internal static void InsertPrincipal(Principal p, StoreCtx storeCtx, SDSUtils.GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes, bool needToSetPassword)
{
if (p as UserPrincipal != null || p as GroupPrincipal != null || p as AuthenticablePrincipal != null || p as ComputerPrincipal != null)
{
SDSUtils.ApplyChangesToDirectory(p, storeCtx, updateGroupMembership, credentials, authTypes);
if (needToSetPassword && p.GetChangeStatusForProperty("AuthenticablePrincipal.PasswordInfo.Password"))
{
string valueForProperty = (string)p.GetValueForProperty("AuthenticablePrincipal.PasswordInfo.Password");
storeCtx.SetPassword((AuthenticablePrincipal)p, valueForProperty);
}
if (p.GetChangeStatusForProperty("AuthenticablePrincipal.PasswordInfo.ExpireImmediately"))
{
bool flag = (bool)p.GetValueForProperty("AuthenticablePrincipal.PasswordInfo.ExpireImmediately");
if (flag)
{
storeCtx.ExpirePassword((AuthenticablePrincipal)p);
}
}
return;
}
else
{
object[] str = new object[1];
str[0] = p.GetType().ToString();
throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture, StringResources.StoreCtxUnsupportedPrincipalTypeForSave, str));
}
}
protected QbeFilterDescription BuildQbeFilterDescription(Principal p)
{
QbeFilterDescription qbeFilterDescription = new QbeFilterDescription();
// We don't have to check to make sure the application didn't try to set any
// disallowed properties (i..e, referential properties, such as Group.Members),
// because that check was enforced by the PrincipalSearcher in its
// FindAll() and GetUnderlyingSearcher() methods, by calling
// PrincipalSearcher.HasReferentialPropertiesSet().
if (p is Principal)
{
BuildFilterSet(p, principalProperties, qbeFilterDescription);
}
if (p is AuthenticablePrincipal)
{
BuildFilterSet(p, authenticablePrincipalProperties, qbeFilterDescription);
}
if (p is UserPrincipal) // includes AccountInfo and PasswordInfo
{
// AcctInfoExpirationDate and AcctInfoExpiredAccount represent filters on the same property
// check that only one is specified
if (p.GetChangeStatusForProperty(PropertyNames.AcctInfoExpirationDate) &&
p.GetChangeStatusForProperty(PropertyNames.AcctInfoExpiredAccount))
{
throw new InvalidOperationException(
String.Format(
CultureInfo.CurrentCulture,
StringResources.StoreCtxMultipleFiltersForPropertyUnsupported,
PropertyNamesExternal.GetExternalForm(ExpirationDateFilter.PropertyNameStatic)));
}
BuildFilterSet(p, userProperties, qbeFilterDescription);
}
if (p is GroupPrincipal)
{
BuildFilterSet(p, groupProperties, qbeFilterDescription);
}
if (p is ComputerPrincipal)
{
BuildFilterSet(p, computerProperties, qbeFilterDescription);
}
return(qbeFilterDescription);
}
protected QbeFilterDescription BuildQbeFilterDescription(Principal p)
{
QbeFilterDescription qbeFilterDescription = new QbeFilterDescription();
if (p != null)
{
this.BuildFilterSet(p, StoreCtx.principalProperties, qbeFilterDescription);
}
if (p as AuthenticablePrincipal != null)
{
this.BuildFilterSet(p, StoreCtx.authenticablePrincipalProperties, qbeFilterDescription);
}
if (p as UserPrincipal != null)
{
if (!p.GetChangeStatusForProperty("AuthenticablePrincipal.AccountInfo.AccountExpirationDate") || !p.GetChangeStatusForProperty("AuthenticablePrincipal.AccountInfoExpired"))
{
this.BuildFilterSet(p, StoreCtx.userProperties, qbeFilterDescription);
}
else
{
object[] externalForm = new object[1];
externalForm[0] = PropertyNamesExternal.GetExternalForm("AuthenticablePrincipal.AccountInfo.AccountExpirationDate");
throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture, StringResources.StoreCtxMultipleFiltersForPropertyUnsupported, externalForm));
}
}
if (p as GroupPrincipal != null)
{
this.BuildFilterSet(p, StoreCtx.groupProperties, qbeFilterDescription);
}
if (p as ComputerPrincipal != null)
{
this.BuildFilterSet(p, StoreCtx.computerProperties, qbeFilterDescription);
}
return(qbeFilterDescription);
}
internal static void ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, SDSUtils.GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)
{
DirectoryEntry native = (DirectoryEntry)storeCtx.PushChangesToNative(p);
try
{
native.CommitChanges();
}
catch (COMException cOMException1)
{
COMException cOMException = cOMException1;
throw ExceptionHelper.GetExceptionFromCOMException(cOMException);
}
if (p as GroupPrincipal != null && p.GetChangeStatusForProperty("GroupPrincipal.Members"))
{
updateGroupMembership(p, native, credentials, authTypes);
}
}
static internal void ApplyChangesToDirectory(
Principal p,
StoreCtx storeCtx,
GroupMembershipUpdater updateGroupMembership,
NetCred credentials,
AuthenticationTypes authTypes)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "Entering ApplyChangesToDirectory");
Debug.Assert(storeCtx != null);
Debug.Assert(storeCtx is ADStoreCtx || storeCtx is SAMStoreCtx || storeCtx is ADAMStoreCtx);
Debug.Assert(p != null);
Debug.Assert(updateGroupMembership != null);
// Update the properties in the DirectoryEntry. Note that this does NOT
// update group membership.
