internal override int BindSasl(SafeHandle ld, Native.LdapAuthType authType, LdapCredential ldapCredential) { LdapConnect(ld); var cred = ToNative(ldapCredential); return(NativeMethodsWindows.ldap_bind_s(ld, null, cred, Native.LdapAuthMechanism.ToBindMethod(authType))); }
public async Task <List <ADComputer> > SearchADComputersAsync(LdapCredential ldapCredential, string query) { List <ADComputer> result = new List <ADComputer>(); if (ldapCredential is null) { throw new Exception("Failed to get LDAP Credentials"); } using (LdapConnection ldapConnection = await CreateBindAsync(ldapCredential.UserName, ldapCredential.Password)) { var filter = "(&(objectCategory=computer)(name=" + query + "*))"; var PropertiesToLoad = new string[] { "cn" }; string defaultNamingContext = _ldapOptions.Value.SearchBase; try { var ldapSearchResults = await ldapConnection.SearchAsync(defaultNamingContext, filter, PropertiesToLoad, Native.LdapSearchScope.LDAP_SCOPE_SUB); foreach (var ldapSearchResult in ldapSearchResults) { result.Add(new ADComputer(ldapSearchResult.DirectoryAttributes["cn"].GetValues <string>().First())); } } catch (Exception ex) { _logger.LogError(ex.Message); } } return(result); }
internal override int BindSasl(SafeHandle ld, Native.LdapAuthType authType, LdapCredential ldapCredential) { var mech = Native.LdapAuthMechanism.FromAuthType(authType); var cred = ToNative(ld, mech, ldapCredential); var rc = NativeMethodsOsx.ldap_sasl_interactive_bind_s(ld, null, mech, IntPtr.Zero, IntPtr.Zero, (uint) Native.LdapInteractionFlags.LDAP_SASL_QUIET, UnixSaslMethods.SaslInteractionProcedure, cred); Marshal.FreeHGlobal(cred); return rc; }
public async Task <bool> TestCredentialsAsync(LdapCredential ldapCredential) { using var connection = await CreateBindAsync(ldapCredential.UserName, ldapCredential.Password); if (connection != null) { return(true); } else { return(false); } }
internal override async Task <IntPtr> BindSaslAsync(SafeHandle ld, Native.LdapAuthType authType, LdapCredential ldapCredential, LDAP_TIMEVAL timeout) { var task = Task.Factory.StartNew(() => { int rc; var msgid = 0; var result = IntPtr.Zero; var rmech = IntPtr.Zero; var mech = Native.LdapAuthMechanism.FromAuthType(authType); var cred = ToNative(ld, mech, ldapCredential); var saslDefaults = Marshal.PtrToStructure <Native.LdapSaslDefaults>(cred); do { rc = NativeMethodsLinux.ldap_sasl_interactive_bind(ld, null, mech, IntPtr.Zero, IntPtr.Zero, (uint)Native.LdapInteractionFlags.LDAP_SASL_QUIET, UnixSaslMethods.SaslInteractionProcedure, cred, result, ref rmech, ref msgid); if (rc != (int)Native.ResultCode.SaslBindInProgress) { break; } ldap_msgfree(result); if (ldap_result(ld, msgid, 0, timeout, ref result) == Native.LdapResultType.LDAP_ERROR) { ThrowIfError(rc, nameof(NativeMethodsLinux.ldap_sasl_interactive_bind)); } if (result == IntPtr.Zero) { throw new LdapException(new LdapExceptionData("Result is not initialized", nameof(NativeMethodsLinux.ldap_sasl_interactive_bind), 1)); } } while (rc == (int)Native.ResultCode.SaslBindInProgress); Marshal.FreeHGlobal(cred); ThrowIfError(ld, rc, nameof(NativeMethodsLinux.ldap_sasl_interactive_bind), new Dictionary <string, string> { [nameof(saslDefaults)] = saslDefaults.ToString() }); return(result); }); return(await task.ConfigureAwait(false)); }
internal override async Task <IntPtr> BindSaslAsync(SafeHandle ld, Native.LdapAuthType authType, LdapCredential ldapCredential, LDAP_TIMEVAL timeout) { var cred = ToNative(ldapCredential); var task = Task.Factory.StartNew(() => { ThrowIfError( NativeMethodsWindows.ldap_bind_s(ld, null, cred, Native.LdapAuthMechanism.ToBindMethod(authType)), nameof(NativeMethodsWindows.ldap_bind_s)); return(IntPtr.Zero); }); return(await task.ConfigureAwait(false)); }
