protected Dictionary <string, CentralAccessPolicy> QueryCaps(string domainName, string userName, string password)
{
Dictionary <string, CentralAccessRule> rules = new Dictionary <string, CentralAccessRule>();
Dictionary <string, CentralAccessPolicy> policies = new Dictionary <string, CentralAccessPolicy>();
string[] domainNameTokens = domainName.Split('.');
string admin = $"{domainNameTokens[0].ToUpper()}\\{userName}";
StringBuilder bindString = new StringBuilder("CN=Claims Configuration,CN=Services,CN=Configuration");
foreach (string domainNameToken in domainNameTokens)
{
bindString.Append(",DC=");
bindString.Append(domainNameToken);
}
string searchBase = bindString.ToString();
using (LdapConnection conn = new LdapConnection())
{
conn.Connect(domainName, 389);
conn.Bind(admin, password);
var results = conn.Search(searchBase, LdapConnection.ScopeSub, "(objectClass=msAuthz-CentralAccessRule)", new string[] { "cn", "distinguishedName", "msAuthz-EffectiveSecurityPolicy", "msAuthz-ResourceCondition" }, false);
var entryList = results.GetAllLdapEntries();
foreach (KeyValuePair <string, IList <LdapAttribute> > kvp in entryList)
{
string dn = kvp.Value.GetStringValueFromAttributes("distinguishedName");
string carName = kvp.Value.GetStringValueFromAttributes("cn");
string sddl = kvp.Value.GetStringValueFromAttributes("msAuthz-EffectiveSecurityPolicy");
string resourceCondition = kvp.Value.GetStringValueFromAttributes("msAuthz-ResourceCondition");
CentralAccessRule rule = new CentralAccessRule {
Name = carName, Sddl = sddl, ResourceCondition = resourceCondition
};
rules.Add(dn, rule);
}
results = conn.Search(searchBase, LdapConnection.ScopeSub, "(objectClass=msAuthz-CentralAccessPolicy)", new string[] { "cn", "msAuthz-CentralAccessPolicyID", "msAuthz-MemberRulesInCentralAccessPolicy" }, false);
var policyEntryList = results.GetAllLdapEntries();
foreach (KeyValuePair <string, IList <LdapAttribute> > kvp in policyEntryList)
{
CentralAccessPolicy policy = new CentralAccessPolicy();
string capName = kvp.Value.GetStringValueFromAttributes("cn");
policy.Name = capName;
byte[] sidInBinary = (byte[])kvp.Value.GetBytesValueFromAttributes("msAuthz-CentralAccessPolicyID")[0];
_SID capId = TypeMarshal.ToStruct <_SID>(sidInBinary);
policy.Id = capId;
IList <string> rulesPath = kvp.Value.GetStringListValueFromAttributes("msAuthz-MemberRulesInCentralAccessPolicy");
foreach (string ruleDN in rulesPath)
{
policy.MemberRules.Add(rules[ruleDN]);
}
policies.Add(capName, policy);
}
conn.Disconnect();
}
return(policies);
}
protected Dictionary <string, CentralAccessPolicy> QueryCaps(string domainName, string userName, string password)
{
Dictionary <string, CentralAccessRule> rules = new Dictionary <string, CentralAccessRule>();
Dictionary <string, CentralAccessPolicy> policies = new Dictionary <string, CentralAccessPolicy>();
string[] domainNameTokens = domainName.Split('.');
Debug.Assert(domainNameTokens.Length >= 2, "Domain name has at least 2 parts.");
StringBuilder bindString = new StringBuilder("LDAP://CN=Claims Configuration,CN=Services,CN=Configuration");
foreach (string domainNameToken in domainNameTokens)
{
bindString.Append(",DC=");
bindString.Append(domainNameToken);
}
using (DirectoryEntry ldapConnection = new DirectoryEntry(bindString.ToString()))
{
ldapConnection.AuthenticationType = AuthenticationTypes.Secure;
ldapConnection.Username = userName;
