public void TestComInterfaces()
{
using (DirectoryEntry de = CreateRootEntry())
{
DeleteOU(de, "dateRoot");
try
{
using (DirectoryEntry rootOU = CreateOU(de, "dateRoot", "Date OU"))
{
long deTime = GetTimeValue((IADsLargeInteger)de.Properties["uSNCreated"].Value);
long rootOUTime = GetTimeValue((IADsLargeInteger)rootOU.Properties["uSNCreated"].Value);
// we are sure rootOU is created after de
Assert.True(rootOUTime > deTime);
IADs iads = (IADs)rootOU.NativeObject;
Assert.Equal("ou=dateRoot", iads.Name);
Assert.Equal("Class", iads.Class);
Assert.True(iads.ADsPath.IndexOf(LdapConfiguration.Configuration.ServerName, StringComparison.OrdinalIgnoreCase) >= 0);
IADsSecurityDescriptor iadsSD = (IADsSecurityDescriptor)de.Properties["ntSecurityDescriptor"].Value;
Assert.True(LdapConfiguration.Configuration.Domain.IndexOf(iadsSD.Owner.Split('\\')[0], StringComparison.OrdinalIgnoreCase) >= 0);
Assert.True(LdapConfiguration.Configuration.Domain.IndexOf(iadsSD.Group.Split('\\')[0], StringComparison.OrdinalIgnoreCase) >= 0);
}
}
finally
{
DeleteOU(de, "dateRoot");
}
}
}
private void setManagedBy(string managerLDAPPath, bool managerUpdateMembershipList, DirectoryEntry group)
{
DirectoryEntry managedBy = new DirectoryEntry(managerLDAPPath, credentials.UserName + "@" + credentials.Domain, credentials.Password);
string managedBymanagerDistinguishedName = managedBy.Properties["distinguishedName"].Value.ToString();
string userPrincipalName = managedBy.Properties["userPrincipalName"].Value.ToString();
string managedBysAMAccountName = userPrincipalName.Split('@')[0];
string managedByDomainName = userPrincipalName.Split('@')[1].Replace(".com", "");
setSinglePropertyValue(group, "managedBy", managedBymanagerDistinguishedName);
if (managerUpdateMembershipList)
{
IADsSecurityDescriptor sd = (IADsSecurityDescriptor)group.Properties["ntSecurityDescriptor"].Value;
IADsAccessControlList dacl = (IADsAccessControlList)sd.DiscretionaryAcl;
IADsAccessControlEntry ace = new AccessControlEntry();
ace.Trustee = string.Format("{0}\\{1}", managedByDomainName, managedBysAMAccountName);
ace.AccessMask = (int)ADS_RIGHTS_ENUM.ADS_RIGHT_DS_WRITE_PROP;
ace.AceFlags = (int)ADS_ACEFLAG_ENUM.ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE;
ace.AceType = (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED_OBJECT;
ace.Flags = (int)ADS_FLAGTYPE_ENUM.ADS_FLAG_OBJECT_TYPE_PRESENT;
ace.ObjectType = "{BF9679C0-0DE6-11D0-A285-00AA003049E2}";
dacl.AddAce(ace);
sd.DiscretionaryAcl = dacl;
((IADsGroup)group.NativeObject).Put("ntSecurityDescriptor", sd);
((IADsGroup)group.NativeObject).SetInfo();
}
}
public void ReplacePermisions(Computer baseComputer)
{
//create a temporary acl
IADsAccessControlList acl = AccessControlList;
IADsAccessControlList baseacl = baseComputer.AccessControlList;
IADsSecurityDescriptor sd = SecurityDescriptor;
sd.DiscretionaryAcl = baseacl;
SecurityDescriptor = sd;
}
public void ReadSecurityDescriptorWithInterop()
{
DirectoryEntry entry = TestUtils.GetDefaultPartition();
using (entry)
{
IADsSecurityDescriptor sd =
(IADsSecurityDescriptor)entry.Properties["ntSecurityDescriptor"].Value;
Console.WriteLine("Owner= {0}", sd.Owner);
}
}
public AccessControlList(DirectoryEntry user)
{
_user = user;
if (_securityDescriptor == null)
{
try
{
_securityDescriptor = _user.Properties["ntSecurityDescriptor"].Value as IADsSecurityDescriptor;
_accessControlList = _securityDescriptor.DiscretionaryAcl as IADsAccessControlList;
}
catch (Exception e)
{
//trace error
}
}
Fill();
}
public void GetSecurityDescriptorViaInterop()
{
DirectoryEntry entry = TestUtils.GetDefaultPartition();
IADsSecurityDescriptor sd = (IADsSecurityDescriptor)
entry.Properties["ntSecurityDescriptor"].Value;
IADsAccessControlList dacl =
(IADsAccessControlList)sd.DiscretionaryAcl;
foreach (IADsAccessControlEntry ace in (IEnumerable)dacl)
{
Console.WriteLine("Trustee: {0}", ace.Trustee);
Console.WriteLine("AccessMask: {0}", ace.AccessMask);
Console.WriteLine("Access Type: {0}", ace.AceType);
