/// <summary> /// AuthorizationCheck /// This method is used to check if the user is authorized to access the objects's /// attribute. Accessing of object's specific attributes is dependent on the accessRights /// and ctrlAccessRights bit /// </summary> /// <param name="accessRights">specifies the access rights granted on the user for /// the object's specific attribute</param> /// <param name="ctrlAccessRights">specifies the control access rights on the user /// for the object's specific attribute</param> /// <param name="attribCheck">specifies the attribute of the object.Depending /// upon the access control bits set, we will observe if the object is accessible</param> /// <param name="fUserPwdSupport">specifies the whether the password Change operation is supported or not</param> /// <returns>errorstatus</returns> public errorstatus AuthorizationCheck(AccessRights accessRights, ControlAccessRights ctrlAccessRights, AttribsToCheck attribCheck, bool fUserPwdSupport) { #region valid Credentials return(AuthorizationRequirements(accessRights, ctrlAccessRights, attribCheck, fUserPwdSupport)); #endregion }
/// <summary> /// This method validates the requirements AD Authorization /// </summary> /// <param name="accessRights">specifies the ActiveDirectoryRight</param> /// <param name="ctrlAccessRights">specifies the Control access right</param> /// <param name="attribCheck">specifies attribute to validate</param> /// <param name="fUserPwdSupport">specifies the whether the password Change operation is supported or not</param> /// <returns>returns the status</returns> private errorstatus AuthorizationRequirements(AccessRights accessRights, ControlAccessRights ctrlAccessRights, AttribsToCheck attribCheck, bool fUserPwdSupport) { #region nTSecurityDescriptoRequirementsValidation //Checking nTSecurityDescriptor if (attribCheck == AttribsToCheck.nTSecurityDescriptor) { //return the status of the Validation. return(adtsRequirementsValidation.ValidatenTSecurityDescriptor(accessRights, attribCheck)); } #endregion #region msDS_QuotaEffective if (attribCheck == AttribsToCheck.msDS_QuotaEffective) { //return the status of the Validation. return(adtsRequirementsValidation.ValidatemsDS_QuotaEffectiveAttribute(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region msDS_QuotaUsed if (attribCheck == AttribsToCheck.msDS_QuotaUsed) { //return the status of the Validation. return(adtsRequirementsValidation.ValidatemsDS_QuotaUsedAttribute(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region passwordChange attribute if (attribCheck == AttribsToCheck.userPassword) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateUserPasswordAttribute(attribCheck, accessRights, ctrlAccessRights, fUserPwdSupport)); } if (attribCheck == AttribsToCheck.nTSecurityDescriptor) { return(adtsRequirementsValidation.ValidatenTSecurityDescriptor(accessRights, attribCheck)); } #endregion #region NtdsQuotaRequirements if (ctrlAccessRights == ControlAccessRights.DS_Query_Self_Quota) { //return the status of the Validation. return(adtsRequirementsValidation.ValidatemsDS_QuotaUsedAttribute(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region MsDS_ReplAttributeMetaDataAttributeRequirementsValidation //Checking msDS_ReplAttributeMetaData if (attribCheck == AttribsToCheck.msDS_ReplAttributeMetaData) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateMsDS_ReplAttributeMetaData(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region msDS-ReplValueMetaDataRequirementsValidation //Checking msDS_ReplValueMetaData if (attribCheck == AttribsToCheck.msDS_ReplValueMetaData) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateMsDS_ReplValueMetaData(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region msDS_NCReplInboundNeighborsAttributeRequirementsValidation //Checking msDS_ReplAttributeMetaData if (attribCheck == AttribsToCheck.msDS_NCReplInboundNeighbors) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateMsDS_NCReplInboundNeighborsAttribute(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region ValidateMsDS_NCReplOutboundNeighborsAttributeAttributeRequirementsValidation //Checking msDS_ReplAttributeMetaData if (attribCheck == AttribsToCheck.msDS_NCReplOutboundNeighbors) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateMsDS_NCReplOutboundNeighborsAttribute(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region msDS_NCReplCursorsAttributeRequirementsValidation //Checking msDS_ReplAttributeMetaData if (attribCheck == AttribsToCheck.msDS_NCReplCursors) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateMsDS_NCReplCursor(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region servicePrincipleNameAttributeRequirementsValidation //Checking msDS_ReplAttributeMetaData if (attribCheck == AttribsToCheck.servicePrincipleName) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateServicePrincipalName(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region dnsHostNameAttributeRequirementsValidation //Checking msDS_ReplAttributeMetaData if (attribCheck == AttribsToCheck.dnsHostName) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateDNSHostname(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region writeDACLOperationeAttributeRequirementsValidation //Checking msDS_ReplAttributeMetaData if (attribCheck == AttribsToCheck.writeDACLOperation) { //return the status of the Validation. return(adtsRequirementsValidation.ValidatewriteDACLOperation(accessRights, ctrlAccessRights, attribCheck)); } #endregion #region MoveOperationValidation if (attribCheck == AttribsToCheck.moveOperation) { //return the status of the Validation. return(adtsRequirementsValidation.ValidateMoveOperation(accessRights, ctrlAccessRights, attribCheck)); } #endregion return(errorstatus.failure); }