private ResultSet FindByDate(
FindByDateMatcher.DateProperty property,
MatchType matchType,
DateTime value,
Type principalType
)
{
// We use the same SAMQuery set that we use for query-by-example, but with a different
// SAMMatcher class to perform the date-range filter.
// Get the entries we'll iterate over. Write access to Children is controlled through the
// ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all
// the child entries. So we have to clone the ctxBase --- not ideal, but it prevents
// multithreading issues.
DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children;
Debug.Assert(entries != null);
// The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned.
List <string> schemaTypes = GetSchemaFilter(principalType);
// Create the ResultSet that will perform the client-side filtering
SAMQuerySet resultSet = new SAMQuerySet(
schemaTypes,
entries,
_ctxBase,
-1, // no size limit
this,
new FindByDateMatcher(property, matchType, value));
return(resultSet);
}
// The core query operation.
// Given a PrincipalSearcher containg a query filter, transforms it into the store schema
// and performs the query to get a collection of matching native objects (up to a maximum of sizeLimit,
// or uses the sizelimit already set on the DirectorySearcher if sizeLimit == -1).
// If the PrincipalSearcher does not have a query filter (PrincipalSearcher.QueryFilter == null),
// matches all principals in the store.
//
// The collection may not be complete, i.e., paging - the returned ResultSet will automatically
// page in additional results as needed.
internal override ResultSet Query(PrincipalSearcher ps, int sizeLimit)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "Query");
Debug.Assert(sizeLimit >= -1);
// Build the description of the properties we'll filter by. In SAMStoreCtx, the "native" searcher
// is simply the QbeFilterDescription, which will be passed to the SAMQuerySet to use to
// manually filter out non-matching results.
QbeFilterDescription propertiesToMatch = (QbeFilterDescription)PushFilterToNativeSearcher(ps);
// Get the entries we'll iterate over. Write access to Children is controlled through the
// ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all
// the child entries. So we have to clone the ctxBase --- not ideal, but it prevents
// multithreading issues.
DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children;
Debug.Assert(entries != null);
// Determine the principal types of interest. The SAMQuerySet will use this to restrict
// the types of DirectoryEntry objects returned.
Type qbeFilterType = typeof(Principal);
if (ps.QueryFilter != null)
{
qbeFilterType = ps.QueryFilter.GetType();
}
List <string> schemaTypes = GetSchemaFilter(qbeFilterType);
// Create the ResultSet that will perform the client-side filtering
SAMQuerySet resultSet = new SAMQuerySet(
schemaTypes,
entries,
_ctxBase,
sizeLimit,
this,
new QbeMatcher(propertiesToMatch));
return(resultSet);
}
internal override bool MoveNext()
{
bool flag;
bool flag1 = false;
if (this.sizeLimit != -1 && this.resultsReturned >= this.sizeLimit)
{
this.endReached = true;
}
if (!this.endReached)
{
do
{
flag = this.enumerator.MoveNext();
flag1 = false;
if (!flag)
{
continue;
}
DirectoryEntry current = (DirectoryEntry)this.enumerator.Current;
if (!this.IsOfCorrectType(current) || !this.matcher.Matches(current))
{
flag1 = true;
}
else
{
this.current = current;
SAMQuerySet sAMQuerySet = this;
sAMQuerySet.resultsReturned = sAMQuerySet.resultsReturned + 1;
}
}while (flag1);
return(flag);
}
else
{
return(false);
}
}
// Get groups of which p is a direct member
internal override ResultSet GetGroupsMemberOf(Principal p)
{
// Enforced by the methods that call us
Debug.Assert(p.unpersisted == false);
if (!p.fakePrincipal)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: is real principal");
// No nested groups or computers as members of groups in SAM
if (!(p is UserPrincipal))
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: not a user, returning empty set");
return(new EmptySet());
}
Debug.Assert(p.UnderlyingObject != null);
DirectoryEntry userDE = (DirectoryEntry)p.UnderlyingObject;
UnsafeNativeMethods.IADsMembers iadsMembers = (UnsafeNativeMethods.IADsMembers)userDE.Invoke("Groups");
ResultSet resultSet = new SAMGroupsSet(iadsMembers, this, _ctxBase);
return(resultSet);
}
else
{
// ADSI's IADsGroups doesn't work for fake principals like NT AUTHORITY\NETWORK SERVICE
// We use the same SAMQuery set that we use for query-by-example, but with a different
// SAMMatcher class to match groups which contain the specified principal as a member
// Get the entries we'll iterate over. Write access to Children is controlled through the
// ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all
// the child entries. So we have to clone the ctxBase --- not ideal, but it prevents
// multithreading issues.
DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children;
Debug.Assert(entries != null);
// The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned.
