internal static void InsertPrincipal(Principal p, StoreCtx storeCtx, SDSUtils.GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes, bool needToSetPassword) { if (p as UserPrincipal != null || p as GroupPrincipal != null || p as AuthenticablePrincipal != null || p as ComputerPrincipal != null) { SDSUtils.ApplyChangesToDirectory(p, storeCtx, updateGroupMembership, credentials, authTypes); if (needToSetPassword && p.GetChangeStatusForProperty("AuthenticablePrincipal.PasswordInfo.Password")) { string valueForProperty = (string)p.GetValueForProperty("AuthenticablePrincipal.PasswordInfo.Password"); storeCtx.SetPassword((AuthenticablePrincipal)p, valueForProperty); } if (p.GetChangeStatusForProperty("AuthenticablePrincipal.PasswordInfo.ExpireImmediately")) { bool flag = (bool)p.GetValueForProperty("AuthenticablePrincipal.PasswordInfo.ExpireImmediately"); if (flag) { storeCtx.ExpirePassword((AuthenticablePrincipal)p); } } return; } else { object[] str = new object[1]; str[0] = p.GetType().ToString(); throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture, StringResources.StoreCtxUnsupportedPrincipalTypeForSave, str)); } }
protected QbeFilterDescription BuildQbeFilterDescription(Principal p) { QbeFilterDescription qbeFilterDescription = new QbeFilterDescription(); // We don't have to check to make sure the application didn't try to set any // disallowed properties (i..e, referential properties, such as Group.Members), // because that check was enforced by the PrincipalSearcher in its // FindAll() and GetUnderlyingSearcher() methods, by calling // PrincipalSearcher.HasReferentialPropertiesSet(). if (p is Principal) { BuildFilterSet(p, principalProperties, qbeFilterDescription); } if (p is AuthenticablePrincipal) { BuildFilterSet(p, authenticablePrincipalProperties, qbeFilterDescription); } if (p is UserPrincipal) // includes AccountInfo and PasswordInfo { // AcctInfoExpirationDate and AcctInfoExpiredAccount represent filters on the same property // check that only one is specified if (p.GetChangeStatusForProperty(PropertyNames.AcctInfoExpirationDate) && p.GetChangeStatusForProperty(PropertyNames.AcctInfoExpiredAccount)) { throw new InvalidOperationException( String.Format( CultureInfo.CurrentCulture, StringResources.StoreCtxMultipleFiltersForPropertyUnsupported, PropertyNamesExternal.GetExternalForm(ExpirationDateFilter.PropertyNameStatic))); } BuildFilterSet(p, userProperties, qbeFilterDescription); } if (p is GroupPrincipal) { BuildFilterSet(p, groupProperties, qbeFilterDescription); } if (p is ComputerPrincipal) { BuildFilterSet(p, computerProperties, qbeFilterDescription); } return(qbeFilterDescription); }
protected QbeFilterDescription BuildQbeFilterDescription(Principal p) { QbeFilterDescription qbeFilterDescription = new QbeFilterDescription(); if (p != null) { this.BuildFilterSet(p, StoreCtx.principalProperties, qbeFilterDescription); } if (p as AuthenticablePrincipal != null) { this.BuildFilterSet(p, StoreCtx.authenticablePrincipalProperties, qbeFilterDescription); } if (p as UserPrincipal != null) { if (!p.GetChangeStatusForProperty("AuthenticablePrincipal.AccountInfo.AccountExpirationDate") || !p.GetChangeStatusForProperty("AuthenticablePrincipal.AccountInfoExpired")) { this.BuildFilterSet(p, StoreCtx.userProperties, qbeFilterDescription); } else { object[] externalForm = new object[1]; externalForm[0] = PropertyNamesExternal.GetExternalForm("AuthenticablePrincipal.AccountInfo.AccountExpirationDate"); throw new InvalidOperationException(string.Format(CultureInfo.CurrentCulture, StringResources.StoreCtxMultipleFiltersForPropertyUnsupported, externalForm)); } } if (p as GroupPrincipal != null) { this.BuildFilterSet(p, StoreCtx.groupProperties, qbeFilterDescription); } if (p as ComputerPrincipal != null) { this.BuildFilterSet(p, StoreCtx.computerProperties, qbeFilterDescription); } return(qbeFilterDescription); }
internal static void ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, SDSUtils.GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes) { DirectoryEntry native = (DirectoryEntry)storeCtx.PushChangesToNative(p); try { native.CommitChanges(); } catch (COMException cOMException1) { COMException cOMException = cOMException1; throw ExceptionHelper.GetExceptionFromCOMException(cOMException); } if (p as GroupPrincipal != null && p.GetChangeStatusForProperty("GroupPrincipal.Members")) { updateGroupMembership(p, native, credentials, authTypes); } }
