
BaseTestSite.Assert.Fail("The version {0} is not supported.", dwInVersion);
break;
}
/* Issue the request */
ret = drsTestClient.DRSClient.DrsReplicaSync(
EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
(uint)dwInVersion,
msgIn);
BaseTestSite.Assert.AreEqual <uint>(
(uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
ret,
"DrsReplicaSync: return code mismatch."
);
}
// <summary>
// the function is used to create a DrsUpdateRef request
// </summary>
public DRS_MSG_UPDREFS CreateRequestForDrsUpdateRef(
EnvironmentConfig.Machine machine,
DsServer dest,
DRS_OPTIONS options,
NamingContext nc = NamingContext.ConfigNC)
{
string nc_name = null;
Guid nc_guid = Guid.Empty;
string nc_sid = null;
DSNAME nc_obj;
switch (nc)
{
case NamingContext.ConfigNC:
nc_obj = dest.Domain.ConfigNC;
break;
case NamingContext.SchemaNC:
nc_obj = dest.Domain.SchemaNC;
break;
case NamingContext.AppNC:
if (EnvironmentConfig.TestDS)
{
nc_obj = ((AddsDomain)dest.Domain).OtherNCs[0];
}
else
{
nc_obj = ((AdldsDomain)dest.Domain).AppNCs[0];
}
break;
case NamingContext.DomainNC:
if (!EnvironmentConfig.TestDS)
{
nc_obj = new DSNAME();
}
nc_obj = ((AddsDomain)dest.Domain).DomainNC;
break;
default:
nc_obj = new DSNAME();
break;
}
nc_name = LdapUtility.ConvertUshortArrayToString(nc_obj.StringName);
nc_guid = nc_obj.Guid;
nc_sid = convertSidToString(nc_obj.Sid);
DRS_MSG_UPDREFS?req = DRSClient.CreateUpdateRefsRequest(
nc_name,
nc_guid,
nc_sid,
dest.DsaNetworkAddress,
dest.NtdsDsaObjectGuid,
options);
return((DRS_MSG_UPDREFS)req);
}
string DomainNameFromSid(DsServer dc, NT4SID sid)
{
SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
return(DrsrHelper.GetFQDNFromDN(rootDse.defaultNamingContext));
}
public void DRSR_DRSGetNCChanges_Access_Denied()
{
DrsrTestChecker.Check();
uint ret = drsTestClient.DrsBind(
EnvironmentConfig.Machine.WritableDC1,
EnvironmentConfig.User.ParentDomainUser,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
| DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6);
/* comments from TD */
/*
* if IsGetNCChangesPermissionGranted(msgIn) == FALSE then
* return ERROR_DRA_ACCESS_DENIED
* endif
*
*/
/* comments from likezh */
/*
* IsGetNCChangesPermissionGranted(msgIn) == FALSE
*/
//throw new NotImplementedException();
/* Create request message */
DRS_MSG_GETCHGREQ msgIn = drsTestClient.CreateDrsGetNcChangesV8Request();
uint dwInVersion = 8;
uint?dwOutVersion = 0;
DRS_MSG_GETCHGREPLY?reply;
/* Setting param #1 */
/*msgIn.V8.pNC = DefaultNC()*/
// NC
DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext);
msgIn.V8.pNC = ncDsname;
if (EnvironmentConfig.TestDS == false)
{
// ADAM requires a DSA GUID
msgIn.V8.uuidDsaObjDest = srv.NtdsDsaObjectGuid;
}
/* Issue the request */
ret = drsTestClient.DRSClient.DrsGetNcChanges(
EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
dwInVersion,
msgIn,
out dwOutVersion,
out reply);
BaseTestSite.Assert.AreEqual <uint>(
(uint)Win32ErrorCode_32.ERROR_DS_DRA_ACCESS_DENIED,
ret,
"DrsGetNcChanges: return code mismatch."
