public static bool CheckForSidInToken(SecurityIdentifier principalSid, SecurityIdentifier sidToCheck, SecurityIdentifier requestContext = null)
{
if (principalSid == null)
{
throw new ArgumentNullException(nameof(principalSid));
}
if (sidToCheck == null)
{
throw new ArgumentNullException(nameof(sidToCheck));
}
if (principalSid == sidToCheck)
{
return(true);
}
string server;
if (requestContext == null || requestContext.IsEqualDomainSid(NativeMethods.CurrentDomainSid))
{
server = null;
}
else
{
string dnsDomain = NativeMethods.GetDnsDomainNameFromSid(requestContext.AccountDomainSid);
server = NativeMethods.GetDomainControllerForDnsDomain(dnsDomain);
}
using AuthorizationContext context = new AuthorizationContext(principalSid, server);
return(context.ContainsSid(sidToCheck));
}
private IEnumerable <SecurityIdentifier> GetTokenGroups(SecurityIdentifier principalSid, SecurityIdentifier requestContext = null)
{
if (principalSid == null)
{
throw new ArgumentNullException(nameof(principalSid));
}
if (requestContext == null || requestContext.IsEqualDomainSid(CurrentDomainSid))
{
using (AuthorizationContext context = new AuthorizationContext(principalSid))
{
return(context.GetTokenGroups().ToList()); // Force the enumeration now before the context goes out of scope
}
}
else
{
string dnsDomain = discoveryServices.GetDomainNameDns(requestContext.AccountDomainSid);
return(this.discoveryServices.Find2012DcAndExecuteWithRetry(dnsDomain, dc =>
{
using (AuthorizationContext context = new AuthorizationContext(principalSid, dc))
{
return context.GetTokenGroups().ToList(); // Force the enumeration now before the context goes out of scope
}
}));
}
}
/// <summary>
/// Determines if sid is for local account
/// </summary>
/// <param name="sid"></param>
/// <returns>Returns true if the account is local admin</returns>
public static bool IsLocalAccount(SecurityIdentifier sid)
{
// Nobody should call this method with a null sid.
Debug.Assert(sid != null);
if (sid == null)
{
throw new ArgumentNullException("sid");
}
return(sid.IsEqualDomainSid(UserAccountHelper.LocalAdminDomainSid));
}
public static IEnumerable <SecurityIdentifier> GetTokenGroups(SecurityIdentifier principalSid, SecurityIdentifier requestContext = null)
{
if (principalSid == null)
{
throw new ArgumentNullException(nameof(principalSid));
}
string server;
if (requestContext == null || requestContext.IsEqualDomainSid(NativeMethods.CurrentDomainSid))
{
server = null;
}
else
{
string dnsDomain = NativeMethods.GetDnsDomainNameFromSid(requestContext.AccountDomainSid);
server = NativeMethods.GetDomainControllerForDnsDomain(dnsDomain);
}
using AuthorizationContext context = new AuthorizationContext(principalSid, server);
return(context.GetTokenGroups().ToList()); // Force the enumeration now before the context goes out of scope
}
private bool CheckForSidInToken(SecurityIdentifier principalSid, SecurityIdentifier sidToCheck, SecurityIdentifier requestContext = null)
{
if (principalSid == null)
{
throw new ArgumentNullException(nameof(principalSid));
}
if (sidToCheck == null)
{
throw new ArgumentNullException(nameof(sidToCheck));
}
if (principalSid == sidToCheck)
{
return(true);
}
if (requestContext == null || requestContext.IsEqualDomainSid(CurrentDomainSid))
{
using (AuthorizationContext context = new AuthorizationContext(principalSid))
{
return(context.ContainsSid(sidToCheck));
}
}
else
{
string dnsDomain = discoveryServices.GetDomainNameDns(requestContext.AccountDomainSid);
return(this.discoveryServices.Find2012DcAndExecuteWithRetry(dnsDomain, dc =>
{
using (AuthorizationContext context = new AuthorizationContext(principalSid, dc))
{
return context.ContainsSid(sidToCheck);
}
}));
}
}
private void ValidateMembersParameter()
{
bool flag;
if (!this._isMembersValidated)
{
object item = this._cmdletParameters["Members"];
ADPrincipal[] aDPrincipalArray = item as ADPrincipal[];
if (aDPrincipalArray == null)
{
ADPrincipal aDPrincipal = item as ADPrincipal;
if (aDPrincipal != null)
{
ADPrincipal[] aDPrincipalArray1 = new ADPrincipal[1];
aDPrincipalArray1[0] = aDPrincipal;
aDPrincipalArray = aDPrincipalArray1;
}
}
if (aDPrincipalArray != null)
{
List <string> strs = new List <string>();
Hashtable hashtables = new Hashtable();
ADPrincipalFactory <ADPrincipal> aDPrincipalFactory = new ADPrincipalFactory <ADPrincipal>();
CmdletSessionInfo cmdletSessionInfo = base.GetCmdletSessionInfo();
aDPrincipalFactory.SetCmdletSessionInfo(cmdletSessionInfo);
if (cmdletSessionInfo.ConnectedADServerType != ADServerType.ADDS)
