/// <summary>
/// GetDirectoryEntryForUPN() method implmentation
/// </summary>
internal static DirectoryEntry GetDirectoryEntryForUser(ADDSHost host, string account, string password, string upn, bool usessl)
{
string root = "LDAP://";
DirectoryEntry entry = null;
string dom = host.GetForestForUser(upn);
if (usessl)
{
entry = new DirectoryEntry(root + dom + ":636");
}
else
{
entry = new DirectoryEntry(root + dom);
}
if (!string.IsNullOrEmpty(account))
{
entry.Username = account;
}
if (!string.IsNullOrEmpty(password))
{
entry.Password = password;
}
return(entry);
}
/// <summary>
/// Update method implmentation
/// </summary>
public void Update(PSHost host)
{
ManagementAdminService.Initialize(true);
MFAConfig cfg = ManagementAdminService.ADFSManager.Config;
ADDSHost adds = cfg.Hosts.ActiveDirectoryHost;
cfg.IsDirty = IsDirty;
adds.Account = Account;
adds.Password = adds.Password;
adds.DomainAddress = adds.DomainAddress;
adds.keyAttribute = KeyAttribute;
adds.mailAttribute = MailAttribute;
adds.methodAttribute = MethodAttribute;
adds.notifcheckdateattribute = NotifCheckDateAttribute;
adds.notifcreatedateAttribute = NotifCreateDateAttribute;
adds.notifvalidityAttribute = NotifValidityAttribute;
adds.phoneAttribute = PhoneAttribute;
adds.totpAttribute = TOTPAttribute;
adds.totpEnabledAttribute = TOTPEnabledAttribute;
ManagementAdminService.ADFSManager.WriteConfiguration(host);
using (MailSlotClient mailslot = new MailSlotClient())
{
mailslot.SendNotification(0xAA);
}
}
/// <summary>
/// GetDomainForUser method implmentation
/// </summary>
internal static string GetSAMAccountForUser(ADDSHost host, string username)
{
string result = string.Empty;
switch (ClaimsUtilities.IdentityClaimTag)
{
case MFASecurityClaimTag.Upn:
string foresttofind = username.Substring(username.IndexOf('@') + 1);
if (!string.IsNullOrEmpty(foresttofind))
{
return(GetNetBiosName(host, username));
}
else
{
return(null);
}
case MFASecurityClaimTag.WindowsAccountName:
string ntlmdomain = username.Substring(0, username.IndexOf('\\'));
if (!string.IsNullOrEmpty(ntlmdomain))
{
return(username);
}
else
{
return(null);
}
}
return(result);
}
/// <summary>
/// Update method implmentation
/// </summary>
public void Update(PSHost host)
{
ManagementService.Initialize(host, true);
MFAConfig cfg = ManagementService.Config;
ADDSHost adds = cfg.Hosts.ActiveDirectoryHost;
cfg.IsDirty = IsDirty;
adds.Account = Account;
adds.Password = adds.Password;
adds.DomainAddress = adds.DomainAddress;
if (!ManagementService.CheckRepositoryAttribute(KeyAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", KeyAttribute));
}
adds.keyAttribute = KeyAttribute;
if (!ManagementService.CheckRepositoryAttribute(MailAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", MailAttribute));
}
adds.mailAttribute = MailAttribute;
if (!ManagementService.CheckRepositoryAttribute(MethodAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", MethodAttribute));
}
adds.methodAttribute = MethodAttribute;
if (!ManagementService.CheckRepositoryAttribute(NotifCheckDateAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", NotifCheckDateAttribute));
}
adds.notifcheckdateattribute = NotifCheckDateAttribute;
if (!ManagementService.CheckRepositoryAttribute(NotifCreateDateAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", NotifCreateDateAttribute));
}
adds.notifcreatedateAttribute = NotifCreateDateAttribute;
if (!ManagementService.CheckRepositoryAttribute(NotifValidityAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", NotifValidityAttribute));
}
adds.notifvalidityAttribute = NotifValidityAttribute;
