private Interfaces.ICommandResult AddAccount(string windowsServiceName)
{
try
{
WindowsServiceLogonUtil.ChangeWindowsServiceLogon(windowsServiceName, m_account, m_password);
WindowsGroupUtil.CreateGroup(Microsoft.TeamFoundation.Migration.Toolkit.Constants.TfsIntegrationExecWorkProcessGroupName,
Microsoft.TeamFoundation.Migration.Toolkit.Constants.TfsIntegrationExecWorkProcessGroupComment);
WindowsGroupUtil.AddMemberToGroup(
Microsoft.TeamFoundation.Migration.Toolkit.Constants.TfsIntegrationExecWorkProcessGroupName,
m_account);
var rslt = DBRoleUtil.CreateWindowsLogin(m_account);
if (rslt == DBRoleUtil.AccountsResult.Fail)
{
return(new ServiceAccountRslt(ResourceStrings.ErrorFailToAddAccountToTFSIPEXECRole, this));
}
else
{
rslt = DBRoleUtil.CreateTFSIPEXECRole();
}
if (rslt == DBRoleUtil.AccountsResult.Fail)
{
return(new ServiceAccountRslt(ResourceStrings.ErrorFailToAddAccountToTFSIPEXECRole, this));
}
else
{
rslt = DBRoleUtil.AddAccountToTFSIPEXECRole(m_account);
}
if (rslt == DBRoleUtil.AccountsResult.Fail)
{
return(new ServiceAccountRslt(ResourceStrings.ErrorFailToAddAccountToTFSIPEXECRole, this));
}
else
{
return(new ServiceAccountRslt(this));
}
}
catch (Exception e)
{
return(new ServiceAccountRslt(e.ToString(), this));
}
}
public static AccountValidationResult HasAllServiceAccountPermissions(
ServiceType serviceType,
string account,
SecurityIdentifier accountSid)
{
AccountValidationResult result = ServiceAccount.AccountValidationResult.Valid;
try
{
if (!DBRoleUtil.IsAccountInTFSIPEXECRole(account))
{
result |= ServiceAccount.AccountValidationResult.NotInTFSIPEXECRole;
}
if (!WindowsGroupUtil.IsMemberOfLocalGroup(Constants.TfsIntegrationExecWorkProcessGroupName, accountSid))
{
result |= ServiceAccount.AccountValidationResult.NotInTFSIPEXECWorkProcessGroup;
}
if (GlobalConfiguration.UseWindowsService)
{
string serviceName = s_serviceNames[serviceType];
if (!WindowsServiceLogonUtil.IsLogonAccountOfService(serviceName, account))
{
result |= ServiceAccount.AccountValidationResult.NotTfsIntegrationServiceLogonAccount;
}
}
}
catch (InvalidConfigurationException e)
{
throw;
}
catch (Exception e)
{
TraceManager.TraceException(e);
result |= ServiceAccount.AccountValidationResult.ValidationFailed;
}
return(result);
}
private AccountValidationResult GrantPermissions(ref AccountValidationResult result)
{
string account = WindowsIdentity.GetCurrent().Name;
if ((result & AccountValidationResult.NotInTFSIPEXECRole) != 0)
{
try
{
var rslt = DBRoleUtil.CreateWindowsLogin(account);
if (rslt != DBRoleUtil.AccountsResult.Fail)
{
rslt = DBRoleUtil.CreateTFSIPEXECRole();
}
if (rslt != DBRoleUtil.AccountsResult.Fail)
{
rslt = DBRoleUtil.AddAccountToTFSIPEXECRole(account);
}
if (rslt != DBRoleUtil.AccountsResult.Fail)
{
result &= ~AccountValidationResult.NotInTFSIPEXECRole;
}
}
catch { }
}
if ((result & AccountValidationResult.NotInTFSIPEXECWorkProcessGroup) != 0)
{
try
{
WindowsGroupUtil.CreateGroup(Constants.TfsIntegrationExecWorkProcessGroupName, Constants.TfsIntegrationExecWorkProcessGroupComment);
WindowsGroupUtil.AddMemberToGroup(Constants.TfsIntegrationExecWorkProcessGroupName, account);
result &= ~AccountValidationResult.NotInTFSIPEXECWorkProcessGroup;
}
catch { }
}
return(result);
}
public override Interfaces.ICommandResult Run()
{
if (!Utility.IsRunAsAdministrator())
{
return(new GrantAccessControlRslt(
string.Format(ResourceStrings.ErrorNeedAdminPrivilegeToRunCommandFormat, this.CommandName), this));
}
try
{
WindowsGroupUtil.CreateGroup(Microsoft.TeamFoundation.Migration.Toolkit.Constants.TfsIntegrationExecWorkProcessGroupName,
Microsoft.TeamFoundation.Migration.Toolkit.Constants.TfsIntegrationExecWorkProcessGroupComment);
}
catch (Exception e)
{
return(new GrantAccessControlRslt(e.Message, this));
}
string dataFolderPath = string.Empty;
try
{
dataFolderPath = GlobalConfiguration.WorkSpaceRoot;
}
catch (System.UnauthorizedAccessException)
{
// The caller does not have the required permission.
