コード例 #1
0
        /// <summary>
        /// Get all NCs in the forest.
        /// </summary>
        /// <param name="dc">The DC in the forest.</param>
        /// <returns>All NC DNs in the forest.</returns>
        public string[] ListNCs(DsServer dc)
        {
            RootDSE rootDse     = LdapUtility.GetRootDSE(dc);
            string  partitionDn = "CN=Partitions," + rootDse.configurationNamingContext;
            SearchResultEntryCollection results = null;

            ResultCode re = LdapUtility.Search(
                dc,
                partitionDn,
                "(objectClass=crossRef)",
                System.DirectoryServices.Protocols.SearchScope.Subtree,
                new string[] { "nCName" },
                out results);

            if (re != ResultCode.Success)
            {
                return(null);
            }

            List <string> ncs = new List <string>();

            foreach (SearchResultEntry e in results)
            {
                DirectoryAttribute attr = e.Attributes["nCName"];
                string             dn   = (string)attr[0];
                ncs.Add(dn);
            }

            return(ncs.ToArray());
        }
コード例 #2
0
        public void DRSR_DRSCloneDC_V1_Success()
        {
            DrsrTestChecker.Check();
            DsServer        svr            = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
            AddObjectUpdate machineAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
                                                                 svr.ComputerObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName));

            updateStorage.PushUpdate(machineAccount);

            AddObjectUpdate ntdsContainerAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
                                                                       "CN=" + EnvironmentConfig.ClonedDCNetbiosName + "," + DrsrHelper.GetParentDNFromChildDN(DrsrHelper.GetParentDNFromChildDN(svr.NtdsDsaObjectName)));

            updateStorage.PushUpdate(ntdsContainerAccount);


            AddObjectUpdate ntdsAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
                                                              svr.NtdsDsaObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName));

            updateStorage.PushUpdate(ntdsAccount);

            BaseTestSite.Assert.IsTrue(ldapAdapter.GrantControlAccess(svr,
                                                                      EnvironmentConfig.UserStore[EnvironmentConfig.User.MainDCAccount],
                                                                      svr.Domain.Name,
                                                                      System.DirectoryServices.ActiveDirectoryRights.ExtendedRight,
                                                                      System.Security.AccessControl.AccessControlType.Allow,
                                                                      DRSConstants.ExtendRights.DSCloneDomainController),
                                       "Grant control access to clone DC firstly");


            drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.MainDCAccount, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            drsTestClient.DrsAddCloneDC(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.ClonedDCNetbiosName, svr.Site.CN);
        }
コード例 #3
0
        /// <summary>
        /// Get all site objects in the forest where the DC is located.
        /// </summary>
        /// <param name="dc">The DC in the forest.</param>
        /// <returns>All site objects in the forest.</returns>
        public DsSite[] ListSites(DsServer dc)
        {
            RootDSE rootDse = LdapUtility.GetRootDSE(dc);
            // Forest, so start with the root of config nc
            string siteRoot = "CN=Sites," + rootDse.configurationNamingContext;

            SearchResultEntryCollection results = null;
            ResultCode ret = Search(
                dc,
                siteRoot,
                "(objectClass=site)",
                System.DirectoryServices.Protocols.SearchScope.OneLevel,
                null,
                out results
                );

            List <DsSite> sites = new List <DsSite>();

            foreach (SearchResultEntry site in results)
            {
                string dn = site.DistinguishedName;
                sites.Add(GetSite(dc, dn));
            }

            return(sites.ToArray());
        }
コード例 #4
0
        public static string GetDnFromNcType(DsServer srv, NamingContext ncType)
        {
            string  baseDn  = "";
            RootDSE rootDse = LdapUtility.GetRootDSE(srv);

            switch (ncType)
            {
            case NamingContext.DomainNC:
                baseDn = rootDse.defaultNamingContext;
                break;

            case NamingContext.ConfigNC:
                baseDn = rootDse.configurationNamingContext;
                break;

            case NamingContext.SchemaNC:
                baseDn = rootDse.schemaNamingContext;
                break;

            default:
                throw new NotImplementedException();
                //break;
            }
            return(baseDn);
        }
コード例 #5
0
        bool IsObjectReplicated(DsServer orig, DsServer dest, NamingContext ncType, string objectDn)
        {
            // FIXME: likezh-11-06-2013:
            //      Correct me if this is wrong, but it seems to be working quite well...
            //
            // The property is replicated if it meets:
            //      - The originating USN of the property in orig is less or equal to the one in dest

