protected static string GuidConverter(FilterBase filter, string suggestedAdProperty) { Debug.Assert(string.Equals(suggestedAdProperty, "objectGuid", StringComparison.OrdinalIgnoreCase)); Debug.Assert(filter is GuidFilter); Nullable <Guid> guid = (Nullable <Guid>)filter.Value; string result = ""; if (guid != null) { // Transform from hex string ("1AFF") to LDAP hex string ("\1A\FF") string ldapHexGuid = ADUtils.HexStringToLdapHexString(guid.ToString()); if (ldapHexGuid == null) { throw new InvalidOperationException(SR.StoreCtxGuidIdentityClaimBadFormat); } result = $"(objectGuid={ldapHexGuid})"; } return(result); }
// Use this for ldap search filter string... internal static string SecurityIdentifierToLdapHexFilterString(SecurityIdentifier sid) { return(ADUtils.HexStringToLdapHexString(SecurityIdentifierToLdapHexBindingString(sid))); }
// If useSidHistory == false, build a filter for objectSid. // If useSidHistory == true, build a filter for objectSid and sidHistory. protected static bool SecurityIdentityClaimConverterHelper(string urnValue, bool useSidHistory, StringBuilder filter, bool throwOnFail) { // String is in SDDL format. Translate it to ldap hex format IntPtr pBytePtr = IntPtr.Zero; byte[] sidB = null; try { if (Interop.Advapi32.ConvertStringSidToSid(urnValue, out pBytePtr) != Interop.BOOL.FALSE) { // Now we convert the native SID to a byte[] SID sidB = Utils.ConvertNativeSidToByteArray(pBytePtr); if (null == sidB) { if (throwOnFail) { throw new ArgumentException(SR.StoreCtxSecurityIdentityClaimBadFormat); } else { return(false); } } } else { if (throwOnFail) { throw new ArgumentException(SR.StoreCtxSecurityIdentityClaimBadFormat); } else { return(false); } } } finally { if (IntPtr.Zero != pBytePtr) { Interop.Kernel32.LocalFree(pBytePtr); } } StringBuilder stringizedBinarySid = new StringBuilder(); foreach (byte b in sidB) { stringizedBinarySid.Append(b.ToString("x2", CultureInfo.InvariantCulture)); } string ldapHexSid = ADUtils.HexStringToLdapHexString(stringizedBinarySid.ToString()); if (ldapHexSid == null) { return(false); } if (useSidHistory) { filter.Append("(|(objectSid="); filter.Append(ldapHexSid); filter.Append(")(sidHistory="); filter.Append(ldapHexSid); filter.Append("))"); } else { filter.Append("(objectSid="); filter.Append(ldapHexSid); filter.Append(')'); } return(true); }
protected static bool IdentityClaimToFilter(string identity, string identityFormat, ref string filter, bool throwOnFail) { identity ??= ""; StringBuilder sb = new StringBuilder(); switch (identityFormat) { case UrnScheme.GuidScheme: // Transform from hex string ("1AFF") to LDAP hex string ("\1A\FF") // The string passed is the string format of a GUID. We neeed to convert it into the ldap hex string // to build a query Guid g; try { g = new Guid(identity); } catch (FormatException e) { if (throwOnFail) { // For now throw an exception to let the caller know the type was invalid. throw new ArgumentException(e.Message, e); } else { return(false); } } byte[] gByte = g.ToByteArray(); StringBuilder stringguid = new StringBuilder(); foreach (byte b in gByte) { stringguid.Append(b.ToString("x2", CultureInfo.InvariantCulture)); } string ldapHexGuid = ADUtils.HexStringToLdapHexString(stringguid.ToString()); if (ldapHexGuid == null) { if (throwOnFail) { throw new ArgumentException(SR.StoreCtxGuidIdentityClaimBadFormat); } else { return(false); } } sb.Append("(objectGuid="); sb.Append(ldapHexGuid); sb.Append(')'); break; case UrnScheme.DistinguishedNameScheme: sb.Append("(distinguishedName="); sb.Append(ADUtils.EscapeRFC2254SpecialChars(identity)); sb.Append(')'); break; case UrnScheme.SidScheme: if (false == SecurityIdentityClaimConverterHelper(identity, false, sb, throwOnFail)) { return(false); } break; case UrnScheme.SamAccountScheme: int index = identity.IndexOf('\\'); if (index == identity.Length - 1) { if (throwOnFail) { throw new ArgumentException(SR.StoreCtxNT4IdentityClaimWrongForm); } else { return(false); } } string samAccountName = (index != -1) ? identity.Substring(index + 1) : // +1 to skip the '/' identity; sb.Append("(samAccountName="); sb.Append(ADUtils.EscapeRFC2254SpecialChars(samAccountName)); sb.Append(')'); break; case UrnScheme.NameScheme: sb.Append("(name="); sb.Append(ADUtils.EscapeRFC2254SpecialChars(identity)); sb.Append(')'); break; case UrnScheme.UpnScheme: sb.Append("(userPrincipalName="); sb.Append(ADUtils.EscapeRFC2254SpecialChars(identity)); sb.Append(')'); break; default: if (throwOnFail) { throw new ArgumentException(SR.StoreCtxUnsupportedIdentityClaimForQuery); } else { return(false); } } filter = sb.ToString(); return(true); }