static internal void ApplyChangesToDirectory( Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "Entering ApplyChangesToDirectory"); Debug.Assert(storeCtx != null); Debug.Assert(storeCtx is ADStoreCtx || storeCtx is SAMStoreCtx || storeCtx is ADAMStoreCtx); Debug.Assert(p != null); Debug.Assert(updateGroupMembership != null); // Update the properties in the DirectoryEntry. Note that this does NOT // update group membership. DirectoryEntry de = (DirectoryEntry)storeCtx.PushChangesToNative(p); Debug.Assert(de == p.UnderlyingObject); // Commit the property update try { de.CommitChanges(); } catch (System.Runtime.InteropServices.COMException e) { GlobalDebug.WriteLineIf(GlobalDebug.Error, "SDSUtils", "ApplyChangesToDirectory: caught COMException with message " + e.Message); throw (ExceptionHelper.GetExceptionFromCOMException(e)); } if ((p is GroupPrincipal) && (p.GetChangeStatusForProperty(PropertyNames.GroupMembers))) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "ApplyChangesToDirectory: Updating group membership"); // It's a group, and it's membership has changed. Commit those membership changes. // Note that this is an immediate operation, because it goes through IADsGroup, // and does not require a call to de.CommitChanges(). updateGroupMembership(p, de, credentials, authTypes); } }
private bool HasReferentialPropertiesSet() { // If using a null query filter, nothing to validate, as it can't have any referential // properties set. if (_qbeFilter == null) { return(false); } // Since the QBE filter must be in the "unpersisted" state, any set properties have their changed // flag still set (qbeFilter.GetChangeStatusForProperty() == true). Therefore, checking which properties // have been set == checking which properties have their change flag set to true. Debug.Assert(_qbeFilter.unpersisted == true); // Retrieve the list of referential properties for this type of Principal. // If this type of Principal doesn't have any, the Properties hashtable will return null. Type t = _qbeFilter.GetType(); GlobalDebug.WriteLineIf(GlobalDebug.Info, "PrincipalSearcher", "HasReferentialPropertiesSet: using type " + t.ToString()); ArrayList referentialProperties = (ArrayList)ReferentialProperties.Properties[t]; if (referentialProperties != null) { foreach (string propertyName in referentialProperties) { if (_qbeFilter.GetChangeStatusForProperty(propertyName) == true) { // Property was set. GlobalDebug.WriteLineIf(GlobalDebug.Warn, "PrincipalSearcher", "HasReferentialPropertiesSet: found ref property " + propertyName); return(true); } } } return(false); }
static internal void InsertPrincipal( Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes, bool needToSetPassword) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "Entering InsertPrincipal"); Debug.Assert(storeCtx != null); Debug.Assert(storeCtx is ADStoreCtx || storeCtx is SAMStoreCtx); Debug.Assert(p != null); if ((!(p is UserPrincipal)) && (!(p is GroupPrincipal)) && (!(p is AuthenticablePrincipal)) && (!(p is ComputerPrincipal))) { // It's not a type of Principal that we support GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SDSUtils", "InsertPrincipal: Bad principal type:" + p.GetType().ToString()); throw new InvalidOperationException( String.Format(CultureInfo.CurrentCulture, SR.StoreCtxUnsupportedPrincipalTypeForSave, p.GetType().ToString())); } // Commit the properties SDSUtils.ApplyChangesToDirectory( p, storeCtx, updateGroupMembership, credentials, authTypes ); // Handle any saved-off operations // For SAM, we set password elsewhere prior to creating the principal, so needToSetPassword == false // For AD, we have to set the password after creating the principal, so needToSetPassword == true if (needToSetPassword && p.GetChangeStatusForProperty(PropertyNames.PwdInfoPassword)) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "InsertPrincipal: Setting password"); // Only AuthenticablePrincipals can have PasswordInfo Debug.Assert(p is AuthenticablePrincipal); string password = (string)p.GetValueForProperty(PropertyNames.PwdInfoPassword); Debug.Assert(password != null); // if null, PasswordInfo should not have indicated it was changed storeCtx.SetPassword((AuthenticablePrincipal)p, password); } if (p.GetChangeStatusForProperty(PropertyNames.PwdInfoExpireImmediately)) { // Only AuthenticablePrincipals can have PasswordInfo Debug.Assert(p is AuthenticablePrincipal); bool expireImmediately = (bool)p.GetValueForProperty(PropertyNames.PwdInfoExpireImmediately); if (expireImmediately) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SDSUtils", "InsertPrincipal: Setting pwd expired"); storeCtx.ExpirePassword((AuthenticablePrincipal)p); } } }