            // First get the UTD in dest
            UPTODATE_VECTOR_V1_EXT utdVectorDest = ldapAdapter.GetReplUTD(dest, ncType);

            // No way to get the object metadata (ENTINF) thru LDAP, so try uSNChanged of the object instead.
            uint usnChanged = Convert.ToUInt32(ldapAdapter.GetAttributeValueInString(orig, objectDn, "uSNChanged"));

            for (int i = 0; i < utdVectorDest.cNumCursors; ++i)
            {
                UPTODATE_CURSOR_V1 cursor = utdVectorDest.rgCursors[i];
                if (cursor.uuidDsa == orig.InvocationId)
                {
                    long usnHigh = cursor.usnHighPropUpdate;
                    BaseTestSite.Log.Add(LogEntryKind.Comment, "{0} - usnHigh: {1}, usnChanged: {2}", objectDn, usnHigh, usnChanged);
                    if (usnHigh >= usnChanged)
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
コード例 #6
0
        /// <summary>
        /// Get all domains in the forest.
        /// </summary>
        /// <param name="dc">The DC in the forest.</param>
        /// <returns>All domain objects in the forest.</returns>
        public DsDomain[] ListDomains(DsServer dc)
        {
            RootDSE rootDse     = LdapUtility.GetRootDSE(dc);
            string  partitionDn = "CN=Partitions," + rootDse.configurationNamingContext;
            SearchResultEntryCollection results = null;

            ResultCode re = LdapUtility.Search(
                dc,
                partitionDn,
                "(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.804:=2))",
                System.DirectoryServices.Protocols.SearchScope.Subtree,
                new string[] { "nCName" },
                out results);

            if (re != ResultCode.Success)
            {
                return(null);
            }

            List <DsDomain> domains = new List <DsDomain>();

            foreach (SearchResultEntry e in results)
            {
                DirectoryAttribute attr   = e.Attributes["nCName"];
                string             dn     = (string)attr[0];
                DsDomain           domain = new AddsDomain();
                domain.Name = dn;
                domains.Add(domain);
            }

            return(domains.ToArray());
        }
コード例 #7
0
        /// <summary>
        /// Get all DCs in a given site.
        /// </summary>
        /// <param name="dc">The DC to talk to.</param>
        /// <param name="siteDn">The site to query servers from.</param>
        /// <returns>All servers in the site.</returns>
        public DsServer[] ListServersWithDcsInSite(DsServer dc, string siteDn)
        {
            SearchResultEntryCollection results = null;

            ResultCode re = Search(
                dc,
                siteDn,
                "(&(objectClass=nTDSDSA)(msDS-hasMasterNCs=*))",
                System.DirectoryServices.Protocols.SearchScope.Subtree,
                new string[] { "distinguishedName" },
                out results);

            if (re != ResultCode.Success)
            {
                return(null);
            }

            List <DsServer> servers = new List <DsServer>();

            foreach (SearchResultEntry e in results)
            {
                DirectoryAttribute attr = e.Attributes["distinguishedName"];
                string             dn   = (string)attr[0];
                DsServer           srv  = new DsServer();
                // We need the server DN, not its NTDS DSA object DN.
                srv.ServerObjectName  = GetParentObjectDn(dn);
                srv.NtdsDsaObjectName = dn;
                servers.Add(srv);
            }

            return(servers.ToArray());
        }
コード例 #8
0
        public static ResultCode Search(
            DsServer dc,
            string baseDn,
            string ldapFilter,
            System.DirectoryServices.Protocols.SearchScope searchScope,
            string[] attributesToReturn,
            out SearchResultEntryCollection results
            )
        {
            SearchResponse response = null;

