예제 #1
0
        /// <summary>
        /// NOTE: call for TFS 2010 only.
        /// Adds a user to a TFS security group
        /// </summary>
        /// <param name="teamProjName">The name of the team project</param>
        /// <param name="searchableGroupName">The name of the group in [TeamProject]\GroupName format</param>
        /// <param name="userName">The name of the user to add</param>
        /// <returns>True, if successful</returns>
        private bool AddMemberToGroup_TFS10(string teamProjName, string searchableGroupName, string userName)
        {
            try
            {
                Identity userIdentity =
                    groupSecuritySvc.ReadIdentityFromSource(SearchFactor.AccountName, userName);
                Identity groupIdentity =
                    groupSecuritySvc.ReadIdentity(SearchFactor.AccountName, searchableGroupName, QueryMembership.Direct);

                if (groupSecuritySvc.IsMember(groupIdentity.Sid, userIdentity.Sid))
                {
                    FileHelper.Log("User {0} already part of group {1}", userName, searchableGroupName);
                }
                else
                {
                    groupSecuritySvc.AddMemberToApplicationGroup(groupIdentity.Sid, userIdentity.Sid);
                    FileHelper.Log("User {0} added to group {1}", userName, searchableGroupName);
                }
            }
            catch (Exception ex)
            {
                FileHelper.Log(ex.Message);
                FileHelper.Log(ex.StackTrace);
                return(false);
            }
            return(true);
        }
예제 #2
0
        internal virtual void CheckBypassRulePermission()
        {
            // Verify whether the user is in the service account group. Throw an exception if it is not.
            IGroupSecurityService gss       = (IGroupSecurityService)m_srv.GetService(typeof(IGroupSecurityService));
            Identity serviceAccountIdentity = gss.ReadIdentity(SearchFactor.ServiceApplicationGroup, null, QueryMembership.None);

            if (!gss.IsMember(serviceAccountIdentity.Sid, m_srv.AuthenticatedUserIdentity.Sid))
            {
                throw new PermissionException(
                          string.Format(TfsWITAdapterResources.UserNotInServiceAccountGroup, m_srv.AuthenticatedUserIdentity.Domain + "\\" + m_srv.AuthenticatedUserIdentity.AccountName, m_srv.Uri.ToString()),
                          m_srv.AuthenticatedUserIdentity.AccountName, m_srv.AuthenticatedUserIdentity.Domain,
                          serviceAccountIdentity.DisplayName);
            }
        }
예제 #3
0
        internal static void CheckBypassRulePermission(TfsTeamProjectCollection tfs)
        {
            // Verify whether the user is in the service account group. Throw an exception if it is not.
            IGroupSecurityService gss       = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService));
            Identity serviceAccountIdentity = gss.ReadIdentity(SearchFactor.ServiceApplicationGroup, null, QueryMembership.None);

            TeamFoundationIdentity authenticatedUser;

            tfs.GetAuthenticatedIdentity(out authenticatedUser);
            if (null == authenticatedUser)
            {
                return;
            }

            Identity authenticatedUserId = gss.Convert(authenticatedUser);

            if (!gss.IsMember(serviceAccountIdentity.Sid, authenticatedUserId.Sid))
            {
                throw new PermissionException(
                          string.Format(TfsWITAdapterResources.UserNotInServiceAccountGroup, authenticatedUser.DisplayName, tfs.Uri.ToString()),
                          authenticatedUserId.AccountName, authenticatedUserId.Domain, serviceAccountIdentity.DisplayName);
            }
            TraceManager.TraceInformation("BypassRulePermission verified for user '{0}'", authenticatedUser.DisplayName);
        }
예제 #4
0
        /// <summary>
        /// Check if the the current user is part of Service Accounts
        /// </summary>
        /// <param name="bisUri">Application Tier URI</param>
        /// throws ConverterException if the user is not part of 'Service Accounts' security group
        internal static void IsCurrentUserInServiceAccount(string bisUri)
        {
            try
            {
                // initialize gss
                TeamFoundationServer  tfs = TeamFoundationServerFactory.GetServer(bisUri);
                IGroupSecurityService gss = (IGroupSecurityService)tfs.GetService(typeof(IGroupSecurityService));

                // Get the Service Account group identity
                Identity serviceGroup = gss.ReadIdentity(SearchFactor.ServiceApplicationGroup, string.Empty, QueryMembership.None);
                Debug.Assert(serviceGroup != null, "serviceGroup != null");

                // check if this is Windows AD user or workgroup user
                int    res       = 0;
                IntPtr ptrDomain = IntPtr.Zero;
                bool   isDomain  = true;
                int    status    = 0;
                try
                {
                    res = NetGetJoinInformation(null, out ptrDomain, out status);
                    if (0 == res && 2 == status)    // workgroup name
                    {
                        isDomain = false;
                    }
                }
                finally
                {
                    if (IntPtr.Zero != ptrDomain)
                    {
                        NetApiBufferFree(ptrDomain);
                    }
                }

                string currentUser = String.Empty;
                if (!isDomain)
                {
                    // workgroup user..
                    currentUser = Environment.UserName;
                }
                else
                {
                    // windows AD user
                    currentUser = String.Concat(Environment.UserDomainName, Path.DirectorySeparatorChar, Environment.UserName);
                }

                Identity user = gss.ReadIdentity(SearchFactor.AccountName, currentUser, QueryMembership.None);
                if (user == null || gss.IsMember(serviceGroup.Sid, user.Sid) == false)
                {
                    // not part of service accounts group
                    string errMsg = UtilityMethods.Format(
                        VSTSResource.VstsUserNotInServiceAccounts, currentUser);
                    throw new ConverterException(errMsg);
                }
            }
            catch (Exception e)
            {
                if (e is ConverterException)
                {
                    throw;
                }

                throw new ConverterException(e.Message, e);
            }
        }