private void BuildFilterSet(Principal p, string[] propertySet, QbeFilterDescription qbeFilterDescription) { foreach (string propertyName in propertySet) { if (p.GetChangeStatusForProperty(propertyName)) { // Property has changed. Add it to the filter set. object value = p.GetValueForProperty(propertyName); GlobalDebug.WriteLineIf( GlobalDebug.Info, "StoreCtx", "BuildFilterSet: type={0}, property name={1}, property value={2} of type {3}", p.GetType().ToString(), propertyName, value.ToString(), value.GetType().ToString()); // Build the right filter based on type of the property value if (value is PrincipalValueCollection <string> ) { PrincipalValueCollection <string> trackingList = (PrincipalValueCollection <string>)value; foreach (string s in trackingList.Inserted) { object filter = FilterFactory.CreateFilter(propertyName); ((FilterBase)filter).Value = (string)s; qbeFilterDescription.FiltersToApply.Add(filter); } } else if (value is X509Certificate2Collection) { // Since QBE filter objects are always unpersisted, any certs in the collection // must have been inserted by the application. X509Certificate2Collection certCollection = (X509Certificate2Collection)value; foreach (X509Certificate2 cert in certCollection) { object filter = FilterFactory.CreateFilter(propertyName); ((FilterBase)filter).Value = (X509Certificate2)cert; qbeFilterDescription.FiltersToApply.Add(filter); } } else { // It's not one of the multivalued cases. Try the scalar cases. object filter = FilterFactory.CreateFilter(propertyName); if (value == null) { ((FilterBase)filter).Value = null; } else if (value is bool) { ((FilterBase)filter).Value = (bool)value; } else if (value is string) { ((FilterBase)filter).Value = (string)value; } else if (value is GroupScope) { ((FilterBase)filter).Value = (GroupScope)value; } else if (value is byte[]) { ((FilterBase)filter).Value = (byte[])value; } else if (value is Nullable <DateTime> ) { ((FilterBase)filter).Value = (Nullable <DateTime>)value; } else if (value is ExtensionCache) { ((FilterBase)filter).Value = (ExtensionCache)value; } else if (value is QbeMatchType) { ((FilterBase)filter).Value = (QbeMatchType)value; } else { // Internal error. Didn't match either the known multivalued or scalar cases. Debug.Fail(String.Format( CultureInfo.CurrentCulture, "StoreCtx.BuildFilterSet: fell off end looking for {0} of type {1}", propertyName, value.GetType().ToString() )); } qbeFilterDescription.FiltersToApply.Add(filter); } } } }
private void BuildFilterSet(Principal p, string[] propertySet, QbeFilterDescription qbeFilterDescription) { string[] strArrays = propertySet; for (int i = 0; i < (int)strArrays.Length; i++) { string str = strArrays[i]; if (p.GetChangeStatusForProperty(str)) { object valueForProperty = p.GetValueForProperty(str); if (valueForProperty as PrincipalValueCollection <string> == null) { if (valueForProperty as X509Certificate2Collection == null) { object obj = FilterFactory.CreateFilter(str); if (valueForProperty != null) { if (!valueForProperty as bool) { if (valueForProperty as string == null) { if (valueForProperty as GroupScope == GroupScope.Local) { if (valueForProperty as byte[] == null) { if (valueForProperty as DateTime? == null) { if (valueForProperty as ExtensionCache == null) { if (valueForProperty as QbeMatchType != null) { ((FilterBase)obj).Value = (QbeMatchType)valueForProperty; } } else { ((FilterBase)obj).Value = (ExtensionCache)valueForProperty; } } else { ((FilterBase)obj).Value = (DateTime?)valueForProperty; } } else { ((FilterBase)obj).Value = (byte[])valueForProperty; } } else { ((FilterBase)obj).Value = (GroupScope)valueForProperty; } } else { ((FilterBase)obj).Value = (string)valueForProperty; } } else { ((FilterBase)obj).Value = (bool)valueForProperty; } } else { ((FilterBase)obj).Value = null; } qbeFilterDescription.FiltersToApply.Add(obj); } else { X509Certificate2Collection x509Certificate2Collection = (X509Certificate2Collection)valueForProperty; X509Certificate2Enumerator enumerator = x509Certificate2Collection.GetEnumerator(); while (enumerator.MoveNext()) { X509Certificate2 current = enumerator.Current; object obj1 = FilterFactory.CreateFilter(str); ((FilterBase)obj1).Value = current; qbeFilterDescription.FiltersToApply.Add(obj1); } } } else { PrincipalValueCollection <string> strs = (PrincipalValueCollection <string>)valueForProperty; foreach (string inserted in strs.Inserted) { object obj2 = FilterFactory.CreateFilter(str); ((FilterBase)obj2).Value = inserted; qbeFilterDescription.FiltersToApply.Add(obj2); } } } } }