static internal void WriteAttribute <T>(string dePath, string attribute, T value, NetCred credentials, AuthenticationTypes authTypes)
{
Debug.Assert(attribute != null && attribute.Length > 0);
// Ideally, we'd just like to set the property in the principal's DirectoryEntry and write
// the changes to the store. However, there might be other changes in the DirectoryEntry,
// and we don't want to write all of them to the store. So we must make
// a fresh DirectoryEntry and write using that.
DirectoryEntry copyOfDe = null;
try
{
copyOfDe = SDSUtils.BuildDirectoryEntry(dePath, credentials, authTypes);
Debug.Assert(copyOfDe != null);
// So we don't do a implicit GetInfo() and retrieve every attribute
copyOfDe.RefreshCache(new string[] { attribute });
copyOfDe.Properties[attribute].Value = value;
copyOfDe.CommitChanges();
}
catch (System.Runtime.InteropServices.COMException e)
{
// ADSI threw an exception trying to write the change
throw ExceptionHelper.GetExceptionFromCOMException(e);
}
finally
{
if (copyOfDe != null)
{
copyOfDe.Dispose();
}
}
}
static internal void InsertPrincipal(
Principal p,
StoreCtx storeCtx,
GroupMembershipUpdater updateGroupMembership,
NetCred credentials,
AuthenticationTypes authTypes,
bool needToSetPassword)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "Entering InsertPrincipal");
Debug.Assert(storeCtx != null);
Debug.Assert(storeCtx is ADStoreCtx || storeCtx is SAMStoreCtx);
Debug.Assert(p != null);
if ((!(p is UserPrincipal)) &&
(!(p is GroupPrincipal)) &&
(!(p is AuthenticablePrincipal)) &&
(!(p is ComputerPrincipal)))
{
// It's not a type of Principal that we support
GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SDSUtils", "InsertPrincipal: Bad principal type:" + p.GetType().ToString());
throw new InvalidOperationException(
String.Format(CultureInfo.CurrentCulture, SR.StoreCtxUnsupportedPrincipalTypeForSave, p.GetType().ToString()));
}
// Commit the properties
SDSUtils.ApplyChangesToDirectory(
p,
storeCtx,
updateGroupMembership,
credentials,
authTypes
);
// Handle any saved-off operations
// For SAM, we set password elsewhere prior to creating the principal, so needToSetPassword == false
// For AD, we have to set the password after creating the principal, so needToSetPassword == true
if (needToSetPassword && p.GetChangeStatusForProperty(PropertyNames.PwdInfoPassword))
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "InsertPrincipal: Setting password");
// Only AuthenticablePrincipals can have PasswordInfo
Debug.Assert(p is AuthenticablePrincipal);
string password = (string)p.GetValueForProperty(PropertyNames.PwdInfoPassword);
Debug.Assert(password != null); // if null, PasswordInfo should not have indicated it was changed
storeCtx.SetPassword((AuthenticablePrincipal)p, password);
}
if (p.GetChangeStatusForProperty(PropertyNames.PwdInfoExpireImmediately))
{
// Only AuthenticablePrincipals can have PasswordInfo
Debug.Assert(p is AuthenticablePrincipal);
bool expireImmediately = (bool)p.GetValueForProperty(PropertyNames.PwdInfoExpireImmediately);
if (expireImmediately)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "InsertPrincipal: Setting pwd expired");
storeCtx.ExpirePassword((AuthenticablePrincipal)p);
}
}
}
// Get groups of which p is a direct member
internal override ResultSet GetGroupsMemberOf(Principal p)
{
// Enforced by the methods that call us
Debug.Assert(p.unpersisted == false);
if (!p.fakePrincipal)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: is real principal");
// No nested groups or computers as members of groups in SAM
if (!(p is UserPrincipal))
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: not a user, returning empty set");
return(new EmptySet());
}
Debug.Assert(p.UnderlyingObject != null);
DirectoryEntry userDE = (DirectoryEntry)p.UnderlyingObject;
UnsafeNativeMethods.IADsMembers iadsMembers = (UnsafeNativeMethods.IADsMembers)userDE.Invoke("Groups");
ResultSet resultSet = new SAMGroupsSet(iadsMembers, this, _ctxBase);
return(resultSet);
}
else
{
// ADSI's IADsGroups doesn't work for fake principals like NT AUTHORITY\NETWORK SERVICE
// We use the same SAMQuery set that we use for query-by-example, but with a different
// SAMMatcher class to match groups which contain the specified principal as a member
// Get the entries we'll iterate over. Write access to Children is controlled through the
// ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all
// the child entries. So we have to clone the ctxBase --- not ideal, but it prevents
// multithreading issues.
DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children;
Debug.Assert(entries != null);
// The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned.
List <string> schemaTypes = GetSchemaFilter(typeof(GroupPrincipal));
SecurityIdentifier principalSid = p.Sid;
byte[] SidB = new byte[principalSid.BinaryLength];
principalSid.GetBinaryForm(SidB, 0);
if (principalSid == null)
{
GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SAMStoreCtx", "GetGroupsMemberOf: bad SID IC");
throw new InvalidOperationException(SR.StoreCtxNeedValueSecurityIdentityClaimToQuery);
}
// Create the ResultSet that will perform the client-side filtering
SAMQuerySet resultSet = new SAMQuerySet(
schemaTypes,
entries,
_ctxBase,
-1, // no size limit
this,
new GroupMemberMatcher(SidB));
return(resultSet);
}
}
private void DoLDAPDirectoryInitNoContainer()
{
byte[] USERS_CONTAINER_GUID = new byte[] { 0xa9, 0xd1, 0xca, 0x15, 0x76, 0x88, 0x11, 0xd1, 0xad, 0xed, 0x00, 0xc0, 0x4f, 0xd8, 0xd5, 0xcd };
byte[] COMPUTERS_CONTAINER_GUID = new byte[] { 0xaa, 0x31, 0x28, 0x25, 0x76, 0x88, 0x11, 0xd1, 0xad, 0xed, 0x00, 0xc0, 0x4f, 0xd8, 0xd5, 0xcd };
// The StoreCtxs that will be used in the PrincipalContext, and their associated DirectoryEntry objects.
DirectoryEntry deUserGroupOrg = null;
DirectoryEntry deComputer = null;
DirectoryEntry deBase = null;
ADStoreCtx storeCtxUserGroupOrg = null;
ADStoreCtx storeCtxComputer = null;
ADStoreCtx storeCtxBase = null;
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "Entering DoLDAPDirectoryInitNoContainer");
//
// Build a DirectoryEntry that represents the root of the domain.
//
// Use the RootDSE to find the default naming context
DirectoryEntry deRootDse = null;
string adsPathBase;
// use the servername if they gave us one, else let ADSI figure it out
string serverName = "";
if (_name != null)
{
serverName = _name + "/";
}
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: serverName is " + serverName);
// use the options they specified
AuthenticationTypes authTypes = SDSUtils.MapOptionsToAuthTypes(_options);
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: authTypes is " + authTypes.ToString());
try
{
deRootDse = new DirectoryEntry("LDAP://" + serverName + "rootDse", _username, _password, authTypes);
// This will also detect if the server is down or nonexistent
string domainNC = (string)deRootDse.Properties["defaultNamingContext"][0];
adsPathBase = "LDAP://" + serverName + domainNC;
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: domainNC is " + domainNC);
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInitNoContainer: adsPathBase is " + adsPathBase);
}
finally
{
// Don't allow the DE to leak
deRootDse?.Dispose();
}
try
{
// Build a DE for the root of the domain using the retrieved naming context
deBase = new DirectoryEntry(adsPathBase, _username, _password, authTypes);
// Set the password port to the ssl port read off of the rootDSE. Without this
// password change/set won't work when we connect without SSL and ADAM is running
// on non-standard port numbers. We have already verified directory connectivity at this point
// so this should always succeed.
if (_serverProperties.portSSL > 0)
{
deBase.Options.PasswordPort = _serverProperties.portSSL;
}
//
// Use the wellKnownObjects attribute to determine the default location
// for users and computers.
