public bool InGroup(GroupInformation group)
{
foreach (GroupInformation exGroup in Groups)
{
if (exGroup.Name == group.Name)
{
// Copy new sid if old isn't set
if (exGroup.SID == null && group.SID != null)
exGroup.SID = group.SID;
return true;
}
if (exGroup.SID != null && group.SID != null && exGroup.SID == group.SID)
return true;
}
return false;
}
// Adds a group and checks for duplicates (skips if dupl)
public bool AddGroup(GroupInformation group)
{
if (!InGroup(group))
{
// No dupl
Groups.Add(group);
return true;
}
return false;
}
public void SyncToLocalUser()
{
m_logger.Debug("SyncToLocalUser()");
using (UserPrincipal user = CreateOrGetUserPrincipal(UserInfo))
{
// Force password and fullname match (redundant if we just created, but oh well)
SyncUserPrincipalInfo(user, UserInfo);
try
{
List<SecurityIdentifier> ignoredSids = new List<SecurityIdentifier>(new SecurityIdentifier[] {
new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), // "Authenticated Users"
new SecurityIdentifier("S-1-1-0"), // "Everyone"
});
// First remove from any local groups they aren't supposed to be in
m_logger.Debug("Checking for groups to remove.");
List<GroupPrincipal> localGroups = LocalAccount.GetGroups(user);
foreach (GroupPrincipal group in localGroups)
{
m_logger.DebugFormat("Remove {0}?", group.Name);
// Skip ignored sids
if (!ignoredSids.Contains(group.Sid))
{
GroupInformation gi = new GroupInformation() { Name = group.Name, SID = group.Sid, Description = group.Description };
if (!UserInfo.InGroup(gi))
{
m_logger.DebugFormat("Removing user {0} from group {1}", user.Name, group.Name);
RemoveUserFromGroup(user, group);
}
}
group.Dispose();
}
// Now add to any they aren't already in that they should be
m_logger.Debug("Checking for groups to add");
foreach (GroupInformation groupInfo in UserInfo.Groups)
{
m_logger.DebugFormat("Add {0}?", groupInfo.Name);
if (!IsUserInGroup(user, groupInfo))
{
using (GroupPrincipal group = CreateOrGetGroupPrincipal(groupInfo))
{
m_logger.DebugFormat("Adding user {0} to group {1}", user.Name, group.Name);
AddUserToGroup(user, group);
}
}
}
}
catch (Exception e)
{
throw new GroupSyncException(e);
}
}
m_logger.Debug("End SyncToLocalUser()");
}
private GroupPrincipal CreateOrGetGroupPrincipal(GroupInformation groupInfo)
{
GroupPrincipal group = null;
// If we have a SID, use that, otherwise name
group = GetGroupPrincipal(groupInfo.Name);
if (group == null)
{
// We create the GroupPrincipal, but https://connect.microsoft.com/VisualStudio/feedback/details/525688/invalidoperationexception-with-groupprincipal-and-sam-principalcontext-for-setting-any-property-always
// prevents us from then setting stuff on it.. so we then have to locate its relative DE
// and modify *that* instead. Oi.
using (group = new GroupPrincipal(m_machinePrincipal))
{
group.Name = groupInfo.Name;
group.Save();
using (DirectoryEntry newGroupDe = m_sam.Children.Add(groupInfo.Name, "Group"))
{
if (!string.IsNullOrEmpty(groupInfo.Description))
{
newGroupDe.Properties["Description"].Value = groupInfo.Description;
newGroupDe.CommitChanges();
}
}
// We have to re-fetch to get changes made via underlying DE
return GetGroupPrincipal(group.Name);
}
}
return group;
}
private bool IsUserInGroup(UserPrincipal user, GroupInformation groupInfo)
{
using (GroupPrincipal group = GetGroupPrincipal(groupInfo.Name))
{
return IsUserInGroup(user, group);
}
}
public void SyncToLocalUser()
{
m_logger.Debug("SyncToLocalUser()");
using (UserPrincipal user = CreateOrGetUserPrincipal(UserInfo))
{
// Force password and fullname match (redundant if we just created, but oh well)
SyncUserPrincipalInfo(UserInfo);
try
{
List<SecurityIdentifier> ignoredSids = new List<SecurityIdentifier>(new SecurityIdentifier[] {
new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), // "Authenticated Users"
new SecurityIdentifier("S-1-1-0"), // "Everyone"
});
// First remove from any local groups they aren't supposed to be in
m_logger.Debug("Checking for groups to remove.");
List<GroupPrincipal> localGroups = LocalAccount.GetGroups(user);
foreach (GroupPrincipal group in localGroups)
{
m_logger.DebugFormat("Remove {0}?", group.Name);
// Skip ignored sids
if (!ignoredSids.Contains(group.Sid))
{
GroupInformation gi = new GroupInformation() { Name = group.Name, SID = group.Sid, Description = group.Description };
if (!UserInfo.InGroup(gi))
{
m_logger.DebugFormat("Removing user {0} from group {1}", user.Name, group.Name);
RemoveUserFromGroup(user, group);
}
}
group.Dispose();
}
// Now add to any they aren't already in that they should be
m_logger.Debug("Checking for groups to add");
foreach (GroupInformation groupInfo in UserInfo.Groups)
{
m_logger.DebugFormat("Add {0}?", groupInfo.Name);
if (!IsUserInGroup(user, groupInfo))
{
using (GroupPrincipal group = CreateOrGetGroupPrincipal(groupInfo))
{
m_logger.DebugFormat("Adding user {0} to group {1}", user.Name, group.Name);
AddUserToGroup(user, group);
}
}
}
}
catch (Exception e)
{
throw new GroupSyncException(e);
}
}
//set ntuser.dat permissions
if (!String.IsNullOrEmpty(UserInfo.usri4_profile) && !UserInfo.Description.Contains("pgSMB"))
{
Abstractions.WindowsApi.pInvokes.structenums.OSVERSIONINFOW verinfo = Abstractions.WindowsApi.pInvokes.VersionsInfo();
if (verinfo.dwMajorVersion == 0)
{
m_logger.WarnFormat("SyncToLocalUser: VersionsInfo() failed. I'm unable to detect OS beyond Windows 8.0");
verinfo.dwBuildNumber = Environment.OSVersion.Version.Build;
verinfo.dwMajorVersion = Environment.OSVersion.Version.Major;
verinfo.dwMinorVersion = Environment.OSVersion.Version.Minor;
verinfo.dwPlatformId = Environment.OSVersion.Version.Build;
}
string ProfileExtension = (Environment.OSVersion.Version.Major == 6) ? (verinfo.dwMinorVersion > 3)/*greater than 8.1*/ ? ".V5" : ".V2" : "";
if (Connect2share(UserInfo.usri4_profile + ProfileExtension, UserInfo.Username, UserInfo.Password, 3, false))
{
if (File.Exists(UserInfo.usri4_profile + ProfileExtension + "\\NTUSER.DAT"))
{
SetACL(UserInfo, ProfileExtension);
Connect2share(UserInfo.usri4_profile + ProfileExtension, null, null, 0, true);
}
else
{
Connect2share(UserInfo.usri4_profile + ProfileExtension, null, null, 0, true);
}
}
}
m_logger.Debug("End SyncToLocalUser()");
}