if (!ManagementService.CheckRepositoryAttribute(PhoneAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", PhoneAttribute));
}
adds.phoneAttribute = PhoneAttribute;
if (!ManagementService.CheckRepositoryAttribute(TOTPAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", TOTPAttribute));
}
adds.totpAttribute = TOTPAttribute;
if (!ManagementService.CheckRepositoryAttribute(TOTPEnabledAttribute, 1))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", TOTPEnabledAttribute));
}
adds.totpEnabledAttribute = TOTPEnabledAttribute;
ManagementService.ADFSManager.WriteConfiguration(host);
}
/// <summary>
/// GetForestForUser method implementation
/// </summary>
internal static string GetForestForUser(ADDSHost host, string username)
{
string result = string.Empty;
switch (ClaimsUtilities.IdentityClaimTag)
{
case MFASecurityClaimTag.Upn:
string foresttofind = username.Substring(username.IndexOf('@') + 1);
result = foresttofind;
foreach (ADDSHostForest f in Forests)
{
if (f.IsRoot) // By default Any root domain, subdomain, toplevelname on default forest
{
result = f.ForestDNS;
}
else // trusted forests
{
if (f.ForestDNS.ToLower().Equals(foresttofind.ToLower())) // root domain
{
result = f.ForestDNS;
break;
}
if (foresttofind.ToLower().EndsWith("." + f.ForestDNS.ToLower())) // subdomain
{
result = f.ForestDNS;
break;
}
foreach (string s in f.TopLevelNames) // toplevelnames
{
if (s.ToLower().Equals(foresttofind.ToLower()))
{
result = f.ForestDNS;
break;
}
}
}
}
break;
case MFASecurityClaimTag.WindowsAccountName:
string ntlmdomain = username.Substring(0, username.IndexOf('\\'));
DirectoryContext ctx = null;
if (string.IsNullOrEmpty(host.Account) && string.IsNullOrEmpty(host.Password))
{
ctx = new DirectoryContext(DirectoryContextType.Domain, ntlmdomain);
}
else
{
ctx = new DirectoryContext(DirectoryContextType.Domain, ntlmdomain, host.Account, host.Password);
}
result = Domain.GetDomain(ctx).Forest.RootDomain.Name;
break;
}
return(result);
}
/// <summary>
/// GetDirectoryEntry() method implmentation
/// </summary>
internal static DirectoryEntry GetDirectoryEntry(ADDSHost host, SearchResult sr, bool usessl)
{
DirectoryEntry entry = sr.GetDirectoryEntry();
entry.Path = sr.Path; // Take SearchResult path
if (!string.IsNullOrEmpty(host.Account))
{
entry.Username = host.Account;
}
if (!string.IsNullOrEmpty(host.Password))
{
entry.Password = host.Password;
}
return(entry);
}
/// <summary>
/// Update method implmentation
/// </summary>
public void Update(PSHost host)
{
ManagementService.Initialize(host, true);
MFAConfig cfg = ManagementService.Config;
ADDSHost adds = cfg.Hosts.ActiveDirectoryHost;
cfg.IsDirty = IsDirty;
if (!ManagementService.CheckADDSAttribute(DomainAddress, Account, Password, KeyAttribute, true))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", KeyAttribute));
}
if (!ManagementService.CheckADDSAttribute(DomainAddress, Account, Password, MailAttribute, true))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", MailAttribute));
}
if (!ManagementService.CheckADDSAttribute(DomainAddress, Account, Password, PhoneAttribute, true))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", PhoneAttribute));
}
if (!ManagementService.CheckADDSAttribute(DomainAddress, Account, Password, MethodAttribute, false))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", MethodAttribute));
}
if (!ManagementService.CheckADDSAttribute(DomainAddress, Account, Password, OverrideMethodAttribute, false))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", OverrideMethodAttribute));
}
if (!ManagementService.CheckADDSAttribute(DomainAddress, Account, Password, PinAttribute, false))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", PinAttribute));