//
string adsPathUserGroupOrg = null;
string adsPathComputer = null;
PropertyValueCollection wellKnownObjectValues = deBase.Properties["wellKnownObjects"];
foreach (UnsafeNativeMethods.IADsDNWithBinary value in wellKnownObjectValues)
{
if (Utils.AreBytesEqual(USERS_CONTAINER_GUID, (byte[])value.BinaryValue))
{
Debug.Assert(adsPathUserGroupOrg == null);
adsPathUserGroupOrg = "LDAP://" + serverName + value.DNString;
GlobalDebug.WriteLineIf(
GlobalDebug.Info,
"PrincipalContext",
"DoLDAPDirectoryInitNoContainer: found USER, adsPathUserGroupOrg is " + adsPathUserGroupOrg);
}
// Is it the computer container?
if (Utils.AreBytesEqual(COMPUTERS_CONTAINER_GUID, (byte[])value.BinaryValue))
{
Debug.Assert(adsPathComputer == null);
adsPathComputer = "LDAP://" + serverName + value.DNString;
GlobalDebug.WriteLineIf(
GlobalDebug.Info,
"PrincipalContext",
"DoLDAPDirectoryInitNoContainer: found COMPUTER, adsPathComputer is " + adsPathComputer);
}
}
if ((adsPathUserGroupOrg == null) || (adsPathComputer == null))
{
// Something's wrong with the domain, it's not exposing the proper
// well-known object fields.
throw new PrincipalOperationException(SR.ContextNoWellKnownObjects);
}
//
// Build DEs for the Users and Computers containers.
// The Users container will also be used as the default for Groups.
// The reason there are different contexts for groups, users and computers is so that
// when a principal is created it will go into the appropriate default container. This is so users don't
// by default create principals in the root of their directory. When a search happens the base context is used so that
// the whole directory will be covered.
//
deUserGroupOrg = new DirectoryEntry(adsPathUserGroupOrg, _username, _password, authTypes);
deComputer = new DirectoryEntry(adsPathComputer, _username, _password, authTypes);
StoreCtx userStore = CreateContextFromDirectoryEntry(deUserGroupOrg);
_userCtx = userStore;
_groupCtx = userStore;
deUserGroupOrg = null; // since we handed off ownership to the StoreCtx
_computerCtx = CreateContextFromDirectoryEntry(deComputer);
deComputer = null;
_queryCtx = CreateContextFromDirectoryEntry(deBase);
_connectedServer = ADUtils.GetServerName(deBase);
deBase = null;
}
catch (Exception e)
{
GlobalDebug.WriteLineIf(GlobalDebug.Error,
"PrincipalContext",
"DoLDAPDirectoryInitNoContainer: caught exception of type "
+ e.GetType().ToString() +
" and message " + e.Message);
// Cleanup on failure. Once a DE has been successfully handed off to a ADStoreCtx,
// that ADStoreCtx will handle Dispose()'ing it
deUserGroupOrg?.Dispose();
deComputer?.Dispose();
deBase?.Dispose();
storeCtxUserGroupOrg?.Dispose();
storeCtxComputer?.Dispose();
storeCtxBase?.Dispose();
throw;
}
}
private void DoLDAPDirectoryInit()
{
// use the servername if they gave us one, else let ADSI figure it out
string serverName = "";
if (_name != null)
{
if (_contextType == ContextType.ApplicationDirectory)
{
serverName = _serverProperties.dnsHostName + ":" +
((ContextOptions.SecureSocketLayer & _options) > 0 ? _serverProperties.portSSL : _serverProperties.portLDAP);
}
else
{
serverName = _name;
}
serverName += "/";
}
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInit: serverName is " + serverName);
// use the options they specified
AuthenticationTypes authTypes = SDSUtils.MapOptionsToAuthTypes(_options);
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInit: authTypes is " + authTypes.ToString());
DirectoryEntry de = new DirectoryEntry("LDAP://" + serverName + _container, _username, _password, authTypes);
try
{
// Set the password port to the ssl port read off of the rootDSE. Without this
// password change/set won't work when we connect without SSL and ADAM is running
// on non-standard port numbers. We have already verified directory connectivity at this point
// so this should always succeed.
