static internal void WriteAttribute <T>(string dePath, string attribute, T value, NetCred credentials, AuthenticationTypes authTypes) { Debug.Assert(attribute != null && attribute.Length > 0); // Ideally, we'd just like to set the property in the principal's DirectoryEntry and write // the changes to the store. However, there might be other changes in the DirectoryEntry, // and we don't want to write all of them to the store. So we must make // a fresh DirectoryEntry and write using that. DirectoryEntry copyOfDe = null; try { copyOfDe = SDSUtils.BuildDirectoryEntry(dePath, credentials, authTypes); Debug.Assert(copyOfDe != null); // So we don't do a implicit GetInfo() and retrieve every attribute copyOfDe.RefreshCache(new string[] { attribute }); copyOfDe.Properties[attribute].Value = value; copyOfDe.CommitChanges(); } catch (System.Runtime.InteropServices.COMException e) { // ADSI threw an exception trying to write the change throw ExceptionHelper.GetExceptionFromCOMException(e); } finally { if (copyOfDe != null) { copyOfDe.Dispose(); } } }
static internal void InsertPrincipal( Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes, bool needToSetPassword) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "Entering InsertPrincipal"); Debug.Assert(storeCtx != null); Debug.Assert(storeCtx is ADStoreCtx || storeCtx is SAMStoreCtx); Debug.Assert(p != null); if ((!(p is UserPrincipal)) && (!(p is GroupPrincipal)) && (!(p is AuthenticablePrincipal)) && (!(p is ComputerPrincipal))) { // It's not a type of Principal that we support GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SDSUtils", "InsertPrincipal: Bad principal type:" + p.GetType().ToString()); throw new InvalidOperationException( String.Format(CultureInfo.CurrentCulture, SR.StoreCtxUnsupportedPrincipalTypeForSave, p.GetType().ToString())); } // Commit the properties SDSUtils.ApplyChangesToDirectory( p, storeCtx, updateGroupMembership, credentials, authTypes ); // Handle any saved-off operations // For SAM, we set password elsewhere prior to creating the principal, so needToSetPassword == false // For AD, we have to set the password after creating the principal, so needToSetPassword == true if (needToSetPassword && p.GetChangeStatusForProperty(PropertyNames.PwdInfoPassword)) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "InsertPrincipal: Setting password"); // Only AuthenticablePrincipals can have PasswordInfo Debug.Assert(p is AuthenticablePrincipal); string password = (string)p.GetValueForProperty(PropertyNames.PwdInfoPassword); Debug.Assert(password != null); // if null, PasswordInfo should not have indicated it was changed storeCtx.SetPassword((AuthenticablePrincipal)p, password); } if (p.GetChangeStatusForProperty(PropertyNames.PwdInfoExpireImmediately)) { // Only AuthenticablePrincipals can have PasswordInfo Debug.Assert(p is AuthenticablePrincipal); bool expireImmediately = (bool)p.GetValueForProperty(PropertyNames.PwdInfoExpireImmediately); if (expireImmediately) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "InsertPrincipal: Setting pwd expired"); storeCtx.ExpirePassword((AuthenticablePrincipal)p); } } }
// Get groups of which p is a direct member internal override ResultSet GetGroupsMemberOf(Principal p) { // Enforced by the methods that call us Debug.Assert(p.unpersisted == false); if (!p.fakePrincipal) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: is real principal"); // No nested groups or computers as members of groups in SAM if (!