public void TestComInterfaces() { using (DirectoryEntry de = CreateRootEntry()) { DeleteOU(de, "dateRoot"); try { using (DirectoryEntry rootOU = CreateOU(de, "dateRoot", "Date OU")) { long deTime = GetTimeValue((IADsLargeInteger)de.Properties["uSNCreated"].Value); long rootOUTime = GetTimeValue((IADsLargeInteger)rootOU.Properties["uSNCreated"].Value); // we are sure rootOU is created after de Assert.True(rootOUTime > deTime); IADs iads = (IADs)rootOU.NativeObject; Assert.Equal("ou=dateRoot", iads.Name); Assert.Equal("Class", iads.Class); Assert.True(iads.ADsPath.IndexOf(LdapConfiguration.Configuration.ServerName, StringComparison.OrdinalIgnoreCase) >= 0); IADsSecurityDescriptor iadsSD = (IADsSecurityDescriptor)de.Properties["ntSecurityDescriptor"].Value; Assert.True(LdapConfiguration.Configuration.Domain.IndexOf(iadsSD.Owner.Split('\\')[0], StringComparison.OrdinalIgnoreCase) >= 0); Assert.True(LdapConfiguration.Configuration.Domain.IndexOf(iadsSD.Group.Split('\\')[0], StringComparison.OrdinalIgnoreCase) >= 0); } } finally { DeleteOU(de, "dateRoot"); } } }
private void setManagedBy(string managerLDAPPath, bool managerUpdateMembershipList, DirectoryEntry group) { DirectoryEntry managedBy = new DirectoryEntry(managerLDAPPath, credentials.UserName + "@" + credentials.Domain, credentials.Password); string managedBymanagerDistinguishedName = managedBy.Properties["distinguishedName"].Value.ToString(); string userPrincipalName = managedBy.Properties["userPrincipalName"].Value.ToString(); string managedBysAMAccountName = userPrincipalName.Split('@')[0]; string managedByDomainName = userPrincipalName.Split('@')[1].Replace(".com", ""); setSinglePropertyValue(group, "managedBy", managedBymanagerDistinguishedName); if (managerUpdateMembershipList) { IADsSecurityDescriptor sd = (IADsSecurityDescriptor)group.Properties["ntSecurityDescriptor"].Value; IADsAccessControlList dacl = (IADsAccessControlList)sd.DiscretionaryAcl; IADsAccessControlEntry ace = new AccessControlEntry(); ace.Trustee = string.Format("{0}\\{1}", managedByDomainName, managedBysAMAccountName); ace.AccessMask = (int)ADS_RIGHTS_ENUM.ADS_RIGHT_DS_WRITE_PROP; ace.AceFlags = (int)ADS_ACEFLAG_ENUM.ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE; ace.AceType = (int)ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED_OBJECT; ace.Flags = (int)ADS_FLAGTYPE_ENUM.ADS_FLAG_OBJECT_TYPE_PRESENT; ace.ObjectType = "{BF9679C0-0DE6-11D0-A285-00AA003049E2}"; dacl.AddAce(ace); sd.DiscretionaryAcl = dacl; ((IADsGroup)group.NativeObject).Put("ntSecurityDescriptor", sd); ((IADsGroup)group.NativeObject).SetInfo(); } }
public void ReplacePermisions(Computer baseComputer) { //create a temporary acl IADsAccessControlList acl = AccessControlList; IADsAccessControlList baseacl = baseComputer.AccessControlList; IADsSecurityDescriptor sd = SecurityDescriptor; sd.DiscretionaryAcl = baseacl; SecurityDescriptor = sd; }
public void ReadSecurityDescriptorWithInterop() { DirectoryEntry entry = TestUtils.GetDefaultPartition(); using (entry) { IADsSecurityDescriptor sd = (IADsSecurityDescriptor)entry.Properties["ntSecurityDescriptor"].Value; Console.WriteLine("Owner= {0}", sd.Owner); } }
public AccessControlList(DirectoryEntry user) { _user = user; if (_securityDescriptor == null) { try { _securityDescriptor = _user.Properties["ntSecurityDescriptor"].Value as IADsSecurityDescriptor; _accessControlList = _securityDescriptor.DiscretionaryAcl as IADsAccessControlList; } catch (Exception e) { //trace error } } Fill(); }
public void GetSecurityDescriptorViaInterop() { DirectoryEntry entry = TestUtils.GetDefaultPartition(); IADsSecurityDescriptor sd = (IADsSecurityDescriptor) entry.Properties["ntSecurityDescriptor"].Value; IADsAccessControlList dacl = (IADsAccessControlList)sd.DiscretionaryAcl; foreach (IADsAccessControlEntry ace in (IEnumerable)dacl) { Console.WriteLine("Trustee: {0}", ace.Trustee); Console.WriteLine("AccessMask: {0}", ace.AccessMask); Console.WriteLine("Access Type: {0}", ace.AceType); Console.WriteLine("Access Flags: {0}", ace.AceFlags); } }