if (_serverProperties.portSSL > 0)
{
de.Options.PasswordPort = _serverProperties.portSSL;
}
StoreCtx storeCtx = CreateContextFromDirectoryEntry(de);
_queryCtx = storeCtx;
_userCtx = storeCtx;
_groupCtx = storeCtx;
_computerCtx = storeCtx;
_connectedServer = ADUtils.GetServerName(de);
de = null;
}
catch (System.Runtime.InteropServices.COMException e)
{
throw ExceptionHelper.GetExceptionFromCOMException(e);
}
catch (Exception e)
{
GlobalDebug.WriteLineIf(GlobalDebug.Error, "PrincipalContext",
"DoLDAPDirectoryInit: caught exception of type "
+ e.GetType().ToString() +
" and message " + e.Message);
throw;
}
finally
{
// Cleanup the DE on failure
de?.Dispose();
}
}
private bool MoveNextLocal()
{
bool needToRetry;
do
{
needToRetry = false;
bool f = _membersEnumerator.MoveNext();
if (f) // got a value
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: got a value from the enumerator");
UnsafeNativeMethods.IADs nativeMember = (UnsafeNativeMethods.IADs)_membersEnumerator.Current;
// If we encountered a group member corresponding to a fake principal such as
// NT AUTHORITY/NETWORK SERVICE, construct and prepare to return the fake principal.
byte[] sid = (byte[])nativeMember.Get("objectSid");
SidType sidType = Utils.ClassifySID(sid);
if (sidType == SidType.FakeObject)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: fake principal, sid={0}", Utils.ByteArrayToString(sid));
_currentFakePrincipal = _storeCtx.ConstructFakePrincipalFromSID(sid);
_current = null;
_currentForeign = null;
if (_foreignResultSet != null)
{
_foreignResultSet.Dispose();
}
_foreignResultSet = null;
return(true);
}
// We do this, rather than using the DirectoryEntry constructor that takes a native IADs object,
// is so the credentials get transferred to the new DirectoryEntry. If we just use the native
// object constructor, the native object will have the right credentials, but the DirectoryEntry
// will have default (null) credentials, which it'll use anytime it needs to use credentials.
DirectoryEntry de = SDSUtils.BuildDirectoryEntry(
_storeCtx.Credentials,
_storeCtx.AuthTypes);
if (sidType == SidType.RealObjectFakeDomain)
{
// Transform the "WinNT://BUILTIN/foo" path to "WinNT://machineName/foo"
string builtinADsPath = nativeMember.ADsPath;
UnsafeNativeMethods.Pathname pathCracker = new UnsafeNativeMethods.Pathname();
UnsafeNativeMethods.IADsPathname pathName = (UnsafeNativeMethods.IADsPathname)pathCracker;
pathName.Set(builtinADsPath, 1 /* ADS_SETTYPE_FULL */);
// Build the "WinNT://" portion of the new path
StringBuilder adsPath = new StringBuilder();
adsPath.Append("WinNT://");
//adsPath.Append(pathName.Retrieve(9 /*ADS_FORMAT_SERVER */));
// Build the "WinNT://machineName/" portion of the new path
adsPath.Append(_storeCtx.MachineUserSuppliedName);
adsPath.Append('/');
// Build the "WinNT://machineName/foo" portion of the new path
int cElements = pathName.GetNumElements();
Debug.Assert(cElements >= 2); // "WinNT://BUILTIN/foo" == 2 elements
// Note that the ADSI WinNT provider indexes them backwards, e.g., in
// "WinNT://BUILTIN/A/B", BUILTIN == 2, A == 1, B == 0.