            try
            {
                SearchRequest request = new SearchRequest(
                    baseDn,
                    ldapFilter,
                    searchScope,
                    attributesToReturn
                    );
                response = (SearchResponse)dc.LdapConn.SendRequest(request);
            }
            catch (DirectoryOperationException e)
            {
                results = null;
                return(e.Response.ResultCode);
            }
            results = response.Entries;
            return(response.ResultCode);
        }
コード例 #9
0
        public static DSNAME?GetPrimaryGroup(
            DsServer dc,
            string name,
            string baseDn)
        {
            // Construct a primary group SID
            int primaryGroupId = Convert.ToInt32(GetAttributeValueInString(dc, name, "primaryGroupID"));

            byte[] userSid = GetAttributeValueInBytes(dc, name, "objectSid");

            StringBuilder escapedGroupSid = new StringBuilder();

            for (uint i = 0; i < userSid.Length - 4; ++i)
            {
                escapedGroupSid.AppendFormat(@"\{0:x2}", userSid[i]);
            }

            for (uint i = 0; i < 4; ++i)
            {
                escapedGroupSid.AppendFormat(@"\{0:x2}", (primaryGroupId & 0xff));
                primaryGroupId >>= 8;
            }

            string tfilter = "(&(objectClass=group)(objectSid=" + escapedGroupSid.ToString() + "))";
            string dn      = GetAttributeValueInString(dc, baseDn, "distinguishedName", tfilter, System.DirectoryServices.Protocols.SearchScope.Subtree);

            return(CreateDSNameForObject(dc, dn));
        }
コード例 #10
0
        public void DRSR_DRSReadNgcKey_V1_Success()
        {
            DrsrTestChecker.Check();
            EnvironmentConfig.Machine dcServer = EnvironmentConfig.Machine.WritableDC1;
            DsServer dcServerMachine           = (DsServer)EnvironmentConfig.MachineStore[dcServer];
            uint?    outVersion;
            DRS_MSG_READNGCKEYREPLY?outMessage;

            string          newObjDN  = ldapAdapter.TestAddComputerObj(dcServerMachine);
            AddObjectUpdate addUpdate = new AddObjectUpdate(dcServer, newObjDN);

            updateStorage.PushUpdate(addUpdate);

            string     ngcKey = newObjDN;
            ResultCode r      = ldapAdapter.SetNgcKey(dcServerMachine, newObjDN, ngcKey);

            BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, r, "IDL_DRSReadNgcKey: modify the msDS-KeyCredentialLink of " + newObjDN);

            BaseTestSite.Log.Add(LogEntryKind.Comment, "IDL_DRSBind: Binding to DC server: {0}", dcServer);
            uint ret = drsTestClient.DrsBind(dcServer, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);

            BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSBind: Checking return value - got: {0}, expect: 0, should return 0 with a success bind to DC", ret);

            ret = drsTestClient.DrsReadNgcKey(dcServer, (uint)1, newObjDN, out outVersion, out outMessage);
            BaseTestSite.Assert.AreEqual <uint>(0, ret, "IDL_DRSReadNgcKey: Checking return value - got: {0}, expect: 0, should return 0 if successful.", ret);

            string readNgcKey = Encoding.Unicode.GetString(outMessage.Value.V1.pNgcKey);

            BaseTestSite.Assert.AreEqual <string>(ngcKey, readNgcKey, "IDL_DRSReadNgcKey: Checking Ngc Key on an object - got: {0}, expect: {1}", readNgcKey, ngcKey);
        }
コード例 #11
0
        public static LdapConnection CreateConnection(
            string hostDnsName,
            DsUser user,
            ref DsServer srv,
            bool forceCreate  = false,
            AuthType authType = AuthType.Kerberos)
        {
            if (!forceCreate && srv.LdapConn != null)
            {
                // If there is an active connection, return it.
                return(srv.LdapConn);
            }