List <string> schemaTypes = GetSchemaFilter(typeof(GroupPrincipal));
SecurityIdentifier principalSid = p.Sid;
byte[] SidB = new byte[principalSid.BinaryLength];
principalSid.GetBinaryForm(SidB, 0);
if (principalSid == null)
{
GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SAMStoreCtx", "GetGroupsMemberOf: bad SID IC");
throw new InvalidOperationException(SR.StoreCtxNeedValueSecurityIdentityClaimToQuery);
}
// Create the ResultSet that will perform the client-side filtering
SAMQuerySet resultSet = new SAMQuerySet(
schemaTypes,
entries,
_ctxBase,
-1, // no size limit
this,
new GroupMemberMatcher(SidB));
return(resultSet);
}
}
// Get groups of which p is a direct member
internal override ResultSet GetGroupsMemberOf(Principal p)
{
// Enforced by the methods that call us
Debug.Assert(p.unpersisted == false);
if (!p.fakePrincipal)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: is real principal");
// No nested groups or computers as members of groups in SAM
if (!(p is UserPrincipal))
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: not a user, returning empty set");
return new EmptySet();
}
Debug.Assert(p.UnderlyingObject != null);
DirectoryEntry userDE = (DirectoryEntry)p.UnderlyingObject;
UnsafeNativeMethods.IADsMembers iadsMembers = (UnsafeNativeMethods.IADsMembers)userDE.Invoke("Groups");
ResultSet resultSet = new SAMGroupsSet(iadsMembers, this, _ctxBase);
return resultSet;
}
else
{
// ADSI's IADsGroups doesn't work for fake principals like NT AUTHORITY\NETWORK SERVICE
// We use the same SAMQuery set that we use for query-by-example, but with a different
// SAMMatcher class to match groups which contain the specified principal as a member
// Get the entries we'll iterate over. Write access to Children is controlled through the
// ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all
// the child entries. So we have to clone the ctxBase --- not ideal, but it prevents
// multithreading issues.
DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children;
Debug.Assert(entries != null);
// The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned.
List<string> schemaTypes = GetSchemaFilter(typeof(GroupPrincipal));
SecurityIdentifier principalSid = p.Sid;
byte[] SidB = new byte[principalSid.BinaryLength];
principalSid.GetBinaryForm(SidB, 0);
if (principalSid == null)
{
GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SAMStoreCtx", "GetGroupsMemberOf: bad SID IC");
throw new InvalidOperationException(StringResources.StoreCtxNeedValueSecurityIdentityClaimToQuery);
}
// Create the ResultSet that will perform the client-side filtering
SAMQuerySet resultSet = new SAMQuerySet(
schemaTypes,
entries,
_ctxBase,
-1, // no size limit
this,
new GroupMemberMatcher(SidB));
return resultSet;
}
}
private ResultSet FindByDate(
FindByDateMatcher.DateProperty property,
MatchType matchType,
DateTime value,
Type principalType
)
{
// We use the same SAMQuery set that we use for query-by-example, but with a different
// SAMMatcher class to perform the date-range filter.
// Get the entries we'll iterate over. Write access to Children is controlled through the
// ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all
// the child entries. So we have to clone the ctxBase --- not ideal, but it prevents
// multithreading issues.
DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children;
Debug.Assert(entries != null);
// The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned.
List<string> schemaTypes = GetSchemaFilter(principalType);
// Create the ResultSet that will perform the client-side filtering
SAMQuerySet resultSet = new SAMQuerySet(
schemaTypes,
entries,
_ctxBase,
-1, // no size limit
this,
new FindByDateMatcher(property, matchType, value));
return resultSet;
}
private ResultSet FindByDate(FindByDateMatcher.DateProperty property, MatchType matchType, DateTime value, Type principalType)
{
DirectoryEntries children = SDSUtils.BuildDirectoryEntry(this.ctxBase.Path, this.credentials, this.authTypes).Children;
List<string> schemaFilter = this.GetSchemaFilter(principalType);
SAMQuerySet sAMQuerySet = new SAMQuerySet(schemaFilter, children, this.ctxBase, -1, this, new FindByDateMatcher(property, matchType, value));
return sAMQuerySet;
}
internal override ResultSet Query(PrincipalSearcher ps, int sizeLimit)
{
QbeFilterDescription nativeSearcher = (QbeFilterDescription)this.PushFilterToNativeSearcher(ps);
DirectoryEntries children = SDSUtils.BuildDirectoryEntry(this.ctxBase.Path, this.credentials, this.authTypes).Children;
Type type = typeof(Principal);
if (ps.QueryFilter != null)
{
type = ps.QueryFilter.GetType();
}
List<string> schemaFilter = this.GetSchemaFilter(type);
SAMQuerySet sAMQuerySet = new SAMQuerySet(schemaFilter, children, this.ctxBase, sizeLimit, this, new QbeMatcher(nativeSearcher));
return sAMQuerySet;
}
internal override ResultSet GetGroupsMemberOf(Principal p)
{
if (p.fakePrincipal)
{
DirectoryEntries children = SDSUtils.BuildDirectoryEntry(this.ctxBase.Path, this.credentials, this.authTypes).Children;
List<string> schemaFilter = this.GetSchemaFilter(typeof(GroupPrincipal));
SecurityIdentifier sid = p.Sid;
byte[] numArray = new byte[sid.BinaryLength];
sid.GetBinaryForm(numArray, 0);
if (sid != null)
{
SAMQuerySet sAMQuerySet = new SAMQuerySet(schemaFilter, children, this.ctxBase, -1, this, new GroupMemberMatcher(numArray));
return sAMQuerySet;
}
else
{
throw new InvalidOperationException(StringResources.StoreCtxNeedValueSecurityIdentityClaimToQuery);
}
}
else
{
if (p as UserPrincipal != null)
{
DirectoryEntry underlyingObject = (DirectoryEntry)p.UnderlyingObject;
UnsafeNativeMethods.IADsMembers aDsMember = (UnsafeNativeMethods.IADsMembers)underlyingObject.Invoke("Groups", new object[0]);
ResultSet sAMGroupsSet = new SAMGroupsSet(aDsMember, this, this.ctxBase);
return sAMGroupsSet;
}
else
{
return new EmptySet();
}
}
}