Console.WriteLine("Access Flags: {0}", ace.AceFlags);
}
}
class a { static void Main()
{
//ldap root
DirectoryEntry de = new DirectoryEntry("LDAP://DC=root,DC=f**k");
object o = null;
//IADsLargeInteger
o = de.Properties["creationTime"].Value;
w(o);
w(o is IADsLargeInteger);
IADsLargeInteger li = o as IADsLargeInteger;
w(makelong(li.HighPart, li.LowPart));
w(DateTime.FromFileTimeUtc(makelong(li.HighPart, li.LowPart)));
//IADsSecurityDescriptor
o = de.Properties["nTSecurityDescriptor"].Value;
w(o);
w(o is IADsSecurityDescriptor);
IADsSecurityDescriptor id = o as IADsSecurityDescriptor;
w(id.Group);
w(id.Owner);
int ADS_SD_FORMAT_IID = 1;
int ADS_SD_FORMAT_RAW = 2;
int ADS_SD_FORMAT_HEXSTRING = 3;
ADsSecurityUtilityClass suc = new ADsSecurityUtilityClass();
w(suc.ConvertSecurityDescriptor(id, ADS_SD_FORMAT_IID, ADS_SD_FORMAT_RAW));
ActiveDirectorySecurity adsec = new ActiveDirectorySecurity();
adsec.SetSecurityDescriptorBinaryForm(suc.ConvertSecurityDescriptor(id, ADS_SD_FORMAT_IID, ADS_SD_FORMAT_RAW) as byte[]);
w(adsec.GetSecurityDescriptorSddlForm(AccessControlSections.All));
w(suc.ConvertSecurityDescriptor(id, ADS_SD_FORMAT_IID, ADS_SD_FORMAT_HEXSTRING));
//IADsDNWithBinary
o = de.Properties["wellKnownObjects"].Value;
w(o);
o = (de.Properties["wellKnownObjects"].Value as object[])[0];
w(o);
w(o is IADsDNWithBinary);
IADsDNWithBinary dnb = o as IADsDNWithBinary;
w(dnb.DNString);
//IADsDNWithString
//与IADsDNWithBinary代码类似,但未找到此类型的属性
}
/// <summary>
/// Sets the permission to join this computer to the domain to a trustee such as domain\user or Authenticated Users
/// </summary>
/// <param name="Trustee"></param>
public void SetJoinPermissions(string Trustee)
{
//create a temporary acl
IADsAccessControlList acl = AccessControlList;
//Gets aces from tools
Tools.ADACEComputerJoinPermissions acllist = new Tools.ADACEComputerJoinPermissions(Trustee);
foreach (IADsAccessControlEntry ace in acllist.ace_writeaccountrestrictions)
{
acl.AddAce(ace);
}
//Update the security descriptor with the new ACL
IADsSecurityDescriptor sd = SecurityDescriptor;
sd.DiscretionaryAcl = acl;
SecurityDescriptor = sd;
}
public void UpdateSecurityDescriptorViaInterop()
{
//point this to any object (I chose a user)
DirectoryEntry entry = TestUtils.CreateDirectoryEntry(
"CN=User1,OU=Users," + TestUtils.Settings.DefaultPartition);
IADsAccessControlEntry newAce = new AccessControlEntryClass();
IADsSecurityDescriptor sd = (IADsSecurityDescriptor)
entry.Properties["ntSecurityDescriptor"].Value;
IADsAccessControlList dacl =
(IADsAccessControlList)sd.DiscretionaryAcl;
newAce.Trustee = @"mydomain\some user"; //update this to your needs
newAce.AccessMask = -1; //all flags
newAce.AceType = 0; //access allowed
dacl.AddAce(newAce);
sd.DiscretionaryAcl = dacl;
entry.Properties["ntSecurityDescriptor"].Value = sd;
entry.CommitChanges();
}
/// <summary>
/// Convert the specified property to the target type
/// </summary>
/// <param name="directoryEntry">DirectoryEntry</param>
/// <param name="propertyName">string</param>
/// <param name="targetType">Type</param>
/// <returns>object</returns>
public static object ConvertProperty(this DirectoryEntry directoryEntry, string propertyName, Type targetType = null)
{
targetType ??= typeof(string);
bool isId = propertyName == "uSNChanged" || propertyName == "uSNCreated";
var value = directoryEntry.Properties[propertyName].Value;
var valueType = value.GetType();
if (targetType.IsAssignableFrom(valueType))
{
return(value);
}
if (targetType == typeof(string))
{
return(value switch
{
IAdsLargeInteger largeIntegerToString when isId => largeIntegerToString.ToLong()?.ToString() ?? "n.a.",
IAdsLargeInteger largeIntegerToString => largeIntegerToString.ToDateTimeOffset()?.ToString() ?? "empty",
IADsSecurityDescriptor securityDescriptor => $"{securityDescriptor.Group}-{securityDescriptor.Owner}",
object[] objects => string.Join(",", objects.Select(o => o.ToString())),
byte[] bytes => string.Join(",", bytes),
_ => value.ToString(),
});