ldapConnection.Password = password;
using (DirectorySearcher AccessRuleSearcher = new DirectorySearcher(ldapConnection, "(objectClass=msAuthz-CentralAccessRule)",
new string[] { "cn", "distinguishedName", "msAuthz-EffectiveSecurityPolicy", "msAuthz-ResourceCondition" },
SearchScope.Subtree))
using (SearchResultCollection searchResults = AccessRuleSearcher.FindAll())
{
foreach (SearchResult searchResult in searchResults)
{
string dn = (string)searchResult.Properties["distinguishedName"][0];
string carName = (string)searchResult.Properties["cn"][0];
string sddl = (string)searchResult.Properties["msAuthz-EffectiveSecurityPolicy"][0];
string resourceCondition = null;
if (searchResult.Properties["msAuthz-ResourceCondition"].Count > 0)
{
resourceCondition = (string)searchResult.Properties["msAuthz-ResourceCondition"][0];
}
CentralAccessRule rule = new CentralAccessRule {
Name = carName, Sddl = sddl, ResourceCondition = resourceCondition
};
rules.Add(dn, rule);
}
}
using (DirectorySearcher AccessPolicySearcher = new DirectorySearcher(ldapConnection, "(objectClass=msAuthz-CentralAccessPolicy)",
new string[] { "cn", "msAuthz-CentralAccessPolicyID", "msAuthz-MemberRulesInCentralAccessPolicy" },
SearchScope.Subtree))
using (SearchResultCollection searchResults = AccessPolicySearcher.FindAll())
{
foreach (SearchResult searchResult in searchResults)
{
CentralAccessPolicy policy = new CentralAccessPolicy();
string capName = (string)searchResult.Properties["cn"][0];
policy.Name = capName;
byte[] sidInBinary = (byte[])searchResult.Properties["msAuthz-CentralAccessPolicyID"][0];
_SID capId = TypeMarshal.ToStruct <_SID>(sidInBinary);
policy.Id = capId;
ResultPropertyValueCollection rulesPath = searchResult.Properties["msAuthz-MemberRulesInCentralAccessPolicy"];
foreach (string ruleDN in rulesPath)
{
policy.MemberRules.Add(rules[ruleDN]);
}
policies.Add(capName, policy);
}
}
}
return(policies);
}
protected Dictionary<string, CentralAccessPolicy> QueryCaps(string domainName, string userName, string password)
{
Dictionary<string, CentralAccessRule> rules = new Dictionary<string, CentralAccessRule>();
Dictionary<string, CentralAccessPolicy> policies = new Dictionary<string, CentralAccessPolicy>();
string[] domainNameTokens = domainName.Split('.');
Debug.Assert(domainNameTokens.Length >= 2, "Domain name has at least 2 parts.");
StringBuilder bindString = new StringBuilder("LDAP://CN=Claims Configuration,CN=Services,CN=Configuration");
foreach (string domainNameToken in domainNameTokens)
{
bindString.Append(",DC=");
bindString.Append(domainNameToken);
}
using (DirectoryEntry ldapConnection = new DirectoryEntry(bindString.ToString()))
{
ldapConnection.AuthenticationType = AuthenticationTypes.Secure;
ldapConnection.Username = userName;
ldapConnection.Password = password;
using (DirectorySearcher AccessRuleSearcher = new DirectorySearcher(ldapConnection, "(objectClass=msAuthz-CentralAccessRule)",
new string[] { "cn", "distinguishedName", "msAuthz-EffectiveSecurityPolicy", "msAuthz-ResourceCondition" },
SearchScope.Subtree))
using (SearchResultCollection searchResults = AccessRuleSearcher.FindAll())
{
foreach (SearchResult searchResult in searchResults)
{
string dn = (string)searchResult.Properties["distinguishedName"][0];
string carName = (string)searchResult.Properties["cn"][0];
string sddl = (string)searchResult.Properties["msAuthz-EffectiveSecurityPolicy"][0];
