コード例 #1
0
        public static LdapConnection CreateConnection(
            string hostDnsName,
            DsUser user,
            ref DsServer srv,
            bool forceCreate  = false,
            AuthType authType = AuthType.Kerberos)
        {
            if (!forceCreate && srv.LdapConn != null)
            {
                // If there is an active connection, return it.
                return(srv.LdapConn);
            }

            LdapConnection conn = new LdapConnection(hostDnsName);

            if (authType == AuthType.Basic)
            {
                conn.AuthType   = AuthType.Basic;
                conn.Credential = new NetworkCredential(user.Domain.NetbiosName + "\\" + user.Username, user.Password /*, user.Domain.Name*/);
            }
            else
            {
                conn.Credential = new NetworkCredential(user.Username, user.Password, user.Domain.DNSName);
            }
            conn.Timeout = new TimeSpan(0, 5, 0);
            // Bind the connection to the server
            conn.Bind();
            srv.LdapConn = conn;
            return(conn);
        }
コード例 #2
0
        /// <summary>
        /// finish objects for UserStore
        /// </summary>
        static void InitUserObjects()
        {
            #region user objects
            string[] enum_vals = Enum.GetNames(typeof(EnvironmentConfig.User));
            foreach (string s in enum_vals)
            {
                User tmpU = (EnvironmentConfig.User)Enum.Parse(typeof(EnvironmentConfig.User), s);

                if (tmpU == User.None)
                {
                    continue;
                }

                DsUser user = new DsUser();
                if (s.Contains("Admin"))
                {
                    user.Username = ADCommonServerAdapter.Instance(testSite).DomainAdministratorName;
                }
                else
                {
                    user.Username = DomainUserName;
                }
                user.Password = ADCommonServerAdapter.Instance(testSite).DomainUserPassword;

                //force load domain dns name for loading domain info via ldap adapter
                switch (tmpU)
                {
                case User.ExternalDomainAdmin:
                    user.Domain             = new AddsDomain();
                    user.Domain.NetbiosName = testSite.Properties[DomainEnum.ExternalDomain.ToString() + ".NetbiosName"];
                    user.Domain.DNSName     = testSite.Properties[DomainEnum.ExternalDomain.ToString() + ".DNSName"];
                    break;

                case User.LDSDomainAdmin:
                    user.Domain         = new AdldsDomain();
                    user.Domain.DNSName = testSite.Properties[DomainEnum.LDSDomain.ToString() + ".DNSName"];
                    break;

                case User.MainDCAccount:
                    //machine account not initialized yet
                    continue;

                case User.WritableDC2Account:
                    continue;

                case User.RODCMachineAccount:
                    continue;

                default:
                    user.Domain             = new AddsDomain();
                    user.Domain.NetbiosName = testSite.Properties[DomainEnum.PrimaryDomain.ToString() + ".NetbiosName"];
                    user.Domain.DNSName     = ADCommonServerAdapter.Instance(testSite).PrimaryDomainDnsName;
                    break;
                }
                UserStore.Add((EnvironmentConfig.User)Enum.Parse(typeof(EnvironmentConfig.User), s), user);
            }
            #endregion
        }
コード例 #3
0
        public void DRSR_DRSInterDomainMove_LDAP_Move_Object_From_Child_To_Parent()
        {
            DrsrTestChecker.Check();
            EnvironmentConfig.Machine parentDcType = EnvironmentConfig.Machine.WritableDC1;
            DsServer parentDc = (DsServer)EnvironmentConfig.MachineStore[parentDcType];

            EnvironmentConfig.Machine childDcType = EnvironmentConfig.Machine.CDC;
            DsServer childDc = (DsServer)EnvironmentConfig.MachineStore[childDcType];
            DsUser   user    = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            string srcObjDn = ldapAdapter.TestAddUserObj(childDc);

            BaseTestSite.Log.Add(LogEntryKind.Comment, "LDAP add a new object: {0}.", srcObjDn);
            string newObjRdn      = DrsrHelper.GetRDNFromDN(srcObjDn);
            string tgtParentObjDn = "CN=Users," + DrsrHelper.GetNamingContextDN(parentDc.Domain, NamingContext.DomainNC);
            string newObjDn       = newObjRdn + "," + tgtParentObjDn;

            bool bNewObjAdded = ldapAdapter.IsObjectExist(parentDc, newObjDn);

            if (bNewObjAdded)
            {
                ResultCode rCode = ldapAdapter.DeleteObject(parentDc, newObjDn);
                BaseTestSite.Assume.AreEqual <ResultCode>(ResultCode.Success, rCode, "LDAP: {0} should be removed.", newObjDn);
            }