}
if (!ManagementService.CheckADDSAttribute(DomainAddress, Account, Password, EnabledAttribute, false))
{
throw new ArgumentException(string.Format("Attribute {0} not found in forest schema !", EnabledAttribute));
}
adds.Account = Account;
adds.Password = Password;
adds.DomainAddress = DomainAddress;
adds.keyAttribute = KeyAttribute;
adds.mailAttribute = MailAttribute;
adds.phoneAttribute = PhoneAttribute;
adds.methodAttribute = MethodAttribute;
adds.overridemethodAttribute = OverrideMethodAttribute;
PinAttribute = adds.pinattribute;
adds.totpEnabledAttribute = EnabledAttribute;
adds.MaxRows = MaxRows;
ManagementService.ADFSManager.WriteConfiguration(host);
}
/// <summary>
/// Update method implmentation
/// </summary>
public void Load(PSHost host)
{
ManagementService.Initialize(host, true);
MFAConfig cfg = ManagementService.Config;
ADDSHost adds = cfg.Hosts.ActiveDirectoryHost;
IsDirty = cfg.IsDirty;
Account = adds.Account;
Password = adds.Password;
DomainAddress = adds.DomainAddress;
KeyAttribute = adds.keyAttribute;
MailAttribute = adds.mailAttribute;
PhoneAttribute = adds.phoneAttribute;
MethodAttribute = adds.methodAttribute;
OverrideMethodAttribute = adds.overridemethodAttribute;
EnabledAttribute = adds.totpEnabledAttribute;
}
/// <summary>
/// Update method implmentation
/// </summary>
public void Load(PSHost host)
{
ManagementService.Initialize(host, true);
MFAConfig cfg = ManagementService.Config;
ADDSHost adds = cfg.Hosts.ActiveDirectoryHost;
IsDirty = cfg.IsDirty;
Account = adds.Account;
Password = adds.Password;
DomainAddress = adds.DomainAddress;
KeyAttribute = adds.keyAttribute;
MailAttribute = adds.mailAttribute;
MethodAttribute = adds.methodAttribute;
NotifCheckDateAttribute = adds.notifcheckdateattribute;
NotifCreateDateAttribute = adds.notifcreatedateAttribute;
NotifValidityAttribute = adds.notifvalidityAttribute;
PhoneAttribute = adds.phoneAttribute;
TOTPAttribute = adds.totpAttribute;
TOTPEnabledAttribute = adds.totpEnabledAttribute;
}
/// <summary>
/// GetDirectoryEntry() method implmentation
/// </summary>
internal static DirectoryEntry GetDirectoryEntry(ADDSHost host, string path, bool usessl)
{
string root = "LDAP://";
DirectoryEntry entry = null;
if (!string.IsNullOrEmpty(host.DomainName))
{
if (usessl)
{
entry = new DirectoryEntry(root + host.DomainName + ":636");
}
else
{
entry = new DirectoryEntry(root + host.DomainName);
}
}
else
{
Domain dom = Domain.GetComputerDomain();
if (usessl)
{
entry = new DirectoryEntry(root + dom.Name + ":636");
}
else
{
entry = new DirectoryEntry(root + dom.Name);
}
}
entry.Path = path;
if (!string.IsNullOrEmpty(host.Account))
{
entry.Username = host.Account;
}
if (!string.IsNullOrEmpty(host.Password))
{
entry.Password = host.Password;
}
return(entry);
}
/// <summary>
/// GetNetBiosName method
/// </summary>
private static string GetNetBiosName(ADDSHost host, string username)
{
try
{
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntryForUser(host, host.Account, host.Password, username))
{
string qryldap = "(&(objectCategory=user)(objectClass=user)(userPrincipalName=" + username + ")(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
dsusr.PropertiesToLoad.Clear();
dsusr.PropertiesToLoad.Add("objectGUID");
dsusr.PropertiesToLoad.Add("msDS-PrincipalName");
dsusr.ReferralChasing = ReferralChasingOption.All;
SearchResult sr = dsusr.FindOne();
if (sr != null)
{
using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(host, sr))
{
if (DirEntry.Properties["objectGUID"].Value != null)
{
return(sr.Properties["msDS-PrincipalName"][0].ToString());