private static SEC_WINNT_AUTH_IDENTITY_EX ToNative(LdapCredential ldapCredential) { var cred = new SEC_WINNT_AUTH_IDENTITY_EX { version = NativeMethodsWindows.SEC_WINNT_AUTH_IDENTITY_VERSION, length = Marshal.SizeOf(typeof(SEC_WINNT_AUTH_IDENTITY_EX)), flags = NativeMethodsWindows.SEC_WINNT_AUTH_IDENTITY_UNICODE }; if (ldapCredential != null) { cred.user = string.IsNullOrEmpty(ldapCredential.UserName) ? null : ldapCredential.UserName; cred.userLength = ldapCredential.UserName?.Length ?? 0; cred.password = string.IsNullOrEmpty(ldapCredential.Password) ? null : ldapCredential.Password; cred.passwordLength = ldapCredential.Password?.Length ?? 0; cred.domain = string.IsNullOrEmpty(ldapCredential.Realm) ? null : ldapCredential.Realm; cred.domainLength = ldapCredential.Realm?.Length ?? 0; } return(cred); }
internal static IntPtr GetSaslCredentials(LdapCredential ldapCredential, Native.LdapSaslDefaults saslDefaults) { if (!string.IsNullOrWhiteSpace(ldapCredential?.UserName)) { saslDefaults.authcid = ldapCredential.UserName; } if (!string.IsNullOrWhiteSpace(ldapCredential?.Password)) { saslDefaults.passwd = ldapCredential.Password; } if (!string.IsNullOrWhiteSpace(ldapCredential?.AuthorizationId)) { saslDefaults.authzid = ldapCredential?.AuthorizationId; } var ptr = Marshal.AllocHGlobal(Marshal.SizeOf(saslDefaults)); Marshal.StructureToPtr(saslDefaults, ptr, false); return(ptr); }
public async Task <ADComputer> GetADComputerAsync(LdapCredential ldapCredential, string name) { ADComputer ADComputer = null; if (ldapCredential is null) { throw new Exception("Failed to get LDAP Credentials"); } using (LdapConnection ldapConnection = await CreateBindAsync(ldapCredential.UserName, ldapCredential.Password)) { string defaultNamingContext = _ldapOptions.Value.SearchBase; var ldapSearchResult = (await ldapConnection.SearchByCnAsync(defaultNamingContext, name, Native.LdapSearchScope.LDAP_SCOPE_SUB)).FirstOrDefault(); if (ldapSearchResult != null) { ADComputer = new ADComputer(ldapSearchResult.DirectoryAttributes["cn"].GetValues <string>().First()); if (ldapSearchResult.DirectoryAttributes.Any(x => x.Name == "ms-Mcs-AdmPwd")) { ADComputer.LAPSPassword = ldapSearchResult.DirectoryAttributes["ms-Mcs-AdmPwd"].GetValues <string>().First().ToString(); ADComputer.LAPSPasswordExpireDate = DateTime.FromFileTime(Convert.ToInt64(ldapSearchResult.DirectoryAttributes["ms-Mcs-AdmPwdExpirationTime"].GetValues <string>().First().ToString())); } else { throw new Exception("No permission to retrieve LAPS Password"); } } else { throw new Exception($"AD Computer {name} could not be found"); } } return(ADComputer); }
private static SEC_WINNT_AUTH_IDENTITY_EX GetCredentials(Native.LdapAuthType authType, LdapCredential ldapCredential) => authType == Native.LdapAuthType.External ? null : ToNative(ldapCredential);
internal abstract Task <IntPtr> BindSaslAsync(SafeHandle ld, LdapAuthType authType, LdapCredential ldapCredential, LDAP_TIMEVAL timeout);
internal abstract int BindSasl(SafeHandle ld, LdapAuthType authType, LdapCredential ldapCredential);
private IntPtr ToNative(SafeHandle ld, string mech, LdapCredential ldapCredential) { var saslDefaults = GetSaslDefaults(ld, mech); return(UnixSaslMethods.GetSaslCredentials(ldapCredential, saslDefaults)); }
internal abstract Task <IntPtr> BindSaslAsync(SafeHandle ld, LdapAuthType authType, LdapCredential ldapCredential);
