private static bool MultiStringMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
bool flag;
string value = (string)filter.Value;
if (value != null)
{
if (de.Properties.Contains(winNTPropertyName) && de.Properties[winNTPropertyName].Count != 0)
{
IEnumerator enumerator = de.Properties[winNTPropertyName].GetEnumerator();
try
{
while (enumerator.MoveNext())
{
string current = (string)enumerator.Current;
if (current == null)
{
continue;
}
flag = QbeMatcher.WildcardStringMatch(filter, value, current);
return flag;
}
return false;
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
return flag;
}
}
else
{
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || ((string)de.Properties[winNTPropertyName].Value).Length == 0)
{
return true;
}
}
return false;
}
private static bool DateTimeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
DateTime value;
QbeMatchType qbeMatchType = (QbeMatchType)filter.Value;
if (qbeMatchType.Value != null)
{
if (de.Properties.Contains(winNTPropertyName) && de.Properties[winNTPropertyName].Value != null)
{
if (winNTPropertyName != "PasswordAge")
{
value = (DateTime)de.Properties[winNTPropertyName].Value;
}
else
{
PropertyValueCollection item = de.Properties["PasswordAge"];
if (item.Count == 0)
{
return false;
}
else
{
int num = (int)item[0];
value = DateTime.UtcNow - new TimeSpan(0, 0, num);
}
}
int num1 = DateTime.Compare(value, (DateTime)qbeMatchType.Value);
bool flag = true;
MatchType match = qbeMatchType.Match;
switch (match)
{
case MatchType.Equals:
{
flag = num1 == 0;
break;
}
case MatchType.NotEquals:
{
flag = num1 != 0;
break;
}
case MatchType.GreaterThan:
{
flag = num1 > 0;
break;
}
case MatchType.GreaterThanOrEquals:
{
flag = num1 >= 0;
break;
}
case MatchType.LessThan:
{
flag = num1 < 0;
break;
}
case MatchType.LessThanOrEquals:
{
flag = num1 <= 0;
break;
}
default:
{
flag = false;
break;
}
}
return flag;
}
}
else
{
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
{
return true;
}
}
return false;
}
private static bool GroupTypeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
GroupScope value = (GroupScope)filter.Value;
if (value != GroupScope.Local)
{
return false;
}
else
{
return true;
}
}
protected static string LastLogonConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(filter.Value is QbeMatchType);
QbeMatchType qmt = (QbeMatchType)filter.Value;
Debug.Assert(qmt.Value is DateTime);
Debug.Assert((suggestedAdProperty == "lastLogon") || (suggestedAdProperty == "lastLogonTimestamp"));
StringBuilder sb = new StringBuilder();
sb.Append("(|");
sb.Append(DateTimeFilterBuilder("lastLogon", (DateTime)qmt.Value, LdapConstants.defaultUtcTime, false, qmt.Match));
sb.Append(DateTimeFilterBuilder("lastLogonTimestamp", (DateTime)qmt.Value, LdapConstants.defaultUtcTime, true, qmt.Match));
sb.Append(")");
return (sb.ToString());
}
private static bool DateTimeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
QbeMatchType valueToMatch = (QbeMatchType)filter.Value;
if (null == valueToMatch.Value)
{
if ((de.Properties.Contains(winNTPropertyName) == false) ||
(de.Properties[winNTPropertyName].Count == 0) ||
(de.Properties[winNTPropertyName].Value == null))
{
return(true);
}
}
else
{
Debug.Assert(valueToMatch.Value is DateTime);
if (de.Properties.Contains(winNTPropertyName) && (de.Properties[winNTPropertyName].Value != null))
{
DateTime value;
if (winNTPropertyName == "PasswordAge")
{
PropertyValueCollection values = de.Properties["PasswordAge"];
if (values.Count != 0)
{
Debug.Assert(values.Count == 1);
Debug.Assert(values[0] is int);
int secondsLapsed = (int)values[0];
value = DateTime.UtcNow - new TimeSpan(0, 0, secondsLapsed);
}
else
{
// If we don't have a passwordAge then this item will never match.
return(false);
}
}
else
{
value = (DateTime)de.Properties[winNTPropertyName].Value;
}
int comparisonResult = DateTime.Compare(value, (DateTime)valueToMatch.Value);
bool result = valueToMatch.Match switch
{
MatchType.Equals => comparisonResult == 0,
MatchType.NotEquals => comparisonResult != 0,
MatchType.GreaterThan => comparisonResult > 0,
MatchType.GreaterThanOrEquals => comparisonResult >= 0,
MatchType.LessThan => comparisonResult < 0,
MatchType.LessThanOrEquals => comparisonResult <= 0,
_ => false,
};
return(result);
}
}
return(false);
}
private static bool MultiStringMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
string valueToMatch = (string)filter.Value;
if (valueToMatch == null)
{
if ((de.Properties.Contains(winNTPropertyName) == false) ||
(de.Properties[winNTPropertyName].Count == 0) ||
(((string)de.Properties[winNTPropertyName].Value).Length == 0))
return true;
}
else
{
if (de.Properties.Contains(winNTPropertyName) && (de.Properties[winNTPropertyName].Count != 0))
{
foreach (string value in de.Properties[winNTPropertyName])
{
if (value != null)
{
return WildcardStringMatch(filter, valueToMatch, value);
}
}
}
}
return false;
}
protected static string DefaultValutMatchingDateTimeConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(filter.Value is QbeMatchType);
QbeMatchType qmt = (QbeMatchType)filter.Value;
Debug.Assert(qmt.Value is DateTime);
return (DateTimeFilterBuilder(suggestedAdProperty, (DateTime)qmt.Value, LdapConstants.defaultUtcTime, false, qmt.Match));
}
protected static string BinaryConverter(FilterBase filter, string suggestedAdProperty)
{
return(filter.Value != null ?