string resourceCondition = null;
if (searchResult.Properties["msAuthz-ResourceCondition"].Count > 0)
{
resourceCondition = (string)searchResult.Properties["msAuthz-ResourceCondition"][0];
}
CentralAccessRule rule = new CentralAccessRule { Name = carName, Sddl = sddl, ResourceCondition = resourceCondition };
rules.Add(dn, rule);
}
}
using (DirectorySearcher AccessPolicySearcher = new DirectorySearcher(ldapConnection, "(objectClass=msAuthz-CentralAccessPolicy)",
new string[] { "cn", "msAuthz-CentralAccessPolicyID", "msAuthz-MemberRulesInCentralAccessPolicy" },
SearchScope.Subtree))
using (SearchResultCollection searchResults = AccessPolicySearcher.FindAll())
{
foreach (SearchResult searchResult in searchResults)
{
CentralAccessPolicy policy = new CentralAccessPolicy();
string capName = (string)searchResult.Properties["cn"][0];
policy.Name = capName;
byte[] sidInBinary = (byte[])searchResult.Properties["msAuthz-CentralAccessPolicyID"][0];
_SID capId = TypeMarshal.ToStruct<_SID>(sidInBinary);
policy.Id = capId;
ResultPropertyValueCollection rulesPath = searchResult.Properties["msAuthz-MemberRulesInCentralAccessPolicy"];
foreach (string ruleDN in rulesPath)
{
policy.MemberRules.Add(rules[ruleDN]);
}
policies.Add(capName, policy);
}
}
}
return policies;
}
// Module defining this command
// Optional custom code for this activity
/// <summary>
/// Returns a configured instance of System.Management.Automation.PowerShell, pre-populated with the command to run.
/// </summary>
/// <param name="context">The NativeActivityContext for the currently running activity.</param>
/// <returns>A populated instance of System.Management.Automation.PowerShell</returns>
/// <remarks>The infrastructure takes responsibility for closing and disposing the PowerShell instance returned.</remarks>
protected override ActivityImplementationContext GetPowerShell(NativeActivityContext context)
{
System.Management.Automation.PowerShell invoker = global::System.Management.Automation.PowerShell.Create();
System.Management.Automation.PowerShell targetCommand = invoker.AddCommand(PSCommandName);
// Initialize the arguments
if (Path.Expression != null)
{
targetCommand.AddParameter("Path", Path.Get(context));
}
if (InputObject.Expression != null)
{
targetCommand.AddParameter("InputObject", InputObject.Get(context));
}
if (LiteralPath.Expression != null)
{
targetCommand.AddParameter("LiteralPath", LiteralPath.Get(context));
}
if (AclObject.Expression != null)
{
targetCommand.AddParameter("AclObject", AclObject.Get(context));
}
if (SecurityDescriptor.Expression != null)
{
targetCommand.AddParameter("SecurityDescriptor", SecurityDescriptor.Get(context));
}
if (CentralAccessPolicy.Expression != null)
{
targetCommand.AddParameter("CentralAccessPolicy", CentralAccessPolicy.Get(context));
}
if (ClearCentralAccessPolicy.Expression != null)
{
targetCommand.AddParameter("ClearCentralAccessPolicy", ClearCentralAccessPolicy.Get(context));
}
if (Passthru.Expression != null)
{
targetCommand.AddParameter("Passthru", Passthru.Get(context));
}
if (Filter.Expression != null)
{
targetCommand.AddParameter("Filter", Filter.Get(context));
}
if (Include.Expression != null)
{
targetCommand.AddParameter("Include", Include.Get(context));
}
if (Exclude.Expression != null)
{
targetCommand.AddParameter("Exclude", Exclude.Get(context));
}
return(new ActivityImplementationContext()
{
PowerShellInstance = invoker
});
}