for (int i = cElements - 2; i >= 0; i--)
{
adsPath.Append(pathName.GetElement(i));
adsPath.Append('/');
}
adsPath.Remove(adsPath.Length - 1, 1); // remove the trailing "/"
de.Path = adsPath.ToString();
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: fake domain: {0} --> {1}", builtinADsPath, adsPath);
}
else
{
Debug.Assert(sidType == SidType.RealObject);
de.Path = nativeMember.ADsPath;
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: real domain {0}", de.Path);
}
// Debug.Assert(Utils.AreBytesEqual(sid, (byte[]) de.Properties["objectSid"].Value));
if (IsLocalMember(sid))
{
// If we're processing recursively, and the member is a group,
// we don't return it but instead treat it as something to recursively
// visit (expand) later.
if (!_recursive || !SAMUtils.IsOfObjectClass(de, "Group"))
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: setting current to {0}", de.Path);
// Not recursive, or not a group. Return the principal.
_current = de;
_currentFakePrincipal = null;
_currentForeign = null;
if (_foreignResultSet != null)
{
_foreignResultSet.Dispose();
}
_foreignResultSet = null;
return(true);
}
else
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: adding {0} to groupsToVisit", de.Path);
// Save off for later, if we haven't done so already.
if (!_groupsVisited.Contains(de.Path) && !_groupsToVisit.Contains(de.Path))
{
_groupsToVisit.Add(de.Path);
}
needToRetry = true;
continue;
}
}
else
{
// It's a foreign principal (e..g, an AD user or group).
// Save it off for later.
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: adding {0} to foreignMembers", de.Path);
_foreignMembers.Add(de);
needToRetry = true;
continue;
}
}
else
{
// We reached the end of this group's membership.
// If we're supposed to be recursively expanding, we need to expand
// any remaining non-foreign groups we earlier visited.
if (_recursive)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: recursive processing, groupsToVisit={0}", _groupsToVisit.Count);
if (_groupsToVisit.Count > 0)
{
// Pull off the next group to visit
string groupPath = _groupsToVisit[0];
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMMembersSet", "MoveNextLocal: recursively processing {0}", groupPath);
_groupsToVisit.RemoveAt(0);
_groupsVisited.Add(groupPath);
// Set up for the next round of enumeration
DirectoryEntry de = SDSUtils.BuildDirectoryEntry(
groupPath,
_storeCtx.Credentials,
_storeCtx.AuthTypes);
_group = (UnsafeNativeMethods.IADsGroup)de.NativeObject;
UnsafeNativeMethods.IADsMembers iADsMembers = _group.Members();
_membersEnumerator = ((IEnumerable)iADsMembers).GetEnumerator();
// and go on to the first member of this new group
needToRetry = true;
continue;
}
}
}
}while (needToRetry);
return(false);
}
private void DoLDAPDirectoryInitNoContainer()
{
string str = null;
string str1 = null;
byte[] numArray = new byte[] { 169, 209, 202, 21, 118, 136, 17, 209, 173, 237, 0, 192, 79, 216, 213, 205 };
byte[] numArray1 = numArray;
byte[] numArray2 = new byte[] { 170, 49, 40, 37, 118, 136, 17, 209, 173, 237, 0, 192, 79, 216, 213, 205 };
byte[] numArray3 = numArray2;