            LdapConnection conn = new LdapConnection(hostDnsName);

            if (authType == AuthType.Basic)
            {
                conn.AuthType   = AuthType.Basic;
                conn.Credential = new NetworkCredential(user.Domain.NetbiosName + "\\" + user.Username, user.Password /*, user.Domain.Name*/);
            }
            else
            {
                conn.Credential = new NetworkCredential(user.Username, user.Password, user.Domain.DNSName);
            }
            conn.Timeout = new TimeSpan(0, 5, 0);
            // Bind the connection to the server
            conn.Bind();
            srv.LdapConn = conn;
            return(conn);
        }
コード例 #12
0
        public static string[] GetAttributeValuesString(
            DsServer dc, string dn, string attributeName,
            string ldapFilter = "(objectClass=*)",
            System.DirectoryServices.Protocols.SearchScope searchScope
            = System.DirectoryServices.Protocols.SearchScope.Base)
        {
            SearchResultEntryCollection results = null;
            ResultCode ret = Search(
                dc,
                dn,
                ldapFilter,
                searchScope,
                new string[] { attributeName },
                out results);

            if (ret != ResultCode.Success)
            {
                return(null);
            }

            foreach (SearchResultEntry e in results)
            {
                DirectoryAttribute attr = e.Attributes[attributeName];
                if (attr == null)
                {
                    return(null);
                }
                else
                {
                    return((string[])attr.GetValues(typeof(string)));
                }
            }

            return(null);
        }
コード例 #13
0
        /// <summary>
        /// try delete object
        /// </summary>
        /// <returns></returns>
        bool op()
        {
            DsServer dc = (DsServer)EnvironmentConfig.MachineStore[dsServerType];

            if (!LdapUtility.IsObjectExist(dc, objectDN))
            {
                return(true);
            }

            for (int i = 0; i < 2; i++)
            {
                try
                {
                    System.DirectoryServices.Protocols.ResultCode rCode = ldapAdapter.DeleteObject(dc, objectDN);
                    if (rCode == System.DirectoryServices.Protocols.ResultCode.Success)
                    {
                        return(true);
                    }
                }
                catch
                {
                    System.Threading.Thread.Sleep(1000);
                }
            }
            return(false);
        }
コード例 #14
0
 string DomainNetBIOSNameFromDomain(DsServer dc, DSNAME domainNc)
 {
     return(((string)GetAttributeValue(
                 dc,
                 LdapUtility.ConvertUshortArrayToString(domainNc.StringName),
                 "name")).ToUpper());
 }
コード例 #15
0
        public DSNAME GetObjectNC(DsServer dc, DSNAME obj)
        {
            RootDSE rootDse = LdapUtility.GetRootDSE(dc);

            string dn = LdapUtility.ConvertUshortArrayToString(obj.StringName);

            string ncDn = "";

            // there might be spaces between each RDN of the dn.
            dn = TrimDn(dn);

            // default first
            if (rootDse.defaultNamingContext != null)
            {
                // AD LDS doesn't have default NC
                if (dn.Contains(rootDse.defaultNamingContext))
                {
                    ncDn = rootDse.defaultNamingContext;
                }
            }

            if (dn.Contains(rootDse.configurationNamingContext))
            {
                ncDn = rootDse.configurationNamingContext;
            }

            if (dn.Contains(rootDse.schemaNamingContext))
            {
                ncDn = rootDse.schemaNamingContext;
            }

            return(LdapUtility.CreateDSNameForObject(dc, ncDn));
        }
コード例 #16
0
        /// <summary>
        /// Travel down the base DN to find the object DN matching a given filter.
        /// </summary>
        /// <param name="srv">The DC the LDAP connection is connected to.</param>
        /// <param name="baseDn">The base DN.</param>
        /// <param name="filter">LDAP filter string.</param>
        /// <returns>An object DN matching the filter. This DN must be a part of the base DN.</returns>
        public static string FindObjectNameWithFilter(DsServer srv, string baseDn, string filter)
        {
            string[] rDns = baseDn.Split(',');
            if (rDns.Length <= 1)
            {
                return(null);
            }