(p is UserPrincipal)) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: not a user, returning empty set"); return(new EmptySet()); } Debug.Assert(p.UnderlyingObject != null); DirectoryEntry userDE = (DirectoryEntry)p.UnderlyingObject; UnsafeNativeMethods.IADsMembers iadsMembers = (UnsafeNativeMethods.IADsMembers)userDE.Invoke("Groups"); ResultSet resultSet = new SAMGroupsSet(iadsMembers, this, _ctxBase); return(resultSet); } else { // ADSI's IADsGroups doesn't work for fake principals like NT AUTHORITY\NETWORK SERVICE // We use the same SAMQuery set that we use for query-by-example, but with a different // SAMMatcher class to match groups which contain the specified principal as a member // Get the entries we'll iterate over. Write access to Children is controlled through the // ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all // the child entries. So we have to clone the ctxBase --- not ideal, but it prevents // multithreading issues. DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children; Debug.Assert(entries != null); // The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned. List <string> schemaTypes = GetSchemaFilter(typeof(GroupPrincipal)); SecurityIdentifier principalSid = p.Sid; byte[] SidB = new byte[principalSid.BinaryLength]; principalSid.GetBinaryForm(SidB, 0); if (principalSid == null) { GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SAMStoreCtx", "GetGroupsMemberOf: bad SID IC"); throw new InvalidOperationException(SR.StoreCtxNeedValueSecurityIdentityClaimToQuery); } // Create the ResultSet that will perform the client-side filtering SAMQuerySet resultSet = new SAMQuerySet( schemaTypes, entries, _ctxBase, -1, // no size limit this, new GroupMemberMatcher(SidB)); return(resultSet); } }
private void DoLDAPDirectoryInitNoContainer() { byte[] USERS_CONTAINER_GUID = new byte[] { 0xa9, 0xd1, 0xca, 0x15, 0x76, 0x88, 0x11, 0xd1, 0xad, 0xed, 0x00, 0xc0, 0x4f, 0xd8, 0xd5, 0xcd }; byte[] COMPUTERS_CONTAINER_GUID = new byte[] { 0xaa, 0x31, 0x28, 0x25, 0x76, 0x88, 0x11, 0xd1, 0xad, 0xed, 0x00, 0xc0, 0x4f, 0xd8, 0xd5, 0xcd }; // The StoreCtxs that will be used in the PrincipalContext, and their associated DirectoryEntry objects. DirectoryEntry deUserGroupOrg = null; DirectoryEntry deComputer = null; DirectoryEntry deBase = null; ADStoreCtx storeCtxUserGroupOrg = null; ADStoreCtx storeCtxComputer = null; ADStoreCtx storeCtxBase = null; GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "Entering DoLDAPDirectoryInitNoContainer"); // // Build a DirectoryEntry that represents the root of the domain. // // Use the RootDSE to find the default naming context DirectoryEntry deRootDse = null; string adsPathBase; // use the servername if they gave us one, else let ADSI figure it out string serverName = ""; if (_name != null) { serverName = _name + "/"; } GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: serverName is " + serverName); // use the options they specified AuthenticationTypes authTypes = SDSUtils.MapOptionsToAuthTypes(_options); GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: authTypes is " + authTypes.ToString()); try { deRootDse = new DirectoryEntry("LDAP://" + serverName + "rootDse", _username, _password, authTypes); // This will also detect if the server is down or nonexistent string domainNC = (string)deRootDse.Properties["defaultNamingContext"][0]; adsPathBase = "LDAP://" + serverName + domainNC; GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: domainNC is " + domainNC); GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: adsPathBase is " + adsPathBase); } finally { // Don't allow the DE to leak deRootDse?.Dispose(); } try { // Build a DE for the root of the domain using the retrieved naming context deBase = new DirectoryEntry(adsPathBase, _username, _password, authTypes); // Set the password port to the ssl port read off of the rootDSE. Without this // password change/set won't work when we connect without SSL and ADAM is running // on non-standard port numbers. We have already verified directory connectivity at this point // so this should always succeed. if (_serverProperties.portSSL > 0) { deBase.Options.PasswordPort = _serverProperties.portSSL; } // // Use the wellKnownObjects attribute to determine the default