            using (LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(childDc.DnsHostName))) // connecting to the child domain in which the object exists
            {
                connection.Credential = new System.Net.NetworkCredential(user.Username, user.Password, parentDc.Domain.DNSName);
                connection.SessionOptions.ProtocolVersion = 3;
                connection.SessionOptions.SspiFlag        = connection.SessionOptions.SspiFlag | 1; //Set Delegate flag.
                connection.AuthType = AuthType.Kerberos;
                connection.Bind();
                try
                {
                    BaseTestSite.Log.Add(LogEntryKind.Comment, "LDAP ModifyDN: moving object {0} to {1}.", srcObjDn, newObjDn);
                    ModifyDNRequest modDnRequest = new ModifyDNRequest(srcObjDn, tgtParentObjDn, newObjRdn);
                    modDnRequest.Controls.Add(new CrossDomainMoveControl(parentDc.DnsHostName)); // parent domain to which the object need to move
                    ModifyDNResponse modDnResponse = (ModifyDNResponse)connection.SendRequest(modDnRequest);
                    BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, modDnResponse.ResultCode,
                                                              "LDAP ModifyDN: server should invoke IDL_DRSInterDomainMove on target Dc and move the object.");

                    bool bOldObjDeleted = ldapAdapter.IsObjectExist(childDc, srcObjDn);
                    bNewObjAdded = ldapAdapter.IsObjectExist(parentDc, newObjDn);
                    BaseTestSite.Assert.IsFalse(bOldObjDeleted, "LDAP ModifyDN: the old object should be deleted from source DC.");
                    BaseTestSite.Assert.IsTrue(bNewObjAdded, "LDAP ModifyDN: the new object should be added into target DC.");
                }
                catch (DirectoryOperationException e)
                {
                    BaseTestSite.Log.Add(LogEntryKind.Debug, "LDAP ModifyDN: ResultCode:{0}", e.Response.ResultCode.ToString());
                    BaseTestSite.Log.Add(LogEntryKind.Debug, "LDAP ModifyDN: ErrorMessage:{0}", e.Response.ErrorMessage.ToString());
                    BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, e.Response.ResultCode,
                                                              "LDAP ModifyDN: server should invoke the IDL_DRSInterDomainMove on target Dc and move the object.");
                }
            }
        }
コード例 #4
0
        public void DRSR_DRSGetMemberships_Get_Global_Groups_Non_Transitive()
        {
            DrsrTestChecker.Check();
            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
            DsUser   user   = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSBind: should return 0 with a success bind to DC");

            DSNAME dsUser = ldapAdapter.GetDsName(
                server,
                ldapAdapter.GetUserDn(
                    server,
                    user
                    )
                ).Value;

            ret = drsTestClient.DrsGetMemberships(
                srv,
                dwInVersion_Values.V1,
                dsUser,
                false,
                REVERSE_MEMBERSHIP_OPERATION_TYPE.RevMembGlobalGroupsNonTransitive,
                ((AddsDomain)(server.Domain)).DomainNC);

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSGetMemberships: return value should be 0");

            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSUnbind: return value should be 0");
        }
コード例 #5
0
        public void DRSR_DRSGetMemberships_Get_Group_Members_Transitive()
        {
            DrsrTestChecker.Check();

            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
            DsUser   user   = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSBind: should return 0 with a success bind to DC");
            string groupDn = "CN=Domain Users,CN=Users," + DrsrHelper.GetDNFromFQDN(ADCommonServerAdapter.Instance(Site).PrimaryDomainDnsName);
            DSNAME dsGroup = LdapUtility.CreateDSNameForObject(
                server,
                groupDn
                );

            ret = drsTestClient.DrsGetMemberships(
                srv,
                dwInVersion_Values.V1,
                dsGroup,
                false,
                REVERSE_MEMBERSHIP_OPERATION_TYPE.GroupMembersTransitive,
                null);

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSGetMemberships: return value should be 0");

            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSUnbind: return value should be 0");
        }
コード例 #6
0
        public void DRSR_DRSRemoveDsServer_Remove_DC()
        {
            DrsrTestChecker.Check();
            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
            EnvironmentConfig.Machine dst = EnvironmentConfig.Machine.CDC;

            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
            DsServer child  = (DsServer)EnvironmentConfig.MachineStore[dst];

            DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSBind: should return 0 with a success bind to DC");

            string serverDn = child.ServerObjectName;
            string domainDn = child.Domain.Name;

            ret = drsTestClient.DrsRemoveDsServer(
                srv,
                IDL_DRSRemoveDsServer_dwInVersion_Values.V1,
                serverDn,
                domainDn,
                true);  // DANGEROUS: We're actually going to remove this server!