            for (int i = 0; i < rDns.Length; ++i)
            {
                string newDn = "";
                for (int j = i; j < rDns.Length - 1; ++j)
                {
                    newDn += (rDns[j] + ", ");
                }
                newDn += rDns[rDns.Length - 1];

                string name = GetAttributeValueInString(
                    srv,
                    newDn,
                    "distinguishedName",
                    filter,
                    System.DirectoryServices.Protocols.SearchScope.Base);
                if (name != null)
                {
                    return(newDn);
                }
            }

            return(null);
        }
コード例 #17
0
        DS_NAME_RESULT_ITEMW LookupUnknownName(DsServer dc, uint flags, uint formatDesired, string name)
        {
            DS_NAME_RESULT_ITEMW result = new DS_NAME_RESULT_ITEMW();

            uint[] formatOrder = new uint[] {
                (uint)DS_NAME_FORMAT.DS_FQDN_1779_NAME,
                (uint)DS_NAME_FORMAT.DS_USER_PRINCIPAL_NAME,
                (uint)DS_NAME_FORMAT.DS_NT4_ACCOUNT_NAME,
                (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME,
                (uint)DS_NAME_FORMAT.DS_UNIQUE_ID_NAME,
                (uint)DS_NAME_FORMAT.DS_DISPLAY_NAME,
                (uint)DS_NAME_FORMAT.DS_SERVICE_PRINCIPAL_NAME,
                (uint)DS_NAME_FORMAT.DS_SID_OR_SID_HISTORY_NAME,
                (uint)DS_NAME_FORMAT.DS_CANONICAL_NAME_EX
            };

            foreach (uint format in formatOrder)
            {
                result = LookupNames(dc, flags, format, formatDesired, name);
                if (result.status != DS_NAME_ERROR.DS_NAME_ERROR_NOT_FOUND)
                {
                    return(result);
                }
            }

            return(result);
        }
コード例 #18
0
        string GetCanonicalName(DsServer dc, DSNAME obj, bool extended)
        {
            string result;
            string dn = LdapUtility.ConvertUshortArrayToString(obj.StringName);

            //if (GetObjectNC(dc, obj).Guid == obj.Guid)
            if (RetrieveDCSuffixFromDn(dn) == dn)
            {
                return(DomainDNSNameFromDomain(dc, obj));
            }


            DSNAME parentObj = GetDsName(dc, GetParentObjectDn(dn)).Value;

            result = GetCanonicalName(dc, parentObj, false);
            if (extended == true)
            {
                result = result + "\n";
            }
            else
            {
                result = result + "/";
            }

            string name = (string)GetAttributeValue(dc, dn, "name");

            result = result + name;
            return(result);
        }
コード例 #19
0
        DSNAME[] LookupSID(DsServer dc, uint flags, NT4SID sid)
        {
            List <DSNAME>      rt    = new List <DSNAME>();
            SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);

            DSNAME[] rt1 = LookupAttr(dc, flags, "objectSid", secId.ToString());
            DSNAME[] rt2 = LookupAttr(dc, flags, "sIDHistory", secId.ToString());

            if (rt1 != null)
            {
                rt.AddRange(rt1);
            }
            if (rt2 != null)
            {
                rt.AddRange(rt2);
            }

            if (rt.Count > 0)
            {
                return(rt.ToArray());
            }
            else
            {
                return(null);
            }
        }
コード例 #20
0
        public static RootDSE GetRootDSE(DsServer srv)
        {
            string  rootDseDn = ""; // empty DN means rootDSE
            RootDSE rootDse   = new RootDSE();

            rootDse.defaultNamingContext       = GetAttributeValueInString(srv, rootDseDn, "defaultNamingContext");
            rootDse.configurationNamingContext = GetAttributeValueInString(srv, rootDseDn, "configurationNamingContext");
            rootDse.schemaNamingContext        = GetAttributeValueInString(srv, rootDseDn, "schemaNamingContext");
            rootDse.rootDomainNamingContext    = GetAttributeValueInString(srv, rootDseDn, "rootDomainNamingContext");