{
flag = false;
}
else
{
flag = this._operationType == SetADGroupMemberOperationType.RemoveGroupMember;
}
bool flag1 = flag;
Dictionary <SecurityIdentifier, string> securityIdentifiers = new Dictionary <SecurityIdentifier, string>();
IADOPathNode aDOPathNode = null;
SecurityIdentifier value = null;
if (flag1)
{
ADGroup aDGroup = (ADGroup)this._cmdletParameters["Identity"];
if (!aDGroup.IsSearchResult)
{
ADObject directoryObjectFromIdentity = aDPrincipalFactory.GetDirectoryObjectFromIdentity(aDGroup, cmdletSessionInfo.DefaultPartitionPath);
value = (SecurityIdentifier)directoryObjectFromIdentity["objectSid"].Value;
}
else
{
value = aDGroup.SID;
}
}
ADPrincipal[] aDPrincipalArray2 = aDPrincipalArray;
for (int i = 0; i < (int)aDPrincipalArray2.Length; i++)
{
ADPrincipal aDPrincipal1 = aDPrincipalArray2[i];
SecurityIdentifier sID = null;
string distinguishedName = null;
try
{
if (!aDPrincipal1.IsSearchResult)
{
ADObject aDObject = aDPrincipalFactory.GetDirectoryObjectFromIdentity(aDPrincipal1, cmdletSessionInfo.DefaultPartitionPath);
sID = (SecurityIdentifier)aDObject["objectSid"].Value;
distinguishedName = (string)aDObject["distinguishedName"].Value;
}
else
{
sID = aDPrincipal1.SID;
distinguishedName = aDPrincipal1.DistinguishedName;
}
if (distinguishedName != null)
{
if (sID == null)
{
object[] objArray = new object[2];
objArray[0] = "objectSid";
objArray[1] = distinguishedName;
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.AttributeNotFoundOnObject, objArray));
}
}
else
{
object[] identifyingString = new object[2];
identifyingString[0] = "distinguishedName";
identifyingString[1] = aDPrincipal1.IdentifyingString;
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.AttributeNotFoundOnObject, identifyingString));
}
}
catch (ADIdentityNotFoundException aDIdentityNotFoundException1)
{
ADIdentityNotFoundException aDIdentityNotFoundException = aDIdentityNotFoundException1;
DebugLogger.LogError("SetADGroupMember", aDIdentityNotFoundException.ToString());
base.ThrowTerminatingError(new ErrorRecord(aDIdentityNotFoundException, "SetADGroupMember.ValidateMembersParameter", ErrorCategory.ObjectNotFound, aDPrincipal1));
}
catch (ArgumentException argumentException1)
{
ArgumentException argumentException = argumentException1;
DebugLogger.LogError("SetADGroupMember", argumentException.ToString());
base.ThrowTerminatingError(new ErrorRecord(argumentException, "SetADGroupMember.ValidateMembersParameter", ErrorCategory.ReadError, aDPrincipal1));
}
if (!flag1 || value.IsEqualDomainSid(sID))
{
strs.Add(Utils.ConvertSIDToStringizedSid(sID));
}
else
{
IADOPathNode aDOPathNode1 = ADOPathUtil.CreateFilterClause(ADOperator.Eq, "objectSid", sID);
if (aDOPathNode != null)
{
IADOPathNode[] aDOPathNodeArray = new IADOPathNode[2];
aDOPathNodeArray[0] = aDOPathNode;
aDOPathNodeArray[1] = aDOPathNode1;
aDOPathNode = ADOPathUtil.CreateOrClause(aDOPathNodeArray);
}
else
{
aDOPathNode = aDOPathNode1;
}
securityIdentifiers.Add(sID, distinguishedName);
}
}
if (aDOPathNode != null)
{
using (ADObjectSearcher aDObjectSearcher = new ADObjectSearcher(this.GetSessionInfo()))
{
IADOPathNode aDOPathNode2 = ADOPathUtil.CreateFilterClause(ADOperator.Eq, "objectClass", "foreignSecurityPrincipal");
aDObjectSearcher.SearchRoot = this.GetRootDSE().DefaultNamingContext;
IADOPathNode[] aDOPathNodeArray1 = new IADOPathNode[2];
aDOPathNodeArray1[0] = aDOPathNode2;
aDOPathNodeArray1[1] = aDOPathNode;
aDObjectSearcher.Filter = ADOPathUtil.CreateAndClause(aDOPathNodeArray1);
aDObjectSearcher.Properties.Add("objectSid");
foreach (ADObject aDObject1 in aDObjectSearcher.FindAll())
{
SecurityIdentifier securityIdentifier = (SecurityIdentifier)aDObject1["objectSid"].Value;
if (!securityIdentifiers.ContainsKey(securityIdentifier))
{
continue;
}
strs.Add(Utils.ConvertSIDToStringizedSid(securityIdentifier));
securityIdentifiers.Remove(securityIdentifier);
}
foreach (string str in securityIdentifiers.Values)
{
strs.Add(str);
}
}
}
if (this._operationType != SetADGroupMemberOperationType.AddGroupMember)
{
if (this._operationType == SetADGroupMemberOperationType.RemoveGroupMember)
{
hashtables.Add(PropertyModifyOp.Remove.ToString(), strs.ToArray());
}
}
else
{
hashtables.Add(PropertyModifyOp.Add.ToString(), strs.ToArray());
}
this._cmdletParameters.RemoveParameter("Members");
this._cmdletParameters["Members"] = new ADMultivalueHashtableParameter <string>(hashtables);
this._isMembersValidated = true;
}
return;
}
else
{
return;
}
}