}
else
{
return(null);
}
};
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000);
throw new Exception(ex.Message);
}
return(null);
}
/// <summary>
/// GetDirectoryEntryForUPN() method implmentation
/// </summary>
internal static DirectoryEntry GetDirectoryEntryForUser(ADDSHost host, string upn)
{
string root = "LDAP://";
DirectoryEntry entry = null;
if (!string.IsNullOrEmpty(host.DomainName))
{
if (_usessl)
{
entry = new DirectoryEntry(root + host.DomainName + ":636");
}
else
{
entry = new DirectoryEntry(root + host.DomainName);
}
}
else
{
string dom = ADDSUtils.GetForestForUser(host, upn);
if (_usessl)
{
entry = new DirectoryEntry(root + dom + ":636");
}
else
{
entry = new DirectoryEntry(root + dom);
}
}
if (!string.IsNullOrEmpty(host.Account))
{
entry.Username = host.Account;
}
if (!string.IsNullOrEmpty(host.Password))
{
entry.Password = host.Password;
}
return(entry);
}
/// <summary>
/// GetDirectoryEntry() method implmentation
/// </summary>
internal static DirectoryEntry GetDirectoryEntry(ADDSHost host, ADDSHostForest forest, bool usessl)
{
string root = "LDAP://";
DirectoryEntry entry = null;
if (!string.IsNullOrEmpty(host.DomainName))
{
if (usessl)
{
entry = new DirectoryEntry(root + host.DomainName + ":636");
}
else
{
entry = new DirectoryEntry(root + host.DomainName);
}
}
else
{
if (usessl)
{
entry = new DirectoryEntry(root + forest.ForestDNS + ":636");
}
else
{
entry = new DirectoryEntry(root + forest.ForestDNS);
}
}
if (!string.IsNullOrEmpty(host.Account))
{
entry.Username = host.Account;
}
if (!string.IsNullOrEmpty(host.Password))
{
entry.Password = host.Password;
}
return(entry);
}
/// <summary>
/// DoImport() method implmentation
/// </summary>
public override bool DoImport()
{
char sep = Path.DirectorySeparatorChar;
string filename = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + sep + "MFA" + sep + "adimport-" + DateTime.Now.ToFileTime().ToString() + ".log";
TraceListener listen = InitializeTrace(filename);
try
{
ADDSHost adht = Config.Hosts.ActiveDirectoryHost;
if (string.IsNullOrEmpty(Parameters.DomainName))
{
Parameters.DomainName = adht.DomainName;
}
if (string.IsNullOrEmpty(Parameters.UserName))
{
Parameters.UserName = adht.Account;
}
if (string.IsNullOrEmpty(Parameters.Password))
{
Parameters.Password = adht.Password;
}
DataRepositoryService client = null;
switch (Config.StoreMode)
{
case DataRepositoryKind.ADDS:
client = new ADDSDataRepositoryService(Config.Hosts.ActiveDirectoryHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.SQL:
client = new SQLDataRepositoryService(Config.Hosts.SQLServerHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.Custom:
client = CustomDataRepositoryActivator.CreateInstance(Config.Hosts.CustomStoreHost, Config.DeliveryWindow);
break;
}
Trace.WriteLine("");
Trace.WriteLine(string.Format("Importing for AD : {0}", Parameters.LDAPPath));
Trace.Indent();
Trace.WriteLine("Query users from AD");
MFAUserList lst = client.ImportMFAUsers(Parameters, DisableAll);
Trace.WriteLine(string.Format("Query returns {0} user(s) from AD", lst.Count.ToString()));
DataRepositoryService client2 = null;
switch (Config.StoreMode)
{
case DataRepositoryKind.ADDS:
Trace.WriteLine("");
Trace.WriteLine("Importing ADDS Mode");
Trace.Indent();
client2 = new ADDSDataRepositoryService(Config.Hosts.ActiveDirectoryHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.SQL:
Trace.WriteLine("");
Trace.WriteLine("Importing SQL Mode");
Trace.Indent();
client2 = new SQLDataRepositoryService(Config.Hosts.SQLServerHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.Custom:
Trace.WriteLine("");
