コード例 #1
0
        private static QueryFilter GenerateTargetFilterForUserAndNonDomainLocalGroup(MultiValuedProperty <SecurityPrincipalType> types)
        {
            List <CompositeFilter> list = new List <CompositeFilter>();

            foreach (SecurityPrincipalType securityPrincipalType in types)
            {
                CompositeFilter compositeFilter = null;
                switch (securityPrincipalType)
                {
                case SecurityPrincipalType.User:
                    compositeFilter = new AndFilter(new QueryFilter[]
                    {
                        new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.ObjectCategory, ADUser.ObjectCategoryNameInternal),
                        ADObject.ObjectClassFilter(ADUser.MostDerivedClass, true)
                    });
                    break;

                case SecurityPrincipalType.Group:
                    compositeFilter = new AndFilter(new QueryFilter[]
                    {
                        new ComparisonFilter(ComparisonOperator.Equal, ADObjectSchema.ObjectCategory, ADGroup.MostDerivedClass),
                        new BitMaskOrFilter(ADGroupSchema.GroupType, (ulong)int.MinValue),
                        new NotFilter(new BitMaskAndFilter(ADGroupSchema.GroupType, 4UL))
                    });
                    break;

                case SecurityPrincipalType.UniversalSecurityGroup:
                    if (!types.Contains(SecurityPrincipalType.Group))
                    {
                        compositeFilter = ExtendedSecurityPrincipalSearchHelper.GenerateTargetFilterForSecurityGroup(GroupTypeFlags.Universal);
                    }
                    break;

                case SecurityPrincipalType.GlobalSecurityGroup:
                    if (!types.Contains(SecurityPrincipalType.Group))
                    {
                        compositeFilter = ExtendedSecurityPrincipalSearchHelper.GenerateTargetFilterForSecurityGroup(GroupTypeFlags.Global);
                    }
                    break;
                }
                if (compositeFilter != null)
                {
                    if (Datacenter.IsMicrosoftHostedOnly(true) && (securityPrincipalType == SecurityPrincipalType.Group || securityPrincipalType == SecurityPrincipalType.UniversalSecurityGroup))
                    {
                        compositeFilter = new AndFilter(new QueryFilter[]
                        {
                            compositeFilter,
                            new OrFilter(new QueryFilter[]
                            {
                                new NotFilter(new BitMaskAndFilter(ADGroupSchema.GroupType, 8UL)),
                                new AndFilter(new QueryFilter[]
                                {
                                    new BitMaskAndFilter(ADGroupSchema.GroupType, 8UL),
                                    new OrFilter(new QueryFilter[]
                                    {
                                        new ExistsFilter(ADRecipientSchema.Alias),
                                        Filters.GetRecipientTypeDetailsFilterOptimization(RecipientTypeDetails.RoleGroup)
                                    })
                                })
                            })
                        });
                    }
                    list.Add(compositeFilter);
                }
            }
            return(new OrFilter(list.ToArray()));
        }
コード例 #2
0
        internal static IEnumerable <ExtendedSecurityPrincipal> PerformSearch(ExtendedSecurityPrincipalSearcher searcher, IConfigDataProvider session, ADObjectId rootId, ADObjectId includeDomailLocalFrom, MultiValuedProperty <SecurityPrincipalType> types)
        {
            if (types.Contains(SecurityPrincipalType.WellknownSecurityPrincipal))
            {
                IRecipientSession     dataSession     = (IRecipientSession)session;
                ADSessionSettings     sessionSettings = ADSessionSettings.FromRootOrgScopeSet();
                IConfigurationSession configSession;
                if (dataSession.ConfigScope == ConfigScopes.TenantSubTree)
                {
                    configSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(dataSession.DomainController, dataSession.ReadOnly, dataSession.ConsistencyMode, dataSession.NetworkCredential, sessionSettings, dataSession.ConfigScope, 60, "PerformSearch", "f:\\15.00.1497\\sources\\dev\\data\\src\\directory\\Management\\ExtendedSecurityPrincipalSearchHelper.cs");
                }
                else
                {
                    configSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(dataSession.DomainController, dataSession.ReadOnly, dataSession.ConsistencyMode, dataSession.NetworkCredential, sessionSettings, 70, "PerformSearch", "f:\\15.00.1497\\sources\\dev\\data\\src\\directory\\Management\\ExtendedSecurityPrincipalSearchHelper.cs");
                }
                foreach (ExtendedSecurityPrincipal wellknown in searcher(configSession, null, ExtendedSecurityPrincipalSearchHelper.GenerateTargetFilterForWellknownSecurityPrincipal()))
                {
                    yield return(wellknown);
                }
            }
            IRecipientSession recipientSession = (IRecipientSession)session;

            if (types.Contains(SecurityPrincipalType.GlobalSecurityGroup) || types.Contains(SecurityPrincipalType.UniversalSecurityGroup) || types.Contains(SecurityPrincipalType.User) || types.Contains(SecurityPrincipalType.Group))
            {
                recipientSession.UseGlobalCatalog = (rootId == null);
                foreach (ExtendedSecurityPrincipal recipient in searcher(recipientSession, rootId, ExtendedSecurityPrincipalSearchHelper.GenerateTargetFilterForUserAndNonDomainLocalGroup(types)))
                {
                    yield return(recipient);
                }
            }
            if (includeDomailLocalFrom != null)
            {
                recipientSession.UseGlobalCatalog = false;
                ADObjectId searchRoot = null;
                if (rootId == null || includeDomailLocalFrom.IsDescendantOf(rootId))
                {
                    searchRoot = includeDomailLocalFrom;
                }
                else if (rootId.DomainId.Equals(includeDomailLocalFrom))
                {
                    searchRoot = rootId;
                }
                if (searchRoot != null)
                {
                    foreach (ExtendedSecurityPrincipal group in searcher(recipientSession, searchRoot, ExtendedSecurityPrincipalSearchHelper.GenerateTargetFilterForSecurityGroup(GroupTypeFlags.DomainLocal)))
                    {
                        yield return(group);
                    }
                }
            }
            yield break;
        }