DirectoryEntry directoryEntry = null;
DirectoryEntry directoryEntry1 = null;
DirectoryEntry directoryEntry2 = null;
ADStoreCtx aDStoreCtx = null;
ADStoreCtx aDStoreCtx1 = null;
ADStoreCtx aDStoreCtx2 = null;
DirectoryEntry directoryEntry3 = null;
string str2 = "";
if (this.name != null)
{
str2 = string.Concat(this.name, "/");
}
AuthenticationTypes authTypes = SDSUtils.MapOptionsToAuthTypes(this.options);
using (directoryEntry3)
{
directoryEntry3 = new DirectoryEntry(string.Concat("LDAP://", str2, "rootDse"), this.username, this.password, authTypes);
string item = (string)directoryEntry3.Properties["defaultNamingContext"][0];
str = string.Concat("LDAP://", str2, item);
}
try
{
directoryEntry2 = new DirectoryEntry(str, this.username, this.password, authTypes);
if (this.serverProperties.portSSL > 0)
{
directoryEntry2.Options.PasswordPort = this.serverProperties.portSSL;
}
string str3 = null;
PropertyValueCollection propertyValueCollection = directoryEntry2.Properties["wellKnownObjects"];
foreach (UnsafeNativeMethods.IADsDNWithBinary aDsDNWithBinary in propertyValueCollection)
{
if (Utils.AreBytesEqual(numArray1, (byte[])aDsDNWithBinary.BinaryValue))
{
str3 = string.Concat("LDAP://", str2, aDsDNWithBinary.DNString);
}
if (!Utils.AreBytesEqual(numArray3, (byte[])aDsDNWithBinary.BinaryValue))
{
continue;
}
str1 = string.Concat("LDAP://", str2, aDsDNWithBinary.DNString);
}
if (str3 == null || str1 == null)
{
throw new PrincipalOperationException(StringResources.ContextNoWellKnownObjects);
}
else
{
directoryEntry = new DirectoryEntry(str3, this.username, this.password, authTypes);
directoryEntry1 = new DirectoryEntry(str1, this.username, this.password, authTypes);
StoreCtx storeCtx = this.CreateContextFromDirectoryEntry(directoryEntry);
this.userCtx = storeCtx;
this.groupCtx = storeCtx;
directoryEntry = null;
this.computerCtx = this.CreateContextFromDirectoryEntry(directoryEntry1);
directoryEntry1 = null;
this.queryCtx = this.CreateContextFromDirectoryEntry(directoryEntry2);
this.connectedServer = ADUtils.GetServerName(directoryEntry2);
directoryEntry2 = null;
}
}
catch (Exception exception)
{
if (directoryEntry != null)
{
directoryEntry.Dispose();
}
if (directoryEntry1 != null)
{
directoryEntry1.Dispose();
}
if (directoryEntry2 != null)
{
directoryEntry2.Dispose();
}
if (aDStoreCtx != null)
{
aDStoreCtx.Dispose();
}
if (aDStoreCtx1 != null)
{
aDStoreCtx1.Dispose();
}
if (aDStoreCtx2 != null)
{
aDStoreCtx2.Dispose();
}
throw;
}
}
private bool MoveNextMemberSearcher()
{
bool nextSearchResult;
bool flag = false;
do
{
nextSearchResult = this.GetNextSearchResult();
flag = false;
if (!nextSearchResult)
{
if (!this.recursive || this.groupsToVisit.Count <= 0)
{
continue;
}
string item = this.groupsToVisit[0];
this.groupsToVisit.RemoveAt(0);
this.groupsVisited.Add(item);
DirectoryEntry directoryEntry = SDSUtils.BuildDirectoryEntry(this.BuildPathFromDN(item), this.storeCtx.Credentials, this.storeCtx.AuthTypes);
this.storeCtx.InitializeNewDirectoryOptions(directoryEntry);
DirectorySearcher directorySearcher = SDSUtils.ConstructSearcher(directoryEntry);
directorySearcher.Filter = "(objectClass=*)";