);
}
void VerifyCrackNamesMapSchemaGuid(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
Guid guid = new Guid(req.V1.rpNames[0]);
string schemaGuidStr = LdapUtility.GetBinaryString(guid.ToByteArray());
string name = ldapAd.GetAttributeValueInString(
dc,
rootDse.schemaNamingContext,
"lDAPDisplayName",
"(schemaIDGUID=" + schemaGuidStr + ")",
SearchScope.Subtree
);
testSite.Assert.IsTrue(
name == reply.Value.V1.pResult[0].rItems[0].pName,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify schema name, expect:{0}, got{1}",
name,
reply.Value.V1.pResult[0].rItems[0].pName
);
string[] objClass = LdapUtility.GetAttributeValuesString(
dc,
rootDse.schemaNamingContext,
"objectClass",
"(schemaIDGUID=" + schemaGuidStr + ")",
SearchScope.Subtree
);
string objLastClass = objClass[objClass.Length - 1];
switch (objLastClass)
{
case "classSchema":
testSite.Assert.IsTrue(
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS == reply.Value.V1.pResult[0].rItems[0].status,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}",
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS,
reply.Value.V1.pResult[0].rItems[0].status
);
break;
case "attributeSchema":
testSite.Assert.IsTrue(
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_ATTR == reply.Value.V1.pResult[0].rItems[0].status,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}",
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS,
reply.Value.V1.pResult[0].rItems[0].status
);
break;
default:
throw new NotImplementedException();
}
}
/// <summary>
/// Returns true if the domain identified by sid is in a forest trusted by the caller's forest,
/// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise.
/// </summary>
/// <param name="dc"></param>
/// <param name="sid">The SID of a domain.</param>
/// <returns></returns>
static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid)
{
FOREST_TRUST_INFORMATION f;
bool b;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string[] tdos = LdapUtility.GetAttributeValuesString(
dc,
rootDse.rootDomainNamingContext,
"distinguishedName",
"(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
System.DirectoryServices.Protocols.SearchScope.Subtree);
foreach (string o in tdos)
{
byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
{
return(false);
}
foreach (Record e in f.Records)
{
if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo &&
(DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) &&
((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0))
{
b = true;
foreach (Record g in f.Records)
{
if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx &&
(g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 &&
(
((RecordTopLevelName)g.ForestTrustData).TopLevelName
== ((RecordDomainInfo)e.ForestTrustData).DnsName
||
TrustInfo.IsSubdomainOf(
((RecordDomainInfo)e.ForestTrustData).DnsName,
((RecordTopLevelName)g.ForestTrustData).TopLevelName)
)
)
{
b = false;
break;
}
}
if (b)
{
return(true);
}
}
}
}
return(false);
}
public static DSNAME CreateDSNameForObject(DsServer srv, string dn)
{
// Get the GUID first
Guid?guid = LdapUtility.GetObjectGuid(srv, dn);
string sid = GetObjectStringSid(srv, dn);
return(DrsuapiClient.CreateDsName(dn, guid.Value, sid));
}
public static string GetObjectDnByGuid(DsServer dc, string baseDn, Guid guid)
{
return(GetAttributeValueInString(
dc,
baseDn,
"distinguishedName",
"(&(objectClass=*)(objectGuid=" + GetBinaryString(guid.ToByteArray()) + "))",
System.DirectoryServices.Protocols.SearchScope.Subtree
));
}
public static byte[][] GetAttributeValuesBytes(
DsServer dc,
string dn,
string attributeName,
string ldapFilter = "(objectClass=*)",
System.DirectoryServices.Protocols.SearchScope searchScope
= System.DirectoryServices.Protocols.SearchScope.Base)
{
return((byte[][])(GetAttributeValuesOfType(dc, dn, attributeName, ldapFilter, searchScope, typeof(byte[]))));
}
public static string GetObjectDnBySid(DsServer dc, string baseDn, NT4SID sid)
{
return(GetAttributeValueInString(
dc,
baseDn,
"distinguishedName",
"(&(objectClass=*)(objectSid=" + GetBinaryString(sid.Data) + "))",
System.DirectoryServices.Protocols.SearchScope.Subtree
));
}