            BaseTestSite.Assert.AreEqual <uint>(
                ret,
                0,
                "IDL_DRSRemoveDsServer: return value should be 0");

            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSUnbind: return value should be 0");
        }
コード例 #7
0
        public void DRSR_DRSRemoveDsServer_Verify_LastDC()
        {
            DrsrTestChecker.Check();
            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];

            DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(0, ret,
                                                "IDL_DRSBind: Checking return value - got: {0}, expect: {1}, return value should always be 0 with a success bind to DC",
                                                ret, 0);

            string serverDn = server.ServerObjectName;
            string domainDn = server.Domain.Name;

            ret = drsTestClient.DrsRemoveDsServer(
                srv,
                IDL_DRSRemoveDsServer_dwInVersion_Values.V1,
                serverDn,
                domainDn,
                false);

            BaseTestSite.Assert.AreEqual <uint>(0, ret,
                                                "IDL_DRSRemoveDsServer: Checking return value - got: {0}, expect: {1}, return value should always be 0",
                                                ret, 0);
            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(0, ret,
                                                "IDL_DRSUnbind: Checking return value - got: {0}, expect: {1}, return value should always be 0",
                                                ret, 0);
        }
コード例 #8
0
        public void DRSR_DRSVerifyNames_Verify_SAM_Account_Names()
        {
            DrsrTestChecker.Check();
            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
            DsUser   user   = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSBind: should return 0 with a success bind to DC");

            // Create a DSNAME with only SAMAccountName.
            string userDn         = ldapAdapter.GetUserDn(server, user);
            string sAMAccountName = (string)ldapAdapter.GetAttributeValue(server, userDn, "sAMAccountName");
            DSNAME dsUser         = DrsuapiClient.CreateDsName(sAMAccountName, Guid.Empty, null);

            // Prefix table
            SCHEMA_PREFIX_TABLE prefixTable = OIDUtility.CreatePrefixTable();

            // Create the attribute block. Here we go to RDN attribute.
            string rdnAttrId = DRSConstants.RDN_OID;
            uint   attrTyp   = OIDUtility.MakeAttid(prefixTable, rdnAttrId);

            ATTRVAL      attrVal      = DrsuapiClient.CreateATTRVAL(null);
            ATTRVALBLOCK attrValBlock = DrsuapiClient.CreateATTRVALBLOCK(new ATTRVAL[] { attrVal });
            ATTR         attr         = DrsuapiClient.CreateATTR(attrTyp, attrValBlock);
            ATTRBLOCK    attrBlock    = DrsuapiClient.CreateATTRBLOCK(new ATTR[] { attr });

            // Actual RPC call.
            ret = drsTestClient.DrsVerifyNames(
                srv,
                dwInVersion_Values.V1,
                DRS_MSG_VERIFYREQ_V1_dwFlags_Values.DRS_VERIFY_SAM_ACCOUNT_NAMES,
                new DSNAME[] { dsUser },
                new string[] { userDn },
                attrBlock,
                prefixTable
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSVerifyNames: return value should be 0"
                );

            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSUnbind: return value should be 0");
        }
コード例 #9
0
        /// <summary>
        /// load all infos
        /// </summary>
        /// <param name="site">PTD test site</param>
        public static void Initialize(ITestSite site)
        {
            if (site == null)
            {
                throw new ApplicationException("TestSite could not be NULL.");
            }

            //only initialize once
            if (dataLoaded)
            {
                if (!init_succeed)
                {
                    site.Assert.Fail("EnvironmentConfig init failed in previous cases");
                }
                return;
            }

            //try
            //{
            testSite        = site;
            ldapAd          = site.GetAdapter <ILdapAdapter>();
            ldapAd.Site     = site;
            testDS          = bool.Parse(site.Properties["MS_DRSR.TestDS"]);
            funcLv          = (Microsoft.Protocols.TestTools.StackSdk.ActiveDirectory.Drsr.DrsrDomainFunctionLevel)(ADCommonServerAdapter.Instance(testSite).DomainFunctionLevel);
            UseKerberos     = bool.Parse(site.Properties["MS_DRSR.UseKerberos"]);
            UseNativeRpcLib = bool.Parse(site.Properties["MS_DRSR.UseNativeRpcLib"]);

            //create normal user account if it does not exist yet
            string serverName   = ADCommonServerAdapter.Instance(testSite).PDCNetbiosName;
            string serverPort   = ADCommonServerAdapter.Instance(testSite).ADDSPortNum;
            string domainNC     = "DC=" + ADCommonServerAdapter.Instance(testSite).PrimaryDomainDnsName.Replace(".", ",DC=");
            string parentDN     = string.Format("CN=Users,{0}", domainNC);
            string userDN       = string.Format("CN={0},CN=Users,{1}", DomainUserName, domainNC);
            string userPassword = ADCommonServerAdapter.Instance(testSite).DomainUserPassword;

            if (!Utilities.IsObjectExist(userDN, serverName, serverPort))
            {
                Utilities.NewUser(serverName, serverPort, parentDN, DomainUserName, userPassword);
            }