            rootDse.serverName  = GetAttributeValueInString(srv, rootDseDn, "serverName");
            rootDse.dnsHostName = GetAttributeValueInString(srv, rootDseDn, "dnsHostName");

            rootDse.domainControllerFunctionality = Convert.ToInt32(GetAttributeValueInString(srv, rootDseDn, "domainControllerFunctionality"));
            rootDse.domainFunctionality           = Convert.ToInt32(GetAttributeValueInString(srv, rootDseDn, "domainFunctionality"));
            rootDse.forestFunctionality           = Convert.ToInt32(GetAttributeValueInString(srv, rootDseDn, "forestFunctionality"));
            rootDse.dsServiceName = GetAttributeValueInString(srv, rootDseDn, "dsServiceName");

            string gcReady = GetAttributeValueInString(srv, rootDseDn, "isGlobalCatalogReady");

            if (gcReady == null || gcReady.ToUpper() != "TRUE")
            {
                rootDse.isGcReady = false;
            }
            else
            {
                rootDse.isGcReady = true;
            }

            return(rootDse);
        }
コード例 #21
0
        private void DRSReplicaSync_Invalid_Input_4(DrsReplicaSync_Versions dwInVersion)
        {
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
            /* comments from TD */

            /*
             *  if (DRS_SYNC_BYNAME in options and msgIn.pszDsaSrc = null)
             *      or (not DRS_SYNC_BYNAME in options and msgIn.uuidDsaSrc = null)
             *      or (not DRS_SYNC_BYNAME in options and msgIn.uuidDsaSrc = NULLGUID) then
             *    return ERROR_DS_DRA_INVALID_PARAMETER
             *  endif
             */

            /* Create request message */
            DRS_MSG_REPSYNC msgIn = new DRS_MSG_REPSYNC();
            // NC
            DsServer srv      = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
            RootDSE  rootDse  = LdapUtility.GetRootDSE(srv);
            DSNAME   ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext);

            switch (dwInVersion)
            {
            case DrsReplicaSync_Versions.V1:
                msgIn = drsTestClient.CreateDrsReplicaSyncV1Request();
                /* Setting param #1 */
                msgIn.V1.ulOptions = 0;
                /* Setting param #2 */
                msgIn.V1.uuidDsaSrc = Guid.Empty;
                msgIn.V1.pNC        = ncDsname;
                break;

            case DrsReplicaSync_Versions.V2:
                msgIn = drsTestClient.CreateDrsReplicaSyncV2Request();
                /* Setting param #1 */
                msgIn.V2.ulOptions = 0;
                /* Setting param #2 */
                msgIn.V2.uuidDsaSrc = Guid.Empty;
                msgIn.V2.pNC        = ncDsname;
                break;

            default:
                BaseTestSite.Assert.Fail("The version {0} is not supported.", dwInVersion);
                break;
            }

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsReplicaSync(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                (uint)dwInVersion,
                msgIn);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
                ret,
                "DrsReplicaSync: return code mismatch."
                );
        }
コード例 #22
0
        // <summary>
        // the function is used to create a DrsUpdateRef request
        // </summary>
        public DRS_MSG_UPDREFS CreateRequestForDrsUpdateRef(
            EnvironmentConfig.Machine machine,
            DsServer dest,
            DRS_OPTIONS options,
            NamingContext nc = NamingContext.ConfigNC)
        {
            string nc_name = null;
            Guid   nc_guid = Guid.Empty;
            string nc_sid  = null;
            DSNAME nc_obj;

            switch (nc)
            {
            case NamingContext.ConfigNC:
                nc_obj = dest.Domain.ConfigNC;
                break;

            case NamingContext.SchemaNC:
                nc_obj = dest.Domain.SchemaNC;
                break;

            case NamingContext.AppNC:
                if (EnvironmentConfig.TestDS)
                {
                    nc_obj = ((AddsDomain)dest.Domain).OtherNCs[0];
                }
                else
                {
                    nc_obj = ((AdldsDomain)dest.Domain).AppNCs[0];
                }
                break;

            case NamingContext.DomainNC:
                if (!EnvironmentConfig.TestDS)
                {
                    nc_obj = new DSNAME();
                }
                nc_obj = ((AddsDomain)dest.Domain).DomainNC;
                break;

            default:
                nc_obj = new DSNAME();
                break;
            }

            nc_name = LdapUtility.ConvertUshortArrayToString(nc_obj.StringName);
            nc_guid = nc_obj.Guid;
            nc_sid  = convertSidToString(nc_obj.Sid);