public static string GetAccountInfo(string ip) { string ldapInfo = string.Empty; using (LdapConnection ldapConnection = new LdapConnection()) { try { ldapConnection.Connect(ip); LdapCredential anonymousCredential = new LdapCredential(); ldapConnection.Bind(Native.LdapAuthType.Simple, anonymousCredential); } catch { return("- No anonymous authentication allowed" + Environment.NewLine); } var rootDse = ldapConnection.GetRootDse(); IList <LdapEntry> searchEntries; try { if (!rootDse.Attributes.ContainsKey("defaultNamingContext")) { return("- rootDse has no defaultNamingContext. Keys: " + rootDse.Attributes.Count); } searchEntries = ldapConnection.Search(rootDse.Attributes["defaultNamingContext"][0], "(objectclass=user)", scope: Native.LdapSearchScope.LDAP_SCOPE_SUB); } catch (LdapException) { return("- No Anonymous Access Allowed"); } catch (Exception) { return(":<"); } foreach (var result in searchEntries) { string accountName = result.Attributes["sAMAccountName"].Count > 0 ? result.Attributes["sAMAccountName"][0].ToString() : string.Empty; if (accountName.Trim() == "System.Byte[]") { Console.WriteLine("Woof - Contact Reelix - Something broke in the LDAP Migration!!!"); //accountName = Encoding.UTF8.GetString((byte[])result.Attributes["samaccountname"][0]); } ldapInfo += " - Account Name: " + accountName + Environment.NewLine; string commonName = result.Attributes["cn"].Count > 0 ? (string)result.Attributes["cn"][0] : string.Empty; ldapInfo += " -- Common Name: " + commonName + Environment.NewLine; if (result.Attributes.ContainsKey("userPrincipalName")) { ldapInfo += " -- userPrincipalName: " + result.Attributes["userPrincipalName"][0] + Environment.NewLine; } if (result.Attributes["lastLogon"].Count == 1) { string lastLoggedIn = result.Attributes["lastLogon"][0]; if (lastLoggedIn != "0") { ldapInfo += " -- lastLogon: " + DateTime.FromFileTime(long.Parse(lastLoggedIn)) + Environment.NewLine; } } else { Console.WriteLine("Something broke with lastLogon :<"); } if (result.Attributes.ContainsKey("description")) { string description = (string)result.Attributes["description"][0]; ldapInfo += " -- Description: " + result.Attributes["description"][0] + Environment.NewLine; } } } return(ldapInfo.Trim(Environment.NewLine.ToCharArray())); }
public static string GetDefaultNamingContext(string ip, bool raw = false) { string ldapInfo = string.Empty; using (LdapConnection ldapConnection = new LdapConnection()) { ldapConnection.Connect(ip, 389); LdapCredential anonymousCredential = new LdapCredential(); try { ldapConnection.Bind(Native.LdapAuthType.Simple, anonymousCredential); } catch (LdapException le) { return("- Connection Error: " + le.Message + Environment.NewLine); } catch (Exception ex) { return("- Unknown Error: " + ex.Message + Environment.NewLine); } // ldapConnection.AuthType = AuthType.Anonymous; var searchEntries = ldapConnection.Search(null, "(objectclass=*)", scope: Native.LdapSearchScope.LDAP_SCOPE_BASE); // SearchRequest request = new SearchRequest(null, "(objectclass=*)", System.DirectoryServices.Protocols.SearchScope.Base, "defaultNamingContext"); // SearchResponse result = (SearchResponse)ldapConnection.SendRequest(request); if (searchEntries.Count == 1) { if (searchEntries[0].Attributes.ContainsKey("defaultNamingContext")) { string defaultNamingContext = searchEntries[0].Attributes["defaultNamingContext"][0].ToString(); if (raw) { ldapInfo = defaultNamingContext; } else { ldapInfo = $"- defaultNamingContext: {defaultNamingContext}" + Environment.NewLine; } } else if (searchEntries[0].Attributes.ContainsKey("objectClass")) { string objectClass = searchEntries[0].Attributes["objectClass"][0].ToString(); ldapInfo = "- No defaultNamingContext, but we have an objectClass: " + objectClass + Environment.NewLine; } else { ldapInfo = "- Error: No defaultNamingContext! Keys: " + searchEntries[0].Attributes.Count + Environment.NewLine; foreach (var item in searchEntries[0].Attributes) { ldapInfo += "- Found Key: " + item.Key + " with value " + item.Value + Environment.NewLine; } } } else { ldapInfo = "- Multiple items found! Bug Reelix!" + Environment.NewLine; } } return(ldapInfo); }