location // for users and computers. // string adsPathUserGroupOrg = null; string adsPathComputer = null; PropertyValueCollection wellKnownObjectValues = deBase.Properties["wellKnownObjects"]; foreach (UnsafeNativeMethods.IADsDNWithBinary value in wellKnownObjectValues) { if (Utils.AreBytesEqual(USERS_CONTAINER_GUID, (byte[])value.BinaryValue)) { Debug.Assert(adsPathUserGroupOrg == null); adsPathUserGroupOrg = "LDAP://" + serverName + value.DNString; GlobalDebug.WriteLineIf( GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: found USER, adsPathUserGroupOrg is " + adsPathUserGroupOrg); } // Is it the computer container? if (Utils.AreBytesEqual(COMPUTERS_CONTAINER_GUID, (byte[])value.BinaryValue)) { Debug.Assert(adsPathComputer == null); adsPathComputer = "LDAP://" + serverName + value.DNString; GlobalDebug.WriteLineIf( GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: found COMPUTER, adsPathComputer is " + adsPathComputer); } } if ((adsPathUserGroupOrg == null) || (adsPathComputer == null)) { // Something's wrong with the domain, it's not exposing the proper // well-known object fields. throw new PrincipalOperationException(SR.ContextNoWellKnownObjects); } // // Build DEs for the Users and Computers containers. // The Users container will also be used as the default for Groups. // The reason there are different contexts for groups, users and computers is so that // when a principal is created it will go into the appropriate default container. This is so users don't // by default create principals in the root of their directory. When a search happens the base context is used so that // the whole directory will be covered. // deUserGroupOrg = new DirectoryEntry(adsPathUserGroupOrg, _username, _password, authTypes); deComputer = new DirectoryEntry(adsPathComputer, _username, _password, authTypes); StoreCtx userStore = CreateContextFromDirectoryEntry(deUserGroupOrg); _userCtx = userStore; _groupCtx = userStore; deUserGroupOrg = null; // since we handed off ownership to the StoreCtx _computerCtx = CreateContextFromDirectoryEntry(deComputer); deComputer = null; _queryCtx = CreateContextFromDirectoryEntry(deBase); _connectedServer = ADUtils.GetServerName(deBase); deBase = null; } catch (Exception e) { GlobalDebug.WriteLineIf(GlobalDebug.Error, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: caught exception of type " + e.GetType().ToString() + " and message " + e.Message); // Cleanup on failure. Once a DE has been successfully handed off to a ADStoreCtx, // that ADStoreCtx will handle Dispose()'ing it deUserGroupOrg?.Dispose(); deComputer?.Dispose(); deBase?.Dispose(); storeCtxUserGroupOrg?.Dispose(); storeCtxComputer?.Dispose(); storeCtxBase?.Dispose(); throw; } }
private void DoLDAPDirectoryInit() { // use the servername if they gave us one, else let ADSI figure it out string serverName = ""; if (_name != null) { if (_contextType == ContextType.ApplicationDirectory) { serverName = _serverProperties.dnsHostName + ":" + ((ContextOptions.SecureSocketLayer & _options) > 0 ? _serverProperties.portSSL : _serverProperties.portLDAP); } else { serverName = _name; } serverName += "/"; } GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInit: serverName is " + serverName); // use the options they specified AuthenticationTypes authTypes = SDSUtils.MapOptionsToAuthTypes(_options); GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInit: authTypes is " + authTypes.ToString()); DirectoryEntry de = new DirectoryEntry("LDAP://" + serverName + _container, _username, _password, authTypes); try { // Set the password port to the ssl port read off of the rootDSE. Without this // password change/set won't work when we connect without SSL and ADAM is running // on non-standard port numbers. We have already verified directory connectivity at this point // so this should always succeed. if (_serverProperties.portSSL > 0) { de.Options.PasswordPort = _serverProperties.portSSL; } StoreCtx storeCtx = CreateContextFromDirectoryEntry(de); _queryCtx = storeCtx; _userCtx = storeCtx; _groupCtx = storeCtx; _computerCtx = storeCtx; _connectedServer = ADUtils.GetServerName(de); de = null; } catch (System.Runtime.InteropServices.COMException e) { throw ExceptionHelper.GetExceptionFromCOMException(e); } catch (Exception e) { GlobalDebug.WriteLineIf(GlobalDebug.Error, "PrincipalContext", "DoLDAPDirectoryInit: caught exception of type " + e.GetType().ToString() + " and message " + e.Message); throw; } finally { // Cleanup the DE on failure de?.Dispose(); } }
private bool MoveNextLocal() { bool needToRetry; do { needToRetry = false; bool f = _membersEnumerator.MoveNext(); if (f) // got a value { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: got a value from the enumerator"); UnsafeNativeMethods.IADs nativeMember = (UnsafeNativeMethods.IADs)_membersEnumerator.Current; // If we encountered a group member corresponding to a fake principal such as // NT AUTHORITY/NETWORK SERVICE, construct and prepare to return the fake principal. byte[] sid = (byte[])nativeMember.Get("objectSid"); SidType sidType = Utils.ClassifySID(sid); if (sidType == SidType.FakeObject) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: fake principal, sid={0}", Utils.ByteArrayToString(sid)); _currentFakePrincipal = _storeCtx.ConstructFakePrincipalFromSID(sid); _current = null; _currentForeign = null; if (_foreignResultSet != null) { _foreignResultSet.Dispose(); } _foreignResultSet = null; return(true); } // We do this, rather than using the DirectoryEntry constructor that takes a native IADs object, // is so the credentials get transferred to the new DirectoryEntry. If we just use the native // object constructor, the native object will have the right credentials, but the DirectoryEntry // will have default (null) credentials, which it'll use anytime it needs to use credentials. DirectoryEntry de = SDSUtils.BuildDirectoryEntry( _storeCtx.Credentials, _storeCtx.AuthTypes); if (sidType == SidType.RealObjectFakeDomain) { // Transform the "WinNT://BUILTIN/foo" path to "WinNT://machineName/foo" string builtinADsPath = nativeMember.ADsPath; UnsafeNativeMethods.Pathname pathCracker = new UnsafeNativeMethods.Pathname(); UnsafeNativeMethods.IADsPathname pathName = (UnsafeNativeMethods.IADsPathname)pathCracker; pathName.Set(builtinADsPath, 1 /* ADS_SETTYPE_FULL */); // Build the "WinNT://" portion of the new path StringBuilder adsPath = new StringBuilder(); adsPath.Append("WinNT://"); //adsPath.Append(pathName.Retrieve(9 /*ADS_FORMAT_SERVER */)); // Build the "WinNT://machineName/" portion of the new path adsPath.Append(_storeCtx.MachineUserSuppliedName); adsPath.Append('/'); // Build the "WinNT://machineName/foo" portion of the new path int cElements = pathName.GetNumElements(); Debug.Assert(cElements >= 2); // "WinNT://BUILTIN/foo" == 2 elements // Note that the ADSI WinNT provider indexes them backwards, e.g., in // "WinNT://BUILTIN/A/B", BUILTIN == 2, A == 1, B == 0. for (int i = cElements - 2; i >= 0; i--) { adsPath.Append(pathName.GetElement(i)); adsPath.Append('/'); } adsPath.Remove(adsPath.Length - 1, 1); // remove the trailing "/" de.Path = adsPath.ToString(); GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: fake domain: {0} --> {1}", builtinADsPath, adsPath); } else { Debug.Assert(sidType == SidType.RealObject); de.Path = nativeMember.ADsPath; GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: real domain {0}", de.Path); } // Debug.Assert(Utils.AreBytesEqual(sid, (byte[]) de.Properties["objectSid"].Value)); if (IsLocalMember(sid)) { // If we're processing recursively, and the member is a group, // we don't return it but instead treat it as something to recursively // visit (expand) later. if (!