Trace.WriteLine("Importing Custom Store Mode");
Trace.Indent();
client2 = CustomDataRepositoryActivator.CreateInstance(Config.Hosts.CustomStoreHost, Config.DeliveryWindow);
break;
}
client2.OnKeyDataEvent += KeyDataEvent;
foreach (MFAUser reg in lst)
{
try
{
MFAUser ext = client2.GetMFAUser(reg.UPN);
if (ext == null)
{
reg.PIN = Convert.ToInt32(Config.DefaultPin);
reg.PreferredMethod = Config.DefaultProviderMethod;
}
else
{
if (this.Parameters.Method != PreferredMethod.None)
{
reg.PreferredMethod = this.Parameters.Method;
}
else
{
reg.PreferredMethod = ext.PreferredMethod;
}
}
if (reg.PIN <= 0)
{
reg.PIN = Convert.ToInt32(Config.DefaultPin);
}
if (!Utilities.ValidateEmail(reg.MailAddress, (Config.MailProvider.Enabled && Config.MailProvider.IsRequired)))
{
throw new Exception(string.Format("invalid mail address for user : {0}", reg.UPN));
}
if (!Utilities.ValidatePhoneNumber(reg.PhoneNumber, (Config.ExternalProvider.Enabled && Config.ExternalProvider.IsRequired)))
{
throw new Exception(string.Format("invalid phone number for user : {0}", reg.UPN));
}
client2.AddMFAUser(reg, ForceNewKey, true);
Trace.TraceInformation(string.Format("User {0} Imported in MFA", reg.UPN));
if (!string.IsNullOrEmpty(reg.MailAddress))
{
if (SendEmail)
{
string qrcode = KeysManager.EncodedKey(reg.UPN);
CultureInfo info = null;
try
{
info = CultureInfo.CurrentUICulture;
}
catch
{
info = new CultureInfo(Config.DefaultCountryCode);
}
MailUtilities.SendKeyByEmail(reg.MailAddress, reg.UPN, qrcode, Config.MailProvider, Config, info);
Trace.TraceInformation(string.Format("Sending Sensitive mail for User {0}", reg.UPN));
}
}
}
catch (Exception ex)
{
ErrorsCount++;
Trace.TraceError("Error importing User {0} : {1}", reg.UPN, ex.Message);
}
finally
{
RecordsCount++;
}
}
Trace.Unindent();
Trace.WriteLine("");
Trace.WriteLine(string.Format("Imported {0} User(s) from AD Source", RecordsCount));
}
catch (Exception ex)
{
Trace.Unindent();
Trace.TraceError(string.Format("Error importing from AD : {0}", ex.Message));
Log.WriteEntry(string.Format("Error importing from AD : {0}", ex.Message), EventLogEntryType.Error, 20000);
return(false);
}
finally
{
Trace.Unindent();
FinalizeTrace(listen);
}
return(true);
}
/// <summary>
/// DoCleanUp() method implmentation
/// </summary>
public bool DoCleanUp()
{
char sep = Path.DirectorySeparatorChar;
string filename = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + sep + "MFA" + sep + "adcleanup-" + DateTime.Now.ToFileTime().ToString() + ".log";
TraceListener listen = InitializeTrace(filename);
try
{
ADDSHost adht = Config.Hosts.ActiveDirectoryHost;
if (string.IsNullOrEmpty(Parameters.DomainName))
{
Parameters.DomainName = adht.DomainName;
}
if (string.IsNullOrEmpty(Parameters.UserName))
{
Parameters.UserName = adht.Account;
}
if (string.IsNullOrEmpty(Parameters.Password))
{
Parameters.Password = adht.Password;
}
DataRepositoryService client = null;
switch (Config.StoreMode)
{
case DataRepositoryKind.ADDS:
client = new ADDSDataRepositoryService(Config.Hosts.ActiveDirectoryHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.SQL:
client = new SQLDataRepositoryService(Config.Hosts.SQLServerHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.Custom:
client = CustomDataRepositoryActivator.CreateInstance(Config.Hosts.CustomStoreHost, Config.DeliveryWindow);
break;
}
Trace.WriteLine("");
Trace.WriteLine("Clean Up from AD");
Trace.Indent();
Trace.WriteLine("Query deleted users from AD");
List <string> lst = client.CleanMFAUsers(Parameters);
Trace.WriteLine(string.Format("Query returns {0} deleted user(s) from AD", lst.Count.ToString()));
