private bool IsMatch(string trustee, string requestor, string domainName, AccessControlType aceType = AccessControlType.Allow)
{
var user = directory.GetUser(requestor);
var p = directory.GetPrincipal(trustee);
DiscretionaryAcl dacl = new DiscretionaryAcl(false, false, 1);
dacl.AddAccess(aceType, p.Sid, (int)AccessMask.Jit, InheritanceFlags.None, PropagationFlags.None);
CommonSecurityDescriptor sd = new CommonSecurityDescriptor(false, false, ControlFlags.DiscretionaryAclPresent, new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), null, null, dacl);
string serverName;
if (domainName == null)
{
serverName = discoveryServices.GetDomainController(discoveryServices.GetDomainNameDns(p.Sid));
}
else
{
serverName = discoveryServices.GetDomainController(domainName);
}
using AuthorizationContext c = new AuthorizationContext(user.Sid, serverName);
return(c.AccessCheck(sd, (int)AccessMask.Jit));
}
public void AddGroupMemberToTtlGroup()
{
string groupName = TestContext.CurrentContext.Random.GetString(10, "abcdefghijklmnop");
string dc = discoveryServices.GetDomainController(C.DevLocal);
this.directory.CreateTtlGroup(groupName, groupName, "TTL test group 2", C.AmsTesting_DevDN, dc, TimeSpan.FromMinutes(1), GroupType.DomainLocal, true);
Thread.Sleep(20000);
IGroup group = this.directory.GetGroup($"{C.Dev}\\{groupName}");
ISecurityPrincipal user = this.directory.GetUser(C.DEV_User1);
group.AddMember(user);
CollectionAssert.Contains(group.GetMemberDNs(), user.DistinguishedName);
this.directory.DeleteGroup($"{C.Dev}\\{groupName}");
}