internal override bool IsLockedOut(AuthenticablePrincipal p)
{
Debug.Assert(p.fakePrincipal == false);
Debug.Assert(p.unpersisted == false);
DirectoryEntry de = (DirectoryEntry)p.UnderlyingObject;
Debug.Assert(de != null);
try
{
de.RefreshCache();
return((bool)de.InvokeGet("IsAccountLocked"));
}
catch (System.Reflection.TargetInvocationException e)
{
if (e.InnerException is System.Runtime.InteropServices.COMException)
{
throw (ExceptionHelper.GetExceptionFromCOMException((System.Runtime.InteropServices.COMException)e.InnerException));
}
throw;
}
}
static internal void WriteAttribute <T>(string dePath, string attribute, T value, NetCred credentials, AuthenticationTypes authTypes)
{
Debug.Assert(attribute != null && attribute.Length > 0);
// Ideally, we'd just like to set the property in the principal's DirectoryEntry and write
// the changes to the store. However, there might be other changes in the DirectoryEntry,
// and we don't want to write all of them to the store. So we must make
// a fresh DirectoryEntry and write using that.
DirectoryEntry copyOfDe = null;
try
{
copyOfDe = SDSUtils.BuildDirectoryEntry(dePath, credentials, authTypes);
Debug.Assert(copyOfDe != null);
// So we don't do a implicit GetInfo() and retrieve every attribute
copyOfDe.RefreshCache(new string[] { attribute });
copyOfDe.Properties[attribute].Value = value;
copyOfDe.CommitChanges();
}
catch (System.Runtime.InteropServices.COMException e)
{
// ADSI threw an exception trying to write the change
throw ExceptionHelper.GetExceptionFromCOMException(e);
}
finally
{
if (copyOfDe != null)
{
copyOfDe.Dispose();
}
}
}
public void Save(PrincipalContext context)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "Principal", "Entering Save(Context)");
// Make sure we're not disposed or deleted.
CheckDisposedOrDeleted();
// Make sure we're not a fake principal
CheckFakePrincipal();
// We must have a PrincipalContext to save into. This should always be the case, unless we're unpersisted
// and they never set a PrincipalContext.
if (context == null)
{
Debug.Assert(this.unpersisted == true);
throw new InvalidOperationException(SR.NullArguments);
}
if (context.ContextType == ContextType.Machine || _ctx.ContextType == ContextType.Machine)
{
throw new InvalidOperationException(SR.SaveToNotSupportedAgainstMachineStore);
}
// If the user is trying to save to the same context we are already set to then just save the changes
if (context == _ctx)
{
Save();
return;
}
// If we already have a context set on this object then make sure the new
// context is of the same type.
if (context.ContextType != _ctx.ContextType)
{
Debug.Assert(this.unpersisted == true);
throw new InvalidOperationException(SR.SaveToMustHaveSamecontextType);
}
StoreCtx originalStoreCtx = GetStoreCtxToUse();
_ctx = context;
// Call the appropriate operation depending on whether this is an insert or update
StoreCtx newStoreCtx = GetStoreCtxToUse();
Debug.Assert(newStoreCtx != null); // since we know this.ctx isn't null
Debug.Assert(originalStoreCtx != null); // since we know this.ctx isn't null
if (this.unpersisted)
{
// We have an unpersisted principal so we just want to create a principal in the new store.
GlobalDebug.WriteLineIf(GlobalDebug.Info, "Principal", "Save(context): inserting new principal of type {0} using {1}", this.GetType(), newStoreCtx.GetType());
Debug.Assert(newStoreCtx == _ctx.ContextForType(this.GetType()));
newStoreCtx.Insert(this);
this.unpersisted = false; // once we persist, we're no longer in the unpersisted state
}
else
{
// We have a principal that already exists. We need to move it to the new store.
GlobalDebug.WriteLineIf(GlobalDebug.Info, "Principal", "Save(context): Moving principal of type {0} using {1}", this.GetType(), newStoreCtx.GetType());
// we are now saving to a new store so this principal is unpersisted.
this.unpersisted = true;
// If the user has modified the name save away the current name so
// if the move succeeds and the update fails we will move the item back to the original
// store with the original name.
bool nameModified = _nameChanged == LoadState.Changed;
string previousName = null;
if (nameModified)
{
string newName = _name;
_ctx.QueryCtx.Load(this, PropertyNames.PrincipalName);
previousName = _name;
this.Name = newName;
}
newStoreCtx.Move(originalStoreCtx, this);
try
{
this.unpersisted = false; // once we persist, we're no longer in the unpersisted state
newStoreCtx.Update(this);
}
catch (System.SystemException e)
{
try
{
GlobalDebug.WriteLineIf(GlobalDebug.Error, "Principal", "Save(context):, Update Failed (attempting to move back) Exception {0} ", e.Message);
if (nameModified)
{
this.Name = previousName;
}
originalStoreCtx.Move(newStoreCtx, this);
GlobalDebug.WriteLineIf(GlobalDebug.Info, "Principal", "Move back succeeded");
}
catch (System.SystemException deleteFail)
{
// The move back failed. Just continue we will throw the original exception below.