DataRepositoryService client2 = null;
switch (Config.StoreMode)
{
case DataRepositoryKind.ADDS:
Trace.WriteLine("");
Trace.WriteLine("Clean Up ADDS Mode");
Trace.Indent();
client2 = new ADDSDataRepositoryService(Config.Hosts.ActiveDirectoryHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.SQL:
Trace.WriteLine("");
Trace.WriteLine("Clean Up SQL Mode");
Trace.Indent();
client2 = new SQLDataRepositoryService(Config.Hosts.SQLServerHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.Custom:
Trace.WriteLine("");
Trace.WriteLine("Clean Up Custom Store Mode");
Trace.Indent();
client2 = CustomDataRepositoryActivator.CreateInstance(Config.Hosts.CustomStoreHost, Config.DeliveryWindow);
break;
}
client2.OnKeyDataEvent += KeyDataEvent;
foreach (string del in lst)
{
MFAUser reg = client2.GetMFAUser(del);
if (reg != null)
{
try
{
if (reg.UPN.ToLower().Equals(del.ToLower()))
{
client2.DeleteMFAUser(reg);
Trace.TraceInformation(string.Format("User {0} Removed from MFA", reg.UPN));
RecordsCount++;
}
}
catch (Exception ex)
{
ErrorsCount++;
Trace.TraceError("Error Cleaning User {0} from MFA : {1}", reg.UPN, ex.Message);
}
}
}
Trace.Unindent();
Trace.WriteLine("");
Trace.WriteLine(string.Format("Cleaned {0} Deleted MFA User(s) from AD Source", RecordsCount));
}
catch (Exception ex)
{
Trace.Unindent();
Trace.TraceError(string.Format("Error Cleaning Up from AD : {0}", ex.Message));
Log.WriteEntry(string.Format("Error Cleaning Up from AD : {0}", ex.Message), EventLogEntryType.Error, 20000);
return(false);
}
finally
{
Trace.Unindent();
FinalizeTrace(listen);
}
return(true);
}
/// <summary>
/// DoImport() method implmentation
/// </summary>
public override bool DoImport()
{
char sep = Path.DirectorySeparatorChar;
string filename = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + sep + "MFA" + sep + "adimport-" + DateTime.Now.ToFileTime().ToString() + ".log";
TraceListener listen = InitializeTrace(filename);
try
{
ADDSHost adht = Config.Hosts.ActiveDirectoryHost;
if (string.IsNullOrEmpty(DomainName))
{
DomainName = adht.DomainName;
}
if (string.IsNullOrEmpty(UserName))
{
UserName = adht.Account;
}
if (string.IsNullOrEmpty(Password))
{
Password = adht.Password;
}
DataRepositoryService client = null;
switch (Config.StoreMode)
{
case DataRepositoryKind.ADDS:
client = new ADDSDataRepositoryService(Config.Hosts.ActiveDirectoryHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.SQL:
client = new SQLDataRepositoryService(Config.Hosts.SQLServerHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.Custom:
client = CustomDataRepositoryActivator.CreateInstance(Config.Hosts.CustomStoreHost, Config.DeliveryWindow);
break;
}
Trace.WriteLine("");
Trace.WriteLine(string.Format("Importing for AD : {0}", LDAPPath));
Trace.Indent();
Trace.WriteLine("Querying users from AD");
MFAUserList lst = client.ImportMFAUsers(DomainName, UserName, Password, LDAPPath, CreatedSince, ModifiedSince, MailAttribute, PhoneAttribute, Method, Config.Hosts.ActiveDirectoryHost.UseSSL, DisableAll);
Trace.WriteLine(string.Format("Querying return {0} users from AD", lst.Count.ToString()));
DataRepositoryService client2 = null;
switch (Config.StoreMode)
{
case DataRepositoryKind.ADDS:
Trace.WriteLine("");
Trace.WriteLine("Importing ADDS Mode");
Trace.Indent();
client2 = new ADDSDataRepositoryService(Config.Hosts.ActiveDirectoryHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.SQL:
Trace.WriteLine("");
Trace.WriteLine("Importing SQL Mode");
Trace.Indent();
client2 = new SQLDataRepositoryService(Config.Hosts.SQLServerHost, Config.DeliveryWindow);
break;
case DataRepositoryKind.Custom:
Trace.WriteLine("");
