protected static string GuidConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(string.Equals(suggestedAdProperty, "objectGuid", StringComparison.OrdinalIgnoreCase));
Debug.Assert(filter is GuidFilter);
Nullable <Guid> guid = (Nullable <Guid>)filter.Value;
string result = "";
if (guid != null)
{
// Transform from hex string ("1AFF") to LDAP hex string ("\1A\FF")
string ldapHexGuid = ADUtils.HexStringToLdapHexString(guid.ToString());
if (ldapHexGuid == null)
{
throw new InvalidOperationException(SR.StoreCtxGuidIdentityClaimBadFormat);
}
result = $"(objectGuid={ldapHexGuid})";
}
return(result);
}
// Use this for ldap search filter string...
internal static string SecurityIdentifierToLdapHexFilterString(SecurityIdentifier sid)
{
return(ADUtils.HexStringToLdapHexString(SecurityIdentifierToLdapHexBindingString(sid)));
}
// If useSidHistory == false, build a filter for objectSid.
// If useSidHistory == true, build a filter for objectSid and sidHistory.
protected static bool SecurityIdentityClaimConverterHelper(string urnValue, bool useSidHistory, StringBuilder filter, bool throwOnFail)
{
// String is in SDDL format. Translate it to ldap hex format
IntPtr pBytePtr = IntPtr.Zero;
byte[] sidB = null;
try
{
if (Interop.Advapi32.ConvertStringSidToSid(urnValue, out pBytePtr) != Interop.BOOL.FALSE)
{
// Now we convert the native SID to a byte[] SID
sidB = Utils.ConvertNativeSidToByteArray(pBytePtr);
if (null == sidB)
{
if (throwOnFail)
{
throw new ArgumentException(SR.StoreCtxSecurityIdentityClaimBadFormat);
}
else
{
return(false);
}
}
}
else
{
if (throwOnFail)
{
throw new ArgumentException(SR.StoreCtxSecurityIdentityClaimBadFormat);
}
else
{
return(false);
}
}
}
finally
{
if (IntPtr.Zero != pBytePtr)
{
Interop.Kernel32.LocalFree(pBytePtr);
}
}
StringBuilder stringizedBinarySid = new StringBuilder();
foreach (byte b in sidB)
{
stringizedBinarySid.Append(b.ToString("x2", CultureInfo.InvariantCulture));
}
string ldapHexSid = ADUtils.HexStringToLdapHexString(stringizedBinarySid.ToString());
if (ldapHexSid == null)
{
return(false);
}
if (useSidHistory)
{
filter.Append("(|(objectSid=");
filter.Append(ldapHexSid);
filter.Append(")(sidHistory=");
filter.Append(ldapHexSid);
filter.Append("))");
}
else
{
filter.Append("(objectSid=");
filter.Append(ldapHexSid);
filter.Append(')');
}
return(true);
}
protected static bool IdentityClaimToFilter(string identity, string identityFormat, ref string filter, bool throwOnFail)
{
identity ??= "";
StringBuilder sb = new StringBuilder();
switch (identityFormat)
{
case UrnScheme.GuidScheme:
// Transform from hex string ("1AFF") to LDAP hex string ("\1A\FF")
// The string passed is the string format of a GUID. We neeed to convert it into the ldap hex string
// to build a query
Guid g;
try
{
g = new Guid(identity);
}
catch (FormatException e)
{
if (throwOnFail)
{
// For now throw an exception to let the caller know the type was invalid.
throw new ArgumentException(e.Message, e);
}
else
{
return(false);
}
}
byte[] gByte = g.ToByteArray();
StringBuilder stringguid = new StringBuilder();
foreach (byte b in gByte)
{
stringguid.Append(b.ToString("x2", CultureInfo.InvariantCulture));
}
string ldapHexGuid = ADUtils.HexStringToLdapHexString(stringguid.ToString());
if (ldapHexGuid == null)
{
if (throwOnFail)
{
throw new ArgumentException(SR.StoreCtxGuidIdentityClaimBadFormat);
}
else
{
return(false);
}
}
sb.Append("(objectGuid=");
sb.Append(ldapHexGuid);
sb.Append(')');
break;
case UrnScheme.DistinguishedNameScheme:
sb.Append("(distinguishedName=");
sb.Append(ADUtils.EscapeRFC2254SpecialChars(identity));
sb.Append(')');
break;
case UrnScheme.SidScheme:
if (false == SecurityIdentityClaimConverterHelper(identity, false, sb, throwOnFail))
{
return(false);
}
break;
case UrnScheme.SamAccountScheme:
int index = identity.IndexOf('\\');
if (index == identity.Length - 1)
{
if (throwOnFail)
{
throw new ArgumentException(SR.StoreCtxNT4IdentityClaimWrongForm);
}
else
{
return(false);
}
}
string samAccountName = (index != -1) ? identity.Substring(index + 1) : // +1 to skip the '/'
identity;
sb.Append("(samAccountName=");
sb.Append(ADUtils.EscapeRFC2254SpecialChars(samAccountName));
sb.Append(')');
break;
case UrnScheme.NameScheme:
sb.Append("(name=");
sb.Append(ADUtils.EscapeRFC2254SpecialChars(identity));
sb.Append(')');
break;
case UrnScheme.UpnScheme:
sb.Append("(userPrincipalName=");
sb.Append(ADUtils.EscapeRFC2254SpecialChars(identity));
sb.Append(')');
break;
default:
if (throwOnFail)
{
throw new ArgumentException(SR.StoreCtxUnsupportedIdentityClaimForQuery);
}
else
{
return(false);
}
}
filter = sb.ToString();
return(true);
}