DirectoryEntry de = (DirectoryEntry)storeCtx.PushChangesToNative(p);
Debug.Assert(de == p.UnderlyingObject);
// Commit the property update
try
{
de.CommitChanges();
}
catch (System.Runtime.InteropServices.COMException e)
{
GlobalDebug.WriteLineIf(GlobalDebug.Error, "SDSUtils", "ApplyChangesToDirectory: caught COMException with message " + e.Message);
throw (ExceptionHelper.GetExceptionFromCOMException(e));
}
if ((p is GroupPrincipal) && (p.GetChangeStatusForProperty(PropertyNames.GroupMembers)))
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "ApplyChangesToDirectory: Updating group membership");
// It's a group, and it's membership has changed. Commit those membership changes.
// Note that this is an immediate operation, because it goes through IADsGroup,
// and does not require a call to de.CommitChanges().
updateGroupMembership(p, de, credentials, authTypes);
}
}
private bool HasReferentialPropertiesSet()
{
// If using a null query filter, nothing to validate, as it can't have any referential
// properties set.
if (_qbeFilter == null)
{
return(false);
}
// Since the QBE filter must be in the "unpersisted" state, any set properties have their changed
// flag still set (qbeFilter.GetChangeStatusForProperty() == true). Therefore, checking which properties
// have been set == checking which properties have their change flag set to true.
Debug.Assert(_qbeFilter.unpersisted == true);
// Retrieve the list of referential properties for this type of Principal.
// If this type of Principal doesn't have any, the Properties hashtable will return null.
Type t = _qbeFilter.GetType();
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalSearcher", "HasReferentialPropertiesSet: using type " + t.ToString());
ArrayList referentialProperties = (ArrayList)ReferentialProperties.Properties[t];
if (referentialProperties != null)
{
foreach (string propertyName in referentialProperties)
{
if (_qbeFilter.GetChangeStatusForProperty(propertyName) == true)
{
// Property was set.
GlobalDebug.WriteLineIf(GlobalDebug.Warn, "PrincipalSearcher", "HasReferentialPropertiesSet: found ref property " + propertyName);
return(true);
}
}
}
return(false);
}
static internal void InsertPrincipal(
Principal p,
StoreCtx storeCtx,
GroupMembershipUpdater updateGroupMembership,
NetCred credentials,
AuthenticationTypes authTypes,
bool needToSetPassword)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "Entering InsertPrincipal");
Debug.Assert(storeCtx != null);
Debug.Assert(storeCtx is ADStoreCtx || storeCtx is SAMStoreCtx);
Debug.Assert(p != null);
if ((!(p is UserPrincipal)) &&
(!(p is GroupPrincipal)) &&
(!(p is AuthenticablePrincipal)) &&
(!(p is ComputerPrincipal)))
{
// It's not a type of Principal that we support
GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SDSUtils", "InsertPrincipal: Bad principal type:" + p.GetType().ToString());
throw new InvalidOperationException(
String.Format(CultureInfo.CurrentCulture, SR.StoreCtxUnsupportedPrincipalTypeForSave, p.GetType().ToString()));
}
// Commit the properties
SDSUtils.ApplyChangesToDirectory(
p,
storeCtx,
updateGroupMembership,
credentials,
authTypes
);
// Handle any saved-off operations
// For SAM, we set password elsewhere prior to creating the principal, so needToSetPassword == false
// For AD, we have to set the password after creating the principal, so needToSetPassword == true
if (needToSetPassword && p.GetChangeStatusForProperty(PropertyNames.PwdInfoPassword))
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "InsertPrincipal: Setting password");
// Only AuthenticablePrincipals can have PasswordInfo
Debug.Assert(p is AuthenticablePrincipal);
string password = (string)p.GetValueForProperty(PropertyNames.PwdInfoPassword);
Debug.Assert(password != null); // if null, PasswordInfo should not have indicated it was changed
storeCtx.SetPassword((AuthenticablePrincipal)p, password);
}
if (p.GetChangeStatusForProperty(PropertyNames.PwdInfoExpireImmediately))
{
// Only AuthenticablePrincipals can have PasswordInfo
Debug.Assert(p is AuthenticablePrincipal);
bool expireImmediately = (bool)p.GetValueForProperty(PropertyNames.PwdInfoExpireImmediately);
if (expireImmediately)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "InsertPrincipal: Setting pwd expired");
storeCtx.ExpirePassword((AuthenticablePrincipal)p);
}
}
}
private void BuildFilterSet(Principal p, string[] propertySet, QbeFilterDescription qbeFilterDescription)
{
foreach (string propertyName in propertySet)
{
if (p.GetChangeStatusForProperty(propertyName))
{
// Property has changed. Add it to the filter set.