            DRS_MSG_UPDREFS?req = DRSClient.CreateUpdateRefsRequest(
                nc_name,
                nc_guid,
                nc_sid,
                dest.DsaNetworkAddress,
                dest.NtdsDsaObjectGuid,
                options);

            return((DRS_MSG_UPDREFS)req);
        }
コード例 #23
0
        string DomainNameFromSid(DsServer dc, NT4SID sid)
        {
            SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);

            RootDSE rootDse = LdapUtility.GetRootDSE(dc);

            return(DrsrHelper.GetFQDNFromDN(rootDse.defaultNamingContext));
        }
コード例 #24
0
        public void DRSR_DRSGetNCChanges_Access_Denied()
        {
            DrsrTestChecker.Check();
            uint ret = drsTestClient.DrsBind(
                EnvironmentConfig.Machine.WritableDC1,
                EnvironmentConfig.User.ParentDomainUser,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6);
            /* comments from TD */

            /*
             * if IsGetNCChangesPermissionGranted(msgIn) == FALSE then
             * return ERROR_DRA_ACCESS_DENIED
             * endif
             *
             */

            /* comments from likezh */

            /*
             * IsGetNCChangesPermissionGranted(msgIn) == FALSE
             */
            //throw new NotImplementedException();

            /* Create request message */
            DRS_MSG_GETCHGREQ msgIn = drsTestClient.CreateDrsGetNcChangesV8Request();

            uint dwInVersion  = 8;
            uint?dwOutVersion = 0;
            DRS_MSG_GETCHGREPLY?reply;
            /* Setting param #1 */
            /*msgIn.V8.pNC = DefaultNC()*/
            // NC
            DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];

            RootDSE rootDse  = LdapUtility.GetRootDSE(srv);
            DSNAME  ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext);

            msgIn.V8.pNC = ncDsname;
            if (EnvironmentConfig.TestDS == false)
            {
                // ADAM requires a DSA GUID
                msgIn.V8.uuidDsaObjDest = srv.NtdsDsaObjectGuid;
            }

            /* Issue the request */
            ret = drsTestClient.DRSClient.DrsGetNcChanges(
                EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
                dwInVersion,
                msgIn,
                out dwOutVersion,
                out reply);
            BaseTestSite.Assert.AreEqual <uint>(
                (uint)Win32ErrorCode_32.ERROR_DS_DRA_ACCESS_DENIED,
                ret,
                "DrsGetNcChanges: return code mismatch."
                );
        }
コード例 #25
0
        void VerifyCrackNamesMapSchemaGuid(
            DsServer dc,
            DRS_MSG_CRACKREQ req,
            DRS_MSG_CRACKREPLY?reply)
        {
            RootDSE rootDse       = LdapUtility.GetRootDSE(dc);
            Guid    guid          = new Guid(req.V1.rpNames[0]);
            string  schemaGuidStr = LdapUtility.GetBinaryString(guid.ToByteArray());

            string name = ldapAd.GetAttributeValueInString(
                dc,
                rootDse.schemaNamingContext,
                "lDAPDisplayName",
                "(schemaIDGUID=" + schemaGuidStr + ")",
                SearchScope.Subtree
                );

            testSite.Assert.IsTrue(
                name == reply.Value.V1.pResult[0].rItems[0].pName,
                "IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify schema name, expect:{0}, got{1}",
                name,
                reply.Value.V1.pResult[0].rItems[0].pName
                );

