internal override bool IsLockedOut(AuthenticablePrincipal p) { Debug.Assert(p.fakePrincipal == false); Debug.Assert(p.unpersisted == false); DirectoryEntry de = (DirectoryEntry)p.UnderlyingObject; Debug.Assert(de != null); try { de.RefreshCache(); return((bool)de.InvokeGet("IsAccountLocked")); } catch (System.Reflection.TargetInvocationException e) { if (e.InnerException is System.Runtime.InteropServices.COMException) { throw (ExceptionHelper.GetExceptionFromCOMException((System.Runtime.InteropServices.COMException)e.InnerException)); } throw; } }
static internal void WriteAttribute <T>(string dePath, string attribute, T value, NetCred credentials, AuthenticationTypes authTypes) { Debug.Assert(attribute != null && attribute.Length > 0); // Ideally, we'd just like to set the property in the principal's DirectoryEntry and write // the changes to the store. However, there might be other changes in the DirectoryEntry, // and we don't want to write all of them to the store. So we must make // a fresh DirectoryEntry and write using that. DirectoryEntry copyOfDe = null; try { copyOfDe = SDSUtils.BuildDirectoryEntry(dePath, credentials, authTypes); Debug.Assert(copyOfDe != null); // So we don't do a implicit GetInfo() and retrieve every attribute copyOfDe.RefreshCache(new string[] { attribute }); copyOfDe.Properties[attribute].Value = value; copyOfDe.CommitChanges(); } catch (System.Runtime.InteropServices.COMException e) { // ADSI threw an exception trying to write the change throw ExceptionHelper.GetExceptionFromCOMException(e); } finally { if (copyOfDe != null) { copyOfDe.Dispose(); } } }
public void Save(PrincipalContext context) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "Principal", "Entering Save(Context)"); // Make sure we're not disposed or deleted. CheckDisposedOrDeleted(); // Make sure we're not a fake principal CheckFakePrincipal(); // We must have a PrincipalContext to save into. This should always be the case, unless we're unpersisted // and they never set a PrincipalContext. if (context == null) { Debug.Assert(this.unpersisted == true); throw new InvalidOperationException(SR.NullArguments); } if (context.ContextType == ContextType.Machine || _ctx.ContextType == ContextType.Machine) { throw new InvalidOperationException(SR.SaveToNotSupportedAgainstMachineStore); } // If the user is trying to save to the same context we are already set to then just save the changes if (context == _ctx) { Save(); return; } // If we already have a context set on this object then make sure the new // context is of the same type. if (context.ContextType != _ctx.ContextType) { Debug.Assert(this.unpersisted == true); throw new InvalidOperationException(SR.SaveToMustHaveSamecontextType); } StoreCtx originalStoreCtx = GetStoreCtxToUse(); _ctx = context; // Call the appropriate operation depending on whether this is an insert or update StoreCtx newStoreCtx = GetStoreCtxToUse(); Debug.Assert(newStoreCtx != null); // since we know this.ctx isn't null Debug.Assert(originalStoreCtx != null); // since we know this.ctx isn't null if (this.unpersisted) { // We have an unpersisted principal so we just want to create a principal in the new store. GlobalDebug.WriteLineIf(GlobalDebug.Info, "Principal", "Save(context): inserting new principal of type {0} using {1}", this.GetType(), newStoreCtx.GetType()); Debug.Assert(newStoreCtx == _ctx.ContextForType(this.GetType())); newStoreCtx.Insert(this); this.unpersisted = false; // once we persist, we're no longer in the unpersisted state } else { // We have a principal that already exists. We need to move it to the new store. GlobalDebug.WriteLineIf(GlobalDebug.Info, "Principal", "Save(context): Moving principal of type {0} using {1}", this.GetType(), newStoreCtx.GetType()); // we are now saving to a new store so this principal is unpersisted. this.unpersisted = true; // If the user has modified the name save away the current name so // if the move succeeds and the update fails we will move the item back to the original // store with the original name. bool nameModified = _nameChanged == LoadState.Changed; string previousName = null; if (nameModified) { string newName = _name; _ctx.QueryCtx.Load(this, PropertyNames.PrincipalName); previousName = _name; this.Name = newName; } newStoreCtx.Move(originalStoreCtx, this); try { this.unpersisted = false; // once we persist, we're no longer in the unpersisted state newStoreCtx.Update(this); } catch (System.SystemException e) { try { GlobalDebug.WriteLineIf(GlobalDebug.Error, "Principal", "Save(context):, Update Failed (attempting to move back) Exception {0} ", e.Message); if (nameModified) { this.Name = previousName; } originalStoreCtx.Move(newStoreCtx, this); GlobalDebug.WriteLineIf(GlobalDebug.Info, "Principal", "Move back succeeded"); } catch (System.SystemException deleteFail) { // The move back failed. Just continue we will throw the original exception below. GlobalDebug.WriteLineIf(GlobalDebug.Error, "Principal", "Save(context):, Move back Failed {0} ", deleteFail.Message); } if (e is System.Runtime.InteropServices.COMException) { throw ExceptionHelper.GetExceptionFromCOMException((System.Runtime.InteropServices.COMException)e); } else { throw; } } } _ctx.QueryCtx = newStoreCtx; // so Updates go to the right StoreCtx }
private bool BindSam(string target, string userName, string password) { string adsPath = $"WinNT://{_serverName},computer"; Guid g = new Guid("fd8256d0-fd15-11ce-abc4-02608c9e7553"); // IID_IUnknown object value = null; // always attempt secure auth.. int authenticationType = 1; object unmanagedResult = null; try { if (Thread.CurrentThread.GetApartmentState() == ApartmentState.Unknown) { Thread.CurrentThread.SetApartmentState(ApartmentState.MTA); } // We need the credentials to be in the form <machine>\\<user> // if they just passed user then append the machine name here. if (null != userName) { int index = userName.IndexOf('\\'); if (index == -1) { userName = _serverName + "\\" + userName; } } int hr = UnsafeNativeMethods.ADsOpenObject(adsPath, userName, password, (int)authenticationType, ref g, out value); if (hr != 0) { if (hr == unchecked ((int)(ExceptionHelper.ERROR_HRESULT_LOGON_FAILURE))) { // This is the invalid credetials case. We want to return false // instead of throwing an exception return(false); } else { throw ExceptionHelper.GetExceptionFromErrorCode(hr); } } unmanagedResult = ((UnsafeNativeMethods.IADs)value).Get("name"); } catch (System.Runtime.InteropServices.COMException e) { if (e.ErrorCode == unchecked ((int)(ExceptionHelper.ERROR_HRESULT_LOGON_FAILURE))) { return(false); } else { throw ExceptionHelper.GetExceptionFromCOMException(e); } } finally { if (value != null) { System.Runtime.InteropServices.Marshal.ReleaseComObject(value); } } return(true); }
private void DoLDAPDirectoryInit() { // use the servername if they gave us one, else let ADSI figure it out string serverName = ""; if (_name != null) { if (_contextType == ContextType.ApplicationDirectory) { serverName = _serverProperties.dnsHostName + ":" + ((ContextOptions.SecureSocketLayer & _options) > 0 ? _serverProperties.portSSL : _serverProperties.portLDAP); } else { serverName = _name; } serverName += "/"; } GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInit: serverName is " + serverName); // use the options they specified AuthenticationTypes authTypes = SDSUtils.MapOptionsToAuthTypes(_options); GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInit: authTypes is " + authTypes.ToString()); DirectoryEntry de = new DirectoryEntry("LDAP://" + serverName + _container, _username, _password, authTypes); try { // Set the password port to the ssl port read off of the rootDSE. Without this // password change/set won't work when we connect without SSL and ADAM is running // on non-standard port numbers. We have already verified directory connectivity at this point // so this should always succeed. if (_serverProperties.portSSL > 0) { de.Options.PasswordPort = _serverProperties.portSSL; } StoreCtx storeCtx = CreateContextFromDirectoryEntry(de); _queryCtx = storeCtx; _userCtx = storeCtx; _groupCtx = storeCtx; _computerCtx = storeCtx; _connectedServer = ADUtils.GetServerName(de); de = null; } catch (System.Runtime.InteropServices.COMException e) { throw ExceptionHelper.GetExceptionFromCOMException(e); } catch (Exception e) { GlobalDebug.WriteLineIf(GlobalDebug.Error, "PrincipalContext", "DoLDAPDirectoryInit: caught exception of type " + e.GetType().ToString() + " and message " + e.Message); throw; } finally { // Cleanup the DE on failure de?.Dispose(); } }