class a { static void Main() { //ldap root DirectoryEntry de = new DirectoryEntry("LDAP://DC=root,DC=f**k"); object o = null; //IADsLargeInteger o = de.Properties["creationTime"].Value; w(o); w(o is IADsLargeInteger); IADsLargeInteger li = o as IADsLargeInteger; w(makelong(li.HighPart, li.LowPart)); w(DateTime.FromFileTimeUtc(makelong(li.HighPart, li.LowPart))); //IADsSecurityDescriptor o = de.Properties["nTSecurityDescriptor"].Value; w(o); w(o is IADsSecurityDescriptor); IADsSecurityDescriptor id = o as IADsSecurityDescriptor; w(id.Group); w(id.Owner); int ADS_SD_FORMAT_IID = 1; int ADS_SD_FORMAT_RAW = 2; int ADS_SD_FORMAT_HEXSTRING = 3; ADsSecurityUtilityClass suc = new ADsSecurityUtilityClass(); w(suc.ConvertSecurityDescriptor(id, ADS_SD_FORMAT_IID, ADS_SD_FORMAT_RAW)); ActiveDirectorySecurity adsec = new ActiveDirectorySecurity(); adsec.SetSecurityDescriptorBinaryForm(suc.ConvertSecurityDescriptor(id, ADS_SD_FORMAT_IID, ADS_SD_FORMAT_RAW) as byte[]); w(adsec.GetSecurityDescriptorSddlForm(AccessControlSections.All)); w(suc.ConvertSecurityDescriptor(id, ADS_SD_FORMAT_IID, ADS_SD_FORMAT_HEXSTRING)); //IADsDNWithBinary o = de.Properties["wellKnownObjects"].Value; w(o); o = (de.Properties["wellKnownObjects"].Value as object[])[0]; w(o); w(o is IADsDNWithBinary); IADsDNWithBinary dnb = o as IADsDNWithBinary; w(dnb.DNString); //IADsDNWithString //与IADsDNWithBinary代码类似,但未找到此类型的属性 }
/// <summary> /// Sets the permission to join this computer to the domain to a trustee such as domain\user or Authenticated Users /// </summary> /// <param name="Trustee"></param> public void SetJoinPermissions(string Trustee) { //create a temporary acl IADsAccessControlList acl = AccessControlList; //Gets aces from tools Tools.ADACEComputerJoinPermissions acllist = new Tools.ADACEComputerJoinPermissions(Trustee); foreach (IADsAccessControlEntry ace in acllist.ace_writeaccountrestrictions) { acl.AddAce(ace); } //Update the security descriptor with the new ACL IADsSecurityDescriptor sd = SecurityDescriptor; sd.DiscretionaryAcl = acl; SecurityDescriptor = sd; }
public void UpdateSecurityDescriptorViaInterop() { //point this to any object (I chose a user) DirectoryEntry entry = TestUtils.CreateDirectoryEntry( "CN=User1,OU=Users," + TestUtils.Settings.DefaultPartition); IADsAccessControlEntry newAce = new AccessControlEntryClass(); IADsSecurityDescriptor sd = (IADsSecurityDescriptor) entry.Properties["ntSecurityDescriptor"].Value; IADsAccessControlList dacl = (IADsAccessControlList)sd.DiscretionaryAcl; newAce.Trustee = @"mydomain\some user"; //update this to your needs newAce.AccessMask = -1; //all flags newAce.AceType = 0; //access allowed dacl.AddAce(newAce); sd.DiscretionaryAcl = dacl; entry.Properties["ntSecurityDescriptor"].Value = sd; entry.CommitChanges(); }
/// <summary> /// Convert the specified property to the target type /// </summary> /// <param name="directoryEntry">DirectoryEntry</param> /// <param name="propertyName">string</param> /// <param name="targetType">Type</param> /// <returns>object</returns> public static object ConvertProperty(this DirectoryEntry directoryEntry, string propertyName, Type targetType = null) { targetType ??= typeof(string); bool isId = propertyName == "uSNChanged" || propertyName == "uSNCreated"; var value = directoryEntry.Properties[propertyName].Value; var valueType = value.GetType(); if (targetType.IsAssignableFrom(valueType)) { return(value); } if (targetType == typeof(string)) { return(value switch { IAdsLargeInteger largeIntegerToString when isId => largeIntegerToString.ToLong()?.ToString() ?? "n.a.", IAdsLargeInteger largeIntegerToString => largeIntegerToString.ToDateTimeOffset()?.ToString() ?? "empty", IADsSecurityDescriptor securityDescriptor => $"{securityDescriptor.Group}-{securityDescriptor.Owner}", object[] objects => string.Join(",", objects.Select(o => o.ToString())), byte[] bytes => string.Join(",", bytes), _ => value.ToString(), });