            string[] objClass = LdapUtility.GetAttributeValuesString(
                dc,
                rootDse.schemaNamingContext,
                "objectClass",
                "(schemaIDGUID=" + schemaGuidStr + ")",
                SearchScope.Subtree
                );

            string objLastClass = objClass[objClass.Length - 1];

            switch (objLastClass)
            {
            case "classSchema":
                testSite.Assert.IsTrue(
                    DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS == reply.Value.V1.pResult[0].rItems[0].status,
                    "IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}",
                    DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS,
                    reply.Value.V1.pResult[0].rItems[0].status
                    );
                break;

            case "attributeSchema":
                testSite.Assert.IsTrue(
                    DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_ATTR == reply.Value.V1.pResult[0].rItems[0].status,
                    "IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}",
                    DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS,
                    reply.Value.V1.pResult[0].rItems[0].status
                    );
                break;

            default:
                throw new NotImplementedException();
            }
        }
コード例 #26
0
        /// <summary>
        /// Returns true if the domain identified by sid is in a forest trusted by the caller's forest,
        /// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise.
        /// </summary>
        /// <param name="dc"></param>
        /// <param name="sid">The SID of a domain.</param>
        /// <returns></returns>
        static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid)
        {
            FOREST_TRUST_INFORMATION f;
            bool b;

            RootDSE rootDse = LdapUtility.GetRootDSE(dc);

            string[] tdos = LdapUtility.GetAttributeValuesString(
                dc,
                rootDse.rootDomainNamingContext,
                "distinguishedName",
                "(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
                System.DirectoryServices.Protocols.SearchScope.Subtree);

            foreach (string o in tdos)
            {
                byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
                if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
                {
                    return(false);
                }

                foreach (Record e in f.Records)
                {
                    if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo &&
                        (DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) &&
                        ((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0))
                    {
                        b = true;
                        foreach (Record g in f.Records)
                        {
                            if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx &&
                                (g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 &&
                                (
                                    ((RecordTopLevelName)g.ForestTrustData).TopLevelName
                                    == ((RecordDomainInfo)e.ForestTrustData).DnsName
                                    ||
                                    TrustInfo.IsSubdomainOf(
                                        ((RecordDomainInfo)e.ForestTrustData).DnsName,
                                        ((RecordTopLevelName)g.ForestTrustData).TopLevelName)
                                )
                                )
                            {
                                b = false;
                                break;
                            }
                        }

                        if (b)
                        {
                            return(true);
                        }
                    }
                }
            }
            return(false);
        }
コード例 #27
0
        public static DSNAME CreateDSNameForObject(DsServer srv, string dn)
        {
            // Get the GUID first
            Guid?guid = LdapUtility.GetObjectGuid(srv, dn);

            string sid = GetObjectStringSid(srv, dn);

            return(DrsuapiClient.CreateDsName(dn, guid.Value, sid));
        }
コード例 #28
0
 public static string GetObjectDnByGuid(DsServer dc, string baseDn, Guid guid)
 {
     return(GetAttributeValueInString(
                dc,
                baseDn,
                "distinguishedName",
                "(&(objectClass=*)(objectGuid=" + GetBinaryString(guid.ToByteArray()) + "))",
                System.DirectoryServices.Protocols.SearchScope.Subtree
                ));
 }
コード例 #29
0
 public static byte[][] GetAttributeValuesBytes(
     DsServer dc,
     string dn,
     string attributeName,
     string ldapFilter = "(objectClass=*)",
     System.DirectoryServices.Protocols.SearchScope searchScope
     = System.DirectoryServices.Protocols.SearchScope.Base)
 {
     return((byte[][])(GetAttributeValuesOfType(dc, dn, attributeName, ldapFilter, searchScope, typeof(byte[]))));
 }
コード例 #30
0
 public static string GetObjectDnBySid(DsServer dc, string baseDn, NT4SID sid)
 {
     return(GetAttributeValueInString(
                dc,
                baseDn,
                "distinguishedName",
                "(&(objectClass=*)(objectSid=" + GetBinaryString(sid.Data) + "))",
                System.DirectoryServices.Protocols.SearchScope.Subtree
                ));
 }