Trace.WriteLine("Importing Custom Store Mode");
Trace.Indent();
client2 = CustomDataRepositoryActivator.CreateInstance(Config.Hosts.CustomStoreHost, Config.DeliveryWindow);
break;
}
client2.OnKeyDataEvent += KeyDataEvent;
foreach (MFAUser reg in lst)
{
Trace.TraceInformation(string.Format("Importing user {0} from AD", reg.UPN));
try
{
MFAUser ext = client2.GetMFAUser(reg.UPN);
if (ext == null)
{
reg.PIN = Config.DefaultPin;
client2.AddMFAUser(reg, ForceNewKey, false);
Trace.TraceInformation(string.Format("User {0} Imported in MFA", reg.UPN));
if (!string.IsNullOrEmpty(reg.MailAddress))
{
if (SendEmail)
{
string qrcode = KeysManager.EncodedKey(reg.UPN);
CultureInfo info = null;
try
{
info = CultureInfo.CurrentUICulture;
}
catch
{
info = new CultureInfo(Config.DefaultCountryCode);
}
MailUtilities.SendKeyByEmail(reg.MailAddress, reg.UPN, qrcode, Config.MailProvider, Config, info);
Trace.TraceInformation(string.Format("Sending Sensitive mail for User {0} Imported in MFA", reg.UPN));
}
}
RecordsCount++;
}
}
catch (Exception ex)
{
ErrorsCount++;
Trace.TraceError("Error importing Record N° {0} \r\r {1}", (RecordsCount + 1).ToString(), ex.Message);
}
}
}
catch (Exception ex)
{
Trace.TraceError(string.Format("Error importing from AD \r\r {0}", ex.Message));
return(false);
}
finally
{
Trace.Unindent();
FinalizeTrace(listen);
}
return(true);
}
/// <summary>
/// DoImport() method implmentation
/// </summary>
public override bool DoImport()
{
string filename = Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles) + "\\MFA\\adimport-" + DateTime.Now.ToFileTime().ToString() + ".log";
TraceListener listen = InitializeTrace(filename);
try
{
ADDSHost adht = Config.Hosts.ActiveDirectoryHost;
if (string.IsNullOrEmpty(DomainName))
{
DomainName = adht.DomainName;
}
if (string.IsNullOrEmpty(UserName))
{
UserName = adht.Account;
}
if (string.IsNullOrEmpty(Password))
{
Password = adht.Password;
}
DataRepositoryService client = new ADDSDataRepositoryService(adht, Config.DeliveryWindow);
Trace.WriteLine("");
Trace.WriteLine(string.Format("Importing for AD : {0}", LDAPPath));
Trace.Indent();
Trace.WriteLine("Querying users from AD");
RegistrationList lst = client.GetImportUserRegistrations(DomainName, UserName, Password, LDAPPath, CreatedSince, ModifiedSince, MailAttribute, PhoneAttribute, Method, DisableAll);
Trace.WriteLine(string.Format("Querying return {0} users from AD", lst.Count.ToString()));
DataRepositoryService client2 = null;
if (Config.UseActiveDirectory)
{
Trace.WriteLine("");
Trace.WriteLine("Importing ADDS Mode");
Trace.Indent();
client2 = new ADDSDataRepositoryService(Config.Hosts.ActiveDirectoryHost, Config.DeliveryWindow);
}
else
{
Trace.WriteLine("");
Trace.WriteLine("Importing SQL Mode");
Trace.Indent();
client2 = new SQLDataRepositoryService(Config.Hosts.SQLServerHost, Config.DeliveryWindow);
}
client2.OnKeyDataEvent += KeyDataEvent;
foreach (Registration reg in lst)
{
Trace.TraceInformation(string.Format("Importing user {0} from AD", reg.UPN));
try
{
reg.PIN = Config.DefaultPin;
client2.AddUserRegistration(reg, ForceNewKey, true);
Trace.TraceInformation(string.Format("User {0} Imported in MFA", reg.UPN));
}
catch (Exception ex)
{
ErrorsCount++;
Trace.TraceError("Error importing Record N° {0} \r\r {1}", (RecordsCount + 1).ToString(), ex.Message);
}
finally
{
RecordsCount++;
}
}
}
catch (Exception ex)
{
Trace.TraceError(string.Format("Error importing from AD \r\r {0}", ex.Message));
return(false);
}
finally
{
Trace.Unindent();
FinalizeTrace(listen);
}
return(true);
}
internal WebAuthNPublicKeySerialization(ADDSHost host = null)
{
_host = host;
}