private bool BindSam(string target, string userName, string password) { bool flag; StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append("WinNT://"); stringBuilder.Append(this.serverName); stringBuilder.Append(",computer"); Guid guid = new Guid("fd8256d0-fd15-11ce-abc4-02608c9e7553"); object obj = null; int num = 1; try { try { if (Thread.CurrentThread.GetApartmentState() == ApartmentState.Unknown) { Thread.CurrentThread.SetApartmentState(ApartmentState.MTA); } if (userName != null) { int num1 = userName.IndexOf("\\", StringComparison.Ordinal); if (num1 == -1) { userName = string.Concat(this.serverName, "\\", userName); } } int num2 = UnsafeNativeMethods.ADsOpenObject(stringBuilder.ToString(), userName, password, num, out guid, out obj); if (num2 == 0) { ((UnsafeNativeMethods.IADs)obj).Get("name"); } else { if (num2 != ExceptionHelper.ERROR_HRESULT_LOGON_FAILURE) { throw ExceptionHelper.GetExceptionFromErrorCode(num2); } else { flag = false; return(flag); } } } catch (COMException cOMException1) { COMException cOMException = cOMException1; if (cOMException.ErrorCode != ExceptionHelper.ERROR_HRESULT_LOGON_FAILURE) { throw ExceptionHelper.GetExceptionFromCOMException(cOMException); } else { flag = false; return(flag); } } return(true); } finally { if (obj != null) { Marshal.ReleaseComObject(obj); } } return(flag); }
private List <string> PopulatAuxObjectList(string auxClassName) { string value; List <string> strs; string userName; string password; string str; string password1; try { string str1 = string.Concat("LDAP://", this.userSuppliedServerName, "/rootDSE"); if (this.credentials == null) { userName = null; } else { userName = this.credentials.UserName; } if (this.credentials == null) { password = null; } else { password = this.credentials.Password; } using (DirectoryEntry directoryEntry = new DirectoryEntry(str1, userName, password, this.authTypes)) { if (directoryEntry.Properties["schemaNamingContext"].Count != 0) { value = (string)directoryEntry.Properties["schemaNamingContext"].Value; } else { throw new PrincipalOperationException(StringResources.ADAMStoreUnableToPopulateSchemaList); } } string str2 = string.Concat("LDAP://", this.userSuppliedServerName, "/", value); if (this.credentials == null) { str = null; } else { str = this.credentials.UserName; } if (this.credentials == null) { password1 = null; } else { password1 = this.credentials.Password; } using (DirectoryEntry directoryEntry1 = new DirectoryEntry(str2, str, password1, this.authTypes)) { using (DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry1)) { directorySearcher.Filter = string.Concat("(&(objectClass=classSchema)(systemAuxiliaryClass=", auxClassName, "))"); directorySearcher.PropertiesToLoad.Add("ldapDisplayName"); List <string> strs1 = new List <string>(); SearchResultCollection searchResultCollections = directorySearcher.FindAll(); using (searchResultCollections) { foreach (SearchResult searchResult in searchResultCollections) { if (searchResult.Properties["ldapDisplayName"] != null) { strs1.Add(searchResult.Properties["ldapDisplayName"][0].ToString()); } else { throw new PrincipalOperationException(StringResources.ADAMStoreUnableToPopulateSchemaList); } } } strs1.Add(auxClassName); strs = strs1; } } } catch (COMException cOMException1) { COMException cOMException = cOMException1; throw ExceptionHelper.GetExceptionFromCOMException(cOMException); } return(strs); }
public void Save(PrincipalContext context) { this.CheckDisposedOrDeleted(); this.CheckFakePrincipal(); if (context.ContextType == ContextType.Machine || this.ctx.ContextType == ContextType.Machine) { throw new InvalidOperationException(StringResources.SaveToNotSupportedAgainstMachineStore); } else { if (context != null) { if (context != this.ctx) { if (context.ContextType == this.ctx.ContextType) { StoreCtx storeCtxToUse = this.GetStoreCtxToUse(); this.ctx = context; StoreCtx storeCtx = this.GetStoreCtxToUse(); if (!this.unpersisted) { this.unpersisted = true; bool flag = this.nameChanged == LoadState.Changed; string str = null; if (flag) { string str1 = this.name; this.ctx.QueryCtx.Load(this, "Principal.Name"); str = this.name; this.Name = str1; } storeCtx.Move(storeCtxToUse, this); try { this.unpersisted = false; storeCtx.Update(this); } catch (SystemException systemException2) { SystemException systemException = systemException2; try { if (flag) { this.Name = str; } storeCtxToUse.Move(storeCtx, this); } catch (SystemException systemException1) { } if (systemException as COMException == null) { throw systemException; } else { throw ExceptionHelper.GetExceptionFromCOMException((COMException)systemException); } } } else { storeCtx.Insert(this); this.unpersisted = false; } this.ctx.QueryCtx = storeCtx; return; } else { throw new InvalidOperationException(StringResources.SaveToMustHaveSamecontextType); } } else { this.Save(); return; } } else { throw new InvalidOperationException(StringResources.NullArguments); } } }