return(new GrantAccessControlRslt(
string.Format(ResourceStrings.ErrorUnauthorizedAccessCreatingDataFolderInfoFormat, GlobalConfiguration.GlobalConfigPath), this));
}
catch (System.ArgumentNullException)
{
// path is null
return(new GrantAccessControlRslt(
string.Format(ResourceStrings.ErrorDataFolderInvalidPathInfoFormat, GlobalConfiguration.GlobalConfigPath), this));
}
catch (System.ArgumentException)
{
// path is a zero-length string, contains only white space, or contains one
// or more invalid characters as defined by System.IO.Path.InvalidPathChars.-or-path
// is prefixed with, or contains only a colon character (:).
return(new GrantAccessControlRslt(
string.Format(ResourceStrings.ErrorDataFolderInvalidPathInfoFormat, GlobalConfiguration.GlobalConfigPath), this));
}
catch (System.IO.PathTooLongException)
{
// The specified path, file name, or both exceed the system-defined maximum
// length. For example, on Windows-based platforms, paths must be less than
// 248 characters and file names must be less than 260 characters.
}
catch (System.IO.DirectoryNotFoundException)
{
// The specified path is invalid (for example, it is on an unmapped drive).
return(new GrantAccessControlRslt(
string.Format(ResourceStrings.ErrorDataFolderInvalidPathInfoFormat, GlobalConfiguration.GlobalConfigPath), this));
}
catch (System.IO.IOException)
{
// The directory specified by path is read-only.
// eat this exception
}
catch (System.NotSupportedException)
{
// path contains a colon character (:) that is not part of a drive label ("C:\").
return(new GrantAccessControlRslt(
string.Format(ResourceStrings.ErrorDataFolderInvalidPathInfoFormat, GlobalConfiguration.GlobalConfigPath), this));
}
System.Diagnostics.Debug.Assert(!string.IsNullOrEmpty(dataFolderPath), "Data fold path is null or empty");
try
{
WindowsGroupUtil.SetGroupAcl(Microsoft.TeamFoundation.Migration.Toolkit.Constants.TfsIntegrationExecWorkProcessGroupName,
dataFolderPath, System.Security.AccessControl.FileSystemRights.FullControl);
return(new GrantAccessControlRslt(this));
}
catch (System.UnauthorizedAccessException)
{
// The current process does not have access to open the file.
return(new GrantAccessControlRslt(
string.Format(ResourceStrings.ErrorUnauthorizedAccessUpdatingDataFolderInfoFormat, dataFolderPath), this));
}
catch (System.PlatformNotSupportedException)
{
// The current operating system is not Microsoft Windows 2000 or later.
return(new GrantAccessControlRslt(
ResourceStrings.ErrorUnsupportedPlatformUpdatingDataFolderInfo, this));
}
catch (System.SystemException)
{
// The file could not be found or modified.
return(new GrantAccessControlRslt(
string.Format(ResourceStrings.ErrorDataFolderNotFoundOrUnmodifiableInfoFormat, dataFolderPath), this));
}
}