directorySearcher.SearchScope = SearchScope.Base;
directorySearcher.AttributeScopeQuery = "member";
directorySearcher.CacheResults = false;
this.memberSearchersQueue.Enqueue(directorySearcher);
flag = true;
}
else
{
SearchResult current = (SearchResult)this.memberSearchResultsEnumerator.Current;
string str = (string)current.Properties["distinguishedName"][0];
if (ADUtils.IsOfObjectClass(current, "group") || ADUtils.IsOfObjectClass(current, "user") || ADUtils.IsOfObjectClass(current, "foreignSecurityPrincipal"))
{
if (!this.recursive || !ADUtils.IsOfObjectClass(current, "group"))
{
if (!this.recursive || !ADUtils.IsOfObjectClass(current, "foreignSecurityPrincipal"))
{
if (this.usersVisited.ContainsKey(current.Properties["distinguishedName"][0].ToString()))
{
flag = true;
}
else
{
this.current = current;
this.currentForeignDE = null;
this.currentForeignPrincipal = null;
this.usersVisited.Add(current.Properties["distinguishedName"][0].ToString(), true);
}
}
else
{
if (!this.usersVisited.ContainsKey(current.Properties["distinguishedName"][0].ToString()))
{
this.foreignMembersCurrentGroup.Add(current.GetDirectoryEntry());
this.usersVisited.Add(current.Properties["distinguishedName"][0].ToString(), true);
}
flag = true;
}
}
else
{
if (!this.groupsVisited.Contains(str) && !this.groupsToVisit.Contains(str))
{
this.groupsToVisit.Add(str);
}
flag = true;
}
}
else
{
flag = true;
}
}
}while (flag);
return(nextSearchResult);
}
private bool MoveNextMemberEnum()
{
bool nextEnum;
bool flag = false;
bool flag1 = false;
do
{
nextEnum = this.GetNextEnum();
flag = false;
flag1 = false;
if (!nextEnum)
{
if (!this.recursive || this.groupsToVisit.Count <= 0)
{
continue;
}
string item = this.groupsToVisit[0];
this.groupsToVisit.RemoveAt(0);
this.groupsVisited.Add(item);
DirectoryEntry directoryEntry = SDSUtils.BuildDirectoryEntry(this.BuildPathFromDN(item), this.storeCtx.Credentials, this.storeCtx.AuthTypes);
this.storeCtx.InitializeNewDirectoryOptions(directoryEntry);
this.membersQueue.Enqueue(new RangeRetriever(directoryEntry, "member", true));
flag = true;
}
else
{
DirectoryEntry directoryEntry1 = null;
using (directoryEntry1)
{
if (!flag1 || directoryEntry1 == null)
{
string current = (string)this.membersEnum.Current;
directoryEntry1 = SDSUtils.BuildDirectoryEntry(this.BuildPathFromDN(current), this.storeCtx.Credentials, this.storeCtx.AuthTypes);
this.storeCtx.InitializeNewDirectoryOptions(directoryEntry1);
this.storeCtx.LoadDirectoryEntryAttributes(directoryEntry1);
if (ADUtils.IsOfObjectClass(directoryEntry1, "group") || ADUtils.IsOfObjectClass(directoryEntry1, "user") || ADUtils.IsOfObjectClass(directoryEntry1, "foreignSecurityPrincipal"))
{
if (!this.recursive || !ADUtils.IsOfObjectClass(directoryEntry1, "group"))
{
if (!this.recursive || !ADUtils.IsOfObjectClass(directoryEntry1, "foreignSecurityPrincipal"))
{
if (this.usersVisited.ContainsKey(directoryEntry1.Properties["distinguishedName"][0].ToString()))
{
flag = true;
}
else
{
this.current = directoryEntry1;
this.currentForeignDE = null;
this.currentForeignPrincipal = null;