GlobalDebug.WriteLineIf(GlobalDebug.Error, "Principal", "Save(context):, Move back Failed {0} ", deleteFail.Message);
}
if (e is System.Runtime.InteropServices.COMException)
{
throw ExceptionHelper.GetExceptionFromCOMException((System.Runtime.InteropServices.COMException)e);
}
else
{
throw;
}
}
}
_ctx.QueryCtx = newStoreCtx; // so Updates go to the right StoreCtx
}
private bool BindSam(string target, string userName, string password)
{
string adsPath = $"WinNT://{_serverName},computer";
Guid g = new Guid("fd8256d0-fd15-11ce-abc4-02608c9e7553"); // IID_IUnknown
object value = null;
// always attempt secure auth..
int authenticationType = 1;
object unmanagedResult = null;
try
{
if (Thread.CurrentThread.GetApartmentState() == ApartmentState.Unknown)
{
Thread.CurrentThread.SetApartmentState(ApartmentState.MTA);
}
// We need the credentials to be in the form <machine>\\<user>
// if they just passed user then append the machine name here.
if (null != userName)
{
int index = userName.IndexOf('\\');
if (index == -1)
{
userName = _serverName + "\\" + userName;
}
}
int hr = UnsafeNativeMethods.ADsOpenObject(adsPath, userName, password, (int)authenticationType, ref g, out value);
if (hr != 0)
{
if (hr == unchecked ((int)(ExceptionHelper.ERROR_HRESULT_LOGON_FAILURE)))
{
// This is the invalid credetials case. We want to return false
// instead of throwing an exception
return(false);
}
else
{
throw ExceptionHelper.GetExceptionFromErrorCode(hr);
}
}
unmanagedResult = ((UnsafeNativeMethods.IADs)value).Get("name");
}
catch (System.Runtime.InteropServices.COMException e)
{
if (e.ErrorCode == unchecked ((int)(ExceptionHelper.ERROR_HRESULT_LOGON_FAILURE)))
{
return(false);
}
else
{
throw ExceptionHelper.GetExceptionFromCOMException(e);
}
}
finally
{
if (value != null)
{
System.Runtime.InteropServices.Marshal.ReleaseComObject(value);
}
}
return(true);
}
private void DoLDAPDirectoryInit()
{
// use the servername if they gave us one, else let ADSI figure it out
string serverName = "";
if (_name != null)
{
if (_contextType == ContextType.ApplicationDirectory)
{
serverName = _serverProperties.dnsHostName + ":" +
((ContextOptions.SecureSocketLayer & _options) > 0 ? _serverProperties.portSSL : _serverProperties.portLDAP);
}
else
{
serverName = _name;
}
serverName += "/";
}
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInit: serverName is " + serverName);
// use the options they specified
AuthenticationTypes authTypes = SDSUtils.MapOptionsToAuthTypes(_options);
GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalContext", "DoLDAPDirectoryInit: authTypes is " + authTypes.ToString());
DirectoryEntry de = new DirectoryEntry("LDAP://" + serverName + _container, _username, _password, authTypes);
try
{
// Set the password port to the ssl port read off of the rootDSE. Without this
// password change/set won't work when we connect without SSL and ADAM is running
// on non-standard port numbers. We have already verified directory connectivity at this point
// so this should always succeed.
if (_serverProperties.portSSL > 0)
{
de.Options.PasswordPort = _serverProperties.portSSL;
}
StoreCtx storeCtx = CreateContextFromDirectoryEntry(de);
_queryCtx = storeCtx;
_userCtx = storeCtx;
_groupCtx = storeCtx;
_computerCtx = storeCtx;
_connectedServer = ADUtils.GetServerName(de);
de = null;
}
catch (System.Runtime.InteropServices.COMException e)
{
throw ExceptionHelper.GetExceptionFromCOMException(e);
}
catch (Exception e)
{
GlobalDebug.WriteLineIf(GlobalDebug.Error, "PrincipalContext",
"DoLDAPDirectoryInit: caught exception of type "
+ e.GetType().ToString() +
" and message " + e.Message);
throw;
}
finally
{
// Cleanup the DE on failure
de?.Dispose();
}
}
private bool BindSam(string target, string userName, string password)
{
bool flag;
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append("WinNT://");
stringBuilder.Append(this.serverName);
stringBuilder.Append(",computer");
Guid guid = new Guid("fd8256d0-fd15-11ce-abc4-02608c9e7553");
object obj = null;
int num = 1;
try
{
try
{
if (Thread.CurrentThread.GetApartmentState() == ApartmentState.Unknown)
{
Thread.CurrentThread.SetApartmentState(ApartmentState.MTA);
}
if (userName != null)
{
int num1 = userName.IndexOf("\\", StringComparison.Ordinal);
if (num1 == -1)
{
userName = string.Concat(this.serverName, "\\", userName);