object value = p.GetValueForProperty(propertyName);
GlobalDebug.WriteLineIf(
GlobalDebug.Info,
"StoreCtx",
"BuildFilterSet: type={0}, property name={1}, property value={2} of type {3}",
p.GetType().ToString(),
propertyName,
value.ToString(),
value.GetType().ToString());
// Build the right filter based on type of the property value
if (value is PrincipalValueCollection <string> )
{
PrincipalValueCollection <string> trackingList = (PrincipalValueCollection <string>)value;
foreach (string s in trackingList.Inserted)
{
object filter = FilterFactory.CreateFilter(propertyName);
((FilterBase)filter).Value = (string)s;
qbeFilterDescription.FiltersToApply.Add(filter);
}
}
else if (value is X509Certificate2Collection)
{
// Since QBE filter objects are always unpersisted, any certs in the collection
// must have been inserted by the application.
X509Certificate2Collection certCollection = (X509Certificate2Collection)value;
foreach (X509Certificate2 cert in certCollection)
{
object filter = FilterFactory.CreateFilter(propertyName);
((FilterBase)filter).Value = (X509Certificate2)cert;
qbeFilterDescription.FiltersToApply.Add(filter);
}
}
else
{
// It's not one of the multivalued cases. Try the scalar cases.
object filter = FilterFactory.CreateFilter(propertyName);
if (value == null)
{
((FilterBase)filter).Value = null;
}
else if (value is bool)
{
((FilterBase)filter).Value = (bool)value;
}
else if (value is string)
{
((FilterBase)filter).Value = (string)value;
}
else if (value is GroupScope)
{
((FilterBase)filter).Value = (GroupScope)value;
}
else if (value is byte[])
{
((FilterBase)filter).Value = (byte[])value;
}
else if (value is Nullable <DateTime> )
{
((FilterBase)filter).Value = (Nullable <DateTime>)value;
}
else if (value is ExtensionCache)
{
((FilterBase)filter).Value = (ExtensionCache)value;
}
else if (value is QbeMatchType)
{
((FilterBase)filter).Value = (QbeMatchType)value;
}
else
{
// Internal error. Didn't match either the known multivalued or scalar cases.
Debug.Fail(String.Format(
CultureInfo.CurrentCulture,
"StoreCtx.BuildFilterSet: fell off end looking for {0} of type {1}",
propertyName,
value.GetType().ToString()
));
}
qbeFilterDescription.FiltersToApply.Add(filter);
}
}
}
}
private void BuildFilterSet(Principal p, string[] propertySet, QbeFilterDescription qbeFilterDescription)
{
string[] strArrays = propertySet;
for (int i = 0; i < (int)strArrays.Length; i++)
{
string str = strArrays[i];
if (p.GetChangeStatusForProperty(str))
{
object valueForProperty = p.GetValueForProperty(str);
if (valueForProperty as PrincipalValueCollection <string> == null)
{
if (valueForProperty as X509Certificate2Collection == null)
{
object obj = FilterFactory.CreateFilter(str);
if (valueForProperty != null)
{
if (!valueForProperty as bool)
{
if (valueForProperty as string == null)
{
if (valueForProperty as GroupScope == GroupScope.Local)
{
if (valueForProperty as byte[] == null)
{
if (valueForProperty as DateTime? == null)
{
if (valueForProperty as ExtensionCache == null)
{
if (valueForProperty as QbeMatchType != null)
{
((FilterBase)obj).Value = (QbeMatchType)valueForProperty;
}
}
else
{
((FilterBase)obj).Value = (ExtensionCache)valueForProperty;
}
}
else
{
((FilterBase)obj).Value = (DateTime?)valueForProperty;
}
}
else
{
((FilterBase)obj).Value = (byte[])valueForProperty;
}
}
else
{
((FilterBase)obj).Value = (GroupScope)valueForProperty;
}
}
else
{
((FilterBase)obj).Value = (string)valueForProperty;
}
}
else
{
((FilterBase)obj).Value = (bool)valueForProperty;
}
}
else
{
((FilterBase)obj).Value = null;
}
qbeFilterDescription.FiltersToApply.Add(obj);
}
else
{
X509Certificate2Collection x509Certificate2Collection = (X509Certificate2Collection)valueForProperty;
X509Certificate2Enumerator enumerator = x509Certificate2Collection.GetEnumerator();
while (enumerator.MoveNext())
{
X509Certificate2 current = enumerator.Current;
object obj1 = FilterFactory.CreateFilter(str);
((FilterBase)obj1).Value = current;
qbeFilterDescription.FiltersToApply.Add(obj1);
}
}
}
else
{
PrincipalValueCollection <string> strs = (PrincipalValueCollection <string>)valueForProperty;
foreach (string inserted in strs.Inserted)
{
object obj2 = FilterFactory.CreateFilter(str);
((FilterBase)obj2).Value = inserted;
qbeFilterDescription.FiltersToApply.Add(obj2);
}
}
}
}
}