_recursive || !SAMUtils.IsOfObjectClass(de, "Group")) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: setting current to {0}", de.Path); // Not recursive, or not a group. Return the principal. _current = de; _currentFakePrincipal = null; _currentForeign = null; if (_foreignResultSet != null) { _foreignResultSet.Dispose(); } _foreignResultSet = null; return(true); } else { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: adding {0} to groupsToVisit", de.Path); // Save off for later, if we haven't done so already. if (!_groupsVisited.Contains(de.Path) && !_groupsToVisit.Contains(de.Path)) { _groupsToVisit.Add(de.Path); } needToRetry = true; continue; } } else { // It's a foreign principal (e..g, an AD user or group). // Save it off for later. GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: adding {0} to foreignMembers", de.Path); _foreignMembers.Add(de); needToRetry = true; continue; } } else { // We reached the end of this group's membership. // If we're supposed to be recursively expanding, we need to expand // any remaining non-foreign groups we earlier visited. if (_recursive) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: recursive processing, groupsToVisit={0}", _groupsToVisit.Count); if (_groupsToVisit.Count > 0) { // Pull off the next group to visit string groupPath = _groupsToVisit[0]; GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: recursively processing {0}", groupPath); _groupsToVisit.RemoveAt(0); _groupsVisited.Add(groupPath); // Set up for the next round of enumeration DirectoryEntry de = SDSUtils.BuildDirectoryEntry( groupPath, _storeCtx.Credentials, _storeCtx.AuthTypes); _group = (UnsafeNativeMethods.IADsGroup)de.NativeObject; UnsafeNativeMethods.IADsMembers iADsMembers = _group.Members(); _membersEnumerator = ((IEnumerable)iADsMembers).GetEnumerator(); // and go on to the first member of this new group needToRetry = true; continue; } } } }while (needToRetry); return(false); }
private void DoLDAPDirectoryInitNoContainer() { string str = null; string str1 = null; byte[] numArray = new byte[] { 169, 209, 202, 21, 118, 136, 17, 209, 173, 237, 0, 192, 79, 216, 213, 205 }; byte[] numArray1 = numArray; byte[] numArray2 = new byte[] { 170, 49, 40, 37, 118, 136, 17, 209, 173, 237, 0, 192, 79, 216, 213, 205 }; byte[] numArray3 = numArray2; DirectoryEntry directoryEntry = null; DirectoryEntry directoryEntry1 = null; DirectoryEntry directoryEntry2 = null; ADStoreCtx aDStoreCtx = null; ADStoreCtx aDStoreCtx1 = null; ADStoreCtx aDStoreCtx2 = null; DirectoryEntry directoryEntry3 = null; string str2 = ""; if (this.name != null) { str2 = string.Concat(this.name, "/"); } AuthenticationTypes authTypes = SDSUtils.MapOptionsToAuthTypes(this.options); using (directoryEntry3) { directoryEntry3 = new DirectoryEntry(string.Concat("LDAP://", str2, "rootDse"), this.username, this.password, authTypes); string item = (string)directoryEntry3.Properties["defaultNamingContext"][0]; str = string.Concat("LDAP://", str2, item); } try { directoryEntry2 = new DirectoryEntry(str, this.username, this.password, authTypes); if (this.serverProperties.portSSL > 0) { directoryEntry2.Options.PasswordPort = this.serverProperties.portSSL; } string str3 = null; PropertyValueCollection propertyValueCollection = directoryEntry2.Properties["wellKnownObjects"]; foreach (UnsafeNativeMethods.IADsDNWithBinary aDsDNWithBinary in propertyValueCollection) { if (Utils.AreBytesEqual(numArray1, (byte[])aDsDNWithBinary.BinaryValue)) { str3 = string.Concat("LDAP://", str2, aDsDNWithBinary.DNString); } if (!Utils.AreBytesEqual(numArray3, (byte[])aDsDNWithBinary.BinaryValue)) { continue; } str1 = string.Concat("LDAP://", str2, aDsDNWithBinary.DNString); } if (str3 == null || str1 == null) { throw new PrincipalOperationException(StringResources.ContextNoWellKnownObjects); } else { directoryEntry = new DirectoryEntry(str3, this.username, this.password, authTypes); directoryEntry1 = new DirectoryEntry(str1, this.username, this.password, authTypes); StoreCtx storeCtx = this.CreateContextFromDirectoryEntry(directoryEntry); this.userCtx = storeCtx; this.groupCtx = storeCtx; directoryEntry = null; this.computerCtx = this.CreateContextFromDirectoryEntry(directoryEntry1); directoryEntry1 = null; this.queryCtx = this.CreateContextFromDirectoryEntry(directoryEntry2); this.connectedServer = ADUtils.GetServerName(directoryEntry2); directoryEntry2 = null; } } catch (Exception exception) { if (directoryEntry != null) { directoryEntry.Dispose(); } if (directoryEntry1 != null) { directoryEntry1.Dispose(); } if (directoryEntry2 != null) { directoryEntry2.Dispose(); } if (aDStoreCtx != null) { aDStoreCtx.Dispose(); } if (aDStoreCtx1 != null) { aDStoreCtx1.Dispose(); } if (aDStoreCtx2 != null) { aDStoreCtx2.Dispose(); } throw; } }
private bool MoveNextMemberSearcher() { bool nextSearchResult; bool flag = false; do { nextSearchResult = this.GetNextSearchResult(); flag = false; if (!nextSearchResult) { if (!this.recursive || this.groupsToVisit.Count <= 0) { continue; } string item = this.groupsToVisit[0]; this.groupsToVisit.RemoveAt(0); this.groupsVisited.Add(item); DirectoryEntry directoryEntry = SDSUtils.BuildDirectoryEntry(this.BuildPathFromDN(item), this.storeCtx.Credentials, this.storeCtx.AuthTypes); this.storeCtx.InitializeNewDirectoryOptions(directoryEntry); DirectorySearcher directorySearcher = SDSUtils.ConstructSearcher(directoryEntry); directorySearcher.Filter = "(objectClass=*)"; directorySearcher.SearchScope = SearchScope.Base; directorySearcher.AttributeScopeQuery = "member"; directorySearcher.CacheResults = false; this.memberSearchersQueue.Enqueue(directorySearcher); flag = true; } else { SearchResult current = (SearchResult)this.memberSearchResultsEnumerator.Current; string str = (string)current.Properties["distinguishedName"][0]; if (ADUtils.IsOfObjectClass(current, "group") || ADUtils.IsOfObjectClass(current, "user") || ADUtils.IsOfObjectClass(current, "foreignSecurityPrincipal")) { if (!this.recursive || !ADUtils.IsOfObjectClass(current, "group")) { if (!this.recursive || !ADUtils.IsOfObjectClass(current, "foreignSecurityPrincipal")) { if (this.usersVisited.ContainsKey(current.Properties["distinguishedName"][0].ToString())) { flag = true; } else { this.current = current; this.currentForeignDE = null; this.currentForeignPrincipal = null; this.usersVisited.Add(current.Properties["distinguishedName"][0].ToString(), true); } } else { if (!this.usersVisited.ContainsKey(current.Properties["distinguishedName"][0].ToString())) { this.foreignMembersCurrentGroup.Add(current.GetDirectoryEntry()); this.usersVisited.Add(current.Properties["distinguishedName"][0].ToString(), true); } flag = true; } } else { if (!this.groupsVisited.Contains(str) && !this.groupsToVisit.Contains(str)) { this.groupsToVisit.Add(str); } flag = true; } } else { flag = true; } } }while (flag); return(nextSearchResult); }
private bool MoveNextMemberEnum() { bool nextEnum; bool flag = false; bool flag1 = false; do { nextEnum = this.GetNextEnum(); flag = false; flag1 = false; if (!nextEnum) { if (!this.recursive || this.groupsToVisit.Count <= 0) { continue; } string item = this.groupsToVisit[0]; this.groupsToVisit.RemoveAt(0); this.groupsVisited.Add(item); DirectoryEntry directoryEntry = SDSUtils.BuildDirectoryEntry(this.BuildPathFromDN(item), this.storeCtx.Credentials, this.storeCtx.AuthTypes); this.storeCtx.InitializeNewDirectoryOptions(directoryEntry); this.membersQueue.Enqueue(new RangeRetriever(directoryEntry, "member", true)); flag = true; } else { DirectoryEntry directoryEntry1 = null; using (directoryEntry1) { if (!flag1 || directoryEntry1 == null) { string current = (string)this.membersEnum.Current; directoryEntry1 = SDSUtils.BuildDirectoryEntry(this.BuildPathFromDN(current), this.storeCtx.Credentials, this.storeCtx.AuthTypes); this.storeCtx.InitializeNewDirectoryOptions(directoryEntry1); this.storeCtx.LoadDirectoryEntryAttributes(directoryEntry1); if (ADUtils.IsOfObjectClass(directoryEntry1, "group") || ADUtils.IsOfObjectClass(directoryEntry1, "user") || ADUtils.IsOfObjectClass(directoryEntry1, "foreignSecurityPrincipal")) { if (!this.recursive || !ADUtils.IsOfObjectClass(directoryEntry1, "group")) { if (!this.recursive || !ADUtils.IsOfObjectClass(directoryEntry1, "foreignSecurityPrincipal")) { if (this.usersVisited.ContainsKey(directoryEntry1.Properties["distinguishedName"][0].ToString())) { flag = true; } else { this.current = directoryEntry1; this.currentForeignDE = null; this.currentForeignPrincipal = null; this.usersVisited.Add(directoryEntry1.Properties["distinguishedName"][0].ToString(), true); flag1 = false; } } else { if (!this.usersVisited.ContainsKey(directoryEntry1.Properties["distinguishedName"][0].ToString())) { this.foreignMembersCurrentGroup.Add(directoryEntry1); this.usersVisited.Add(directoryEntry1.Properties["distinguishedName"][0].ToString(), true); flag1 = false; } flag = true; } } else { if (!this.groupsVisited.Contains(current) && !this.groupsToVisit.Contains(current)) { this.groupsToVisit.Add(current); } flag = true; } } else { flag = true; } } } } }while (flag); return(nextEnum); }
private bool MoveNextLocal() { bool flag; do { flag = false; bool flag1 = this.membersEnumerator.MoveNext(); if (!flag1) { if (!this.recursive || this.groupsToVisit.Count <= 0) { continue; } string item = this.groupsToVisit[0]; this.groupsToVisit.RemoveAt(0); this.groupsVisited.Add(item); DirectoryEntry directoryEntry = SDSUtils.BuildDirectoryEntry(item, this.storeCtx.Credentials, this.storeCtx.AuthTypes); this.@group = (UnsafeNativeMethods.IADsGroup)directoryEntry.NativeObject; UnsafeNativeMethods.IADsMembers aDsMember = [email protected](); this.membersEnumerator = ((IEnumerable)aDsMember).GetEnumerator(); flag = true; } else { UnsafeNativeMethods.IADs current = (UnsafeNativeMethods.IADs) this.membersEnumerator.Current; byte[] numArray = (byte[])current.Get("objectSid"); SidType sidType = Utils.ClassifySID(numArray); if (sidType != SidType.FakeObject) { DirectoryEntry aDsPath = SDSUtils.BuildDirectoryEntry(this.storeCtx.Credentials, this.storeCtx.AuthTypes); if (sidType != SidType.RealObjectFakeDomain) { aDsPath.Path = current.ADsPath; } else { string str = current.ADsPath; UnsafeNativeMethods.Pathname pathname = new UnsafeNativeMethods.Pathname(); UnsafeNativeMethods.IADsPathname aDsPathname = (UnsafeNativeMethods.IADsPathname)pathname; aDsPathname.Set(str, 1); StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append("WinNT://"); stringBuilder.Append(this.storeCtx.MachineUserSuppliedName); stringBuilder.Append("/"); int numElements = aDsPathname.GetNumElements(); for (int i = numElements - 2; i >= 0; i--) { stringBuilder.Append(aDsPathname.GetElement(i)); stringBuilder.Append("/"); } stringBuilder.Remove(stringBuilder.Length - 1, 1); aDsPath.Path = stringBuilder.ToString(); } if (!this.IsLocalMember(numArray)) { this.foreignMembers.Add(aDsPath); flag = true; } else { if (!this.recursive || !SAMUtils.IsOfObjectClass(aDsPath, "Group")) { this.current = aDsPath; this.currentFakePrincipal = null; this.currentForeign = null; if (this.foreignResultSet != null) { this.foreignResultSet.Dispose(); } this.foreignResultSet = null; return(true); } else { if (!this.groupsVisited.Contains(aDsPath.Path) && !this.groupsToVisit.Contains(aDsPath.Path)) { this.groupsToVisit.Add(aDsPath.Path); } flag = true; } } } else { this.currentFakePrincipal = this.storeCtx.ConstructFakePrincipalFromSID(numArray); this.current = null; this.currentForeign = null; if (this.foreignResultSet != null) { this.foreignResultSet.Dispose(); } this.foreignResultSet = null; return(true); } } }while (flag); return(false); }