}
}
int num2 = UnsafeNativeMethods.ADsOpenObject(stringBuilder.ToString(), userName, password, num, out guid, out obj);
if (num2 == 0)
{
((UnsafeNativeMethods.IADs)obj).Get("name");
}
else
{
if (num2 != ExceptionHelper.ERROR_HRESULT_LOGON_FAILURE)
{
throw ExceptionHelper.GetExceptionFromErrorCode(num2);
}
else
{
flag = false;
return(flag);
}
}
}
catch (COMException cOMException1)
{
COMException cOMException = cOMException1;
if (cOMException.ErrorCode != ExceptionHelper.ERROR_HRESULT_LOGON_FAILURE)
{
throw ExceptionHelper.GetExceptionFromCOMException(cOMException);
}
else
{
flag = false;
return(flag);
}
}
return(true);
}
finally
{
if (obj != null)
{
Marshal.ReleaseComObject(obj);
}
}
return(flag);
}
private List <string> PopulatAuxObjectList(string auxClassName)
{
string value;
List <string> strs;
string userName;
string password;
string str;
string password1;
try
{
string str1 = string.Concat("LDAP://", this.userSuppliedServerName, "/rootDSE");
if (this.credentials == null)
{
userName = null;
}
else
{
userName = this.credentials.UserName;
}
if (this.credentials == null)
{
password = null;
}
else
{
password = this.credentials.Password;
}
using (DirectoryEntry directoryEntry = new DirectoryEntry(str1, userName, password, this.authTypes))
{
if (directoryEntry.Properties["schemaNamingContext"].Count != 0)
{
value = (string)directoryEntry.Properties["schemaNamingContext"].Value;
}
else
{
throw new PrincipalOperationException(StringResources.ADAMStoreUnableToPopulateSchemaList);
}
}
string str2 = string.Concat("LDAP://", this.userSuppliedServerName, "/", value);
if (this.credentials == null)
{
str = null;
}
else
{
str = this.credentials.UserName;
}
if (this.credentials == null)
{
password1 = null;
}
else
{
password1 = this.credentials.Password;
}
using (DirectoryEntry directoryEntry1 = new DirectoryEntry(str2, str, password1, this.authTypes))
{
using (DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry1))
{
directorySearcher.Filter = string.Concat("(&(objectClass=classSchema)(systemAuxiliaryClass=", auxClassName, "))");
directorySearcher.PropertiesToLoad.Add("ldapDisplayName");
List <string> strs1 = new List <string>();
SearchResultCollection searchResultCollections = directorySearcher.FindAll();
using (searchResultCollections)
{
foreach (SearchResult searchResult in searchResultCollections)
{
if (searchResult.Properties["ldapDisplayName"] != null)
{
strs1.Add(searchResult.Properties["ldapDisplayName"][0].ToString());
}
else
{
throw new PrincipalOperationException(StringResources.ADAMStoreUnableToPopulateSchemaList);
}
}
}
strs1.Add(auxClassName);
strs = strs1;
}
}
}
catch (COMException cOMException1)
{
COMException cOMException = cOMException1;
throw ExceptionHelper.GetExceptionFromCOMException(cOMException);
}
return(strs);
}
public void Save(PrincipalContext context)
{
this.CheckDisposedOrDeleted();
this.CheckFakePrincipal();
if (context.ContextType == ContextType.Machine || this.ctx.ContextType == ContextType.Machine)
{
throw new InvalidOperationException(StringResources.SaveToNotSupportedAgainstMachineStore);
}
else
{
if (context != null)
{
if (context != this.ctx)
{
if (context.ContextType == this.ctx.ContextType)
{
StoreCtx storeCtxToUse = this.GetStoreCtxToUse();
this.ctx = context;
StoreCtx storeCtx = this.GetStoreCtxToUse();
if (!this.unpersisted)
{
this.unpersisted = true;
bool flag = this.nameChanged == LoadState.Changed;
string str = null;
if (flag)
{
string str1 = this.name;
this.ctx.QueryCtx.Load(this, "Principal.Name");
str = this.name;
this.Name = str1;
}
storeCtx.Move(storeCtxToUse, this);
try
{
this.unpersisted = false;
storeCtx.Update(this);
}
catch (SystemException systemException2)
{
SystemException systemException = systemException2;
try
{
if (flag)
{
this.Name = str;
}
storeCtxToUse.Move(storeCtx, this);
}
catch (SystemException systemException1)
{
}
if (systemException as COMException == null)
{
throw systemException;
}
else
{
throw ExceptionHelper.GetExceptionFromCOMException((COMException)systemException);
}
}
}
else
{
storeCtx.Insert(this);
this.unpersisted = false;
}
this.ctx.QueryCtx = storeCtx;
return;
}
else
{
throw new InvalidOperationException(StringResources.SaveToMustHaveSamecontextType);
}
}
else
{
this.Save();
return;
}
}
else
{
throw new InvalidOperationException(StringResources.NullArguments);
}
}
}