            //please do all object intialization in this call following example
            InitUserObjects();
            InitDomainObjects();
            InitMachineObjects();
            FinishUserObjects();

            //load DS AppNC late due to rootDSE search issue
            if (testDS && !string.IsNullOrEmpty(AppNCDistinguishedName))
            {
                ((AddsDomain)DomainStore[DomainEnum.PrimaryDomain]).OtherNCs    = new DSNAME[1];
                ((AddsDomain)DomainStore[DomainEnum.PrimaryDomain]).OtherNCs[0] = ldapAd.GetDsName((DsServer)MachineStore[Machine.WritableDC1], AppNCDistinguishedName).Value;
            }

            MainDC = (AddsServer)EnvironmentConfig.MachineStore[Machine.MainDC];
            DsServer s1 = (DsServer)EnvironmentConfig.MachineStore[Machine.WritableDC1];

            transport_obj = ldapAd.GetDsName(
                s1,
                "cn=ip,cn=inter-site transports,cn=sites,"
                + LdapUtility.ConvertUshortArrayToString(s1.Domain.ConfigNC.StringName)
                ).Value;

            DsUser dcAccount = new DsUser();

            dcAccount.Domain   = s1.Domain;
            dcAccount.Username = s1.NetbiosName + "$";
            dcAccount.Password = ADCommonServerAdapter.Instance(testSite).PDCPassword;
            UserStore.Add(User.MainDCAccount, dcAccount);

            //not always need dc2
            if (EnvironmentConfig.MachineStore.ContainsKey(Machine.WritableDC2))
            {
                DsServer s2 = (DsServer)EnvironmentConfig.MachineStore[Machine.WritableDC2];

                DsUser dcAccount2 = new DsUser();
                dcAccount2.Domain   = s2.Domain;
                dcAccount2.Username = s2.NetbiosName + "$";
                dcAccount2.Password = ADCommonServerAdapter.Instance(testSite).SDCPassword;
                UserStore.Add(User.WritableDC2Account, dcAccount2);
            }

            if (EnvironmentConfig.MachineStore.ContainsKey(Machine.RODC))
            {
                DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[Machine.RODC];

                DsUser rodcAccount = new DsUser();
                rodcAccount.Domain   = rodc.Domain;
                rodcAccount.Username = rodc.NetbiosName + "$";
                rodcAccount.Password = ADCommonServerAdapter.Instance(testSite).RODCPassword;
                UserStore.Add(User.RODCMachineAccount, rodcAccount);
            }
            //}
            //catch (Exception e)
            //{
            //    init_succeed = false;
            //    site.Assert.Fail("data initialization failed due to exception:" + e.InnerException == null ? e.Message : e.InnerException.Message);
            //}

            //alwasy only init once
            dataLoaded = true;
        }
コード例 #10
0
        public void DRSR_DRSRemoveDsDomain_Remove_Domain()
        {
            DrsrTestChecker.Check();
            // Init the data.
            EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;

            // The destination server in an external forest. The external forest will be
            // removed after this call.
            EnvironmentConfig.Machine dst = EnvironmentConfig.Machine.CDC;

            DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];

            DsServer child = (DsServer)EnvironmentConfig.MachineStore[dst];

            DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];

            uint ret = 0;

            ret = drsTestClient.DrsBind(
                srv,
                EnvironmentConfig.User.ParentDomainAdmin,
                DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
                );

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSBind: should return 0 with a success bind to DC");

            string domainDn = child.Domain.Name;

            // We call RemoveDsServer to remove an actual
            // DC in the external forest, so that a crossRef object
            // pointing to a removed NC will exists.
            string serverDn = child.ServerObjectName;

            ret = drsTestClient.DrsRemoveDsServer(
                srv,
                IDL_DRSRemoveDsServer_dwInVersion_Values.V1,
                serverDn,
                domainDn,
                true);

            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSRemoveDsDomain: should return 0 after removal of server");

            // Note that by far, the NTDS DSA object of this server should be removed already.
            ret = drsTestClient.DrsRemoveDsDomain(
                srv,
                IDL_DRSRemoveDsDomain_dwInVersion_Values.V1,
                domainDn
                );

            BaseTestSite.Assert.AreEqual <uint>(
                ret,
                0,
                "IDL_DRSRemoveDsDomain: return value should be 0");

            // Unbind
            ret = drsTestClient.DrsUnbind(srv);
            BaseTestSite.Assert.AreEqual <uint>(
                0,
                ret,
                "IDL_DRSUnbind: return value should be 0");
        }