this.usersVisited.Add(directoryEntry1.Properties["distinguishedName"][0].ToString(), true);
flag1 = false;
}
}
else
{
if (!this.usersVisited.ContainsKey(directoryEntry1.Properties["distinguishedName"][0].ToString()))
{
this.foreignMembersCurrentGroup.Add(directoryEntry1);
this.usersVisited.Add(directoryEntry1.Properties["distinguishedName"][0].ToString(), true);
flag1 = false;
}
flag = true;
}
}
else
{
if (!this.groupsVisited.Contains(current) && !this.groupsToVisit.Contains(current))
{
this.groupsToVisit.Add(current);
}
flag = true;
}
}
else
{
flag = true;
}
}
}
}
}while (flag);
return(nextEnum);
}
private bool MoveNextLocal()
{
bool flag;
do
{
flag = false;
bool flag1 = this.membersEnumerator.MoveNext();
if (!flag1)
{
if (!this.recursive || this.groupsToVisit.Count <= 0)
{
continue;
}
string item = this.groupsToVisit[0];
this.groupsToVisit.RemoveAt(0);
this.groupsVisited.Add(item);
DirectoryEntry directoryEntry = SDSUtils.BuildDirectoryEntry(item, this.storeCtx.Credentials, this.storeCtx.AuthTypes);
this.@group = (UnsafeNativeMethods.IADsGroup)directoryEntry.NativeObject;
UnsafeNativeMethods.IADsMembers aDsMember = [email protected]();
this.membersEnumerator = ((IEnumerable)aDsMember).GetEnumerator();
flag = true;
}
else
{
UnsafeNativeMethods.IADs current = (UnsafeNativeMethods.IADs) this.membersEnumerator.Current;
byte[] numArray = (byte[])current.Get("objectSid");
SidType sidType = Utils.ClassifySID(numArray);
if (sidType != SidType.FakeObject)
{
DirectoryEntry aDsPath = SDSUtils.BuildDirectoryEntry(this.storeCtx.Credentials, this.storeCtx.AuthTypes);
if (sidType != SidType.RealObjectFakeDomain)
{
aDsPath.Path = current.ADsPath;
}
else
{
string str = current.ADsPath;
UnsafeNativeMethods.Pathname pathname = new UnsafeNativeMethods.Pathname();
UnsafeNativeMethods.IADsPathname aDsPathname = (UnsafeNativeMethods.IADsPathname)pathname;
aDsPathname.Set(str, 1);
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append("WinNT://");
stringBuilder.Append(this.storeCtx.MachineUserSuppliedName);
stringBuilder.Append("/");
int numElements = aDsPathname.GetNumElements();
for (int i = numElements - 2; i >= 0; i--)
{
stringBuilder.Append(aDsPathname.GetElement(i));
stringBuilder.Append("/");
}
stringBuilder.Remove(stringBuilder.Length - 1, 1);
aDsPath.Path = stringBuilder.ToString();
}
if (!this.IsLocalMember(numArray))
{
this.foreignMembers.Add(aDsPath);
flag = true;
}
else
{
if (!this.recursive || !SAMUtils.IsOfObjectClass(aDsPath, "Group"))
{
this.current = aDsPath;
this.currentFakePrincipal = null;
this.currentForeign = null;
if (this.foreignResultSet != null)
{
this.foreignResultSet.Dispose();
}
this.foreignResultSet = null;
return(true);
}
else
{
if (!this.groupsVisited.Contains(aDsPath.Path) && !this.groupsToVisit.Contains(aDsPath.Path))
{
this.groupsToVisit.Add(aDsPath.Path);
}
flag = true;
}
}
}
else
{
this.currentFakePrincipal = this.storeCtx.ConstructFakePrincipalFromSID(numArray);
this.current = null;
this.currentForeign = null;
if (this.foreignResultSet != null)
{
this.foreignResultSet.Dispose();
}
this.foreignResultSet = null;
return(true);
}
}
}while (flag);
return(false);
}