$"({suggestedAdProperty}={ADUtils.EscapeBinaryValue((byte[])filter.Value)})" :
$"(!({suggestedAdProperty}=*)))");
}
private static bool DateTimeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
DateTime value;
QbeMatchType qbeMatchType = (QbeMatchType)filter.Value;
if (qbeMatchType.Value != null)
{
if (de.Properties.Contains(winNTPropertyName) && de.Properties[winNTPropertyName].Value != null)
{
if (winNTPropertyName != "PasswordAge")
{
value = (DateTime)de.Properties[winNTPropertyName].Value;
}
else
{
PropertyValueCollection item = de.Properties["PasswordAge"];
if (item.Count == 0)
{
return(false);
}
else
{
int num = (int)item[0];
value = DateTime.UtcNow - new TimeSpan(0, 0, num);
}
}
int num1 = DateTime.Compare(value, (DateTime)qbeMatchType.Value);
bool flag = true;
MatchType match = qbeMatchType.Match;
switch (match)
{
case MatchType.Equals:
{
flag = num1 == 0;
break;
}
case MatchType.NotEquals:
{
flag = num1 != 0;
break;
}
case MatchType.GreaterThan:
{
flag = num1 > 0;
break;
}
case MatchType.GreaterThanOrEquals:
{
flag = num1 >= 0;
break;
}
case MatchType.LessThan:
{
flag = num1 < 0;
break;
}
case MatchType.LessThanOrEquals:
{
flag = num1 <= 0;
break;
}
default:
{
flag = false;
break;
}
}
return(flag);
}
}
else
{
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
{
return(true);
}
}
return(false);
}
protected static string CommaStringConverter(FilterBase filter, string suggestedAdProperty)
{
return(filter.Value != null ?
$"({suggestedAdProperty}=*{ADUtils.PAPIQueryToLdapQueryString((string)filter.Value)}*)" :
$"(!({suggestedAdProperty}=*))");
}
protected static string UserAccountControlConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(string.Equals(suggestedAdProperty, "userAccountControl", StringComparison.OrdinalIgnoreCase));
string result = "";
// bitwise-AND
bool value = (bool)filter.Value;
switch (filter.PropertyName)
{
case AuthPrincEnabledFilter.PropertyNameStatic:
// UF_ACCOUNTDISABLE
// Note that the logic is inverted on this one. We expose "Enabled",
// but AD stores it as "Disabled".
result = value ?
"(!(userAccountControl:1.2.840.113556.1.4.803:=2))" :
"(userAccountControl:1.2.840.113556.1.4.803:=2)";
break;
case SmartcardLogonRequiredFilter.PropertyNameStatic:
// UF_SMARTCARD_REQUIRED
result = value ?
"(userAccountControl:1.2.840.113556.1.4.803:=262144)" :
"(!(userAccountControl:1.2.840.113556.1.4.803:=262144))";
break;
case DelegationPermittedFilter.PropertyNameStatic:
// UF_NOT_DELEGATED
// Note that the logic is inverted on this one. That's because we expose
// "delegation allowed", but AD represents it as the inverse, "delegation NOT allowed"
result = value ?
"(!(userAccountControl:1.2.840.113556.1.4.803:=1048576))" :
"(userAccountControl:1.2.840.113556.1.4.803:=1048576)";
break;
case PasswordNotRequiredFilter.PropertyNameStatic:
// UF_PASSWD_NOTREQD
result = value ?
"(userAccountControl:1.2.840.113556.1.4.803:=32)" :
"(!(userAccountControl:1.2.840.113556.1.4.803:=32))";
break;
case PasswordNeverExpiresFilter.PropertyNameStatic:
// UF_DONT_EXPIRE_PASSWD
result = value ?
"(userAccountControl:1.2.840.113556.1.4.803:=65536)" :
"(!(userAccountControl:1.2.840.113556.1.4.803:=65536))";
break;
case CannotChangePasswordFilter.PropertyNameStatic:
// UF_PASSWD_CANT_CHANGE
// This bit doesn't work correctly in AD (AD models the "user can't change password"
// setting as special ACEs in the ntSecurityDescriptor).
throw new InvalidOperationException(
SR.Format(
SR.StoreCtxUnsupportedPropertyForQuery,
PropertyNamesExternal.GetExternalForm(filter.PropertyName)));
case AllowReversiblePasswordEncryptionFilter.PropertyNameStatic:
// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
result = value ?
"(userAccountControl:1.2.840.113556.1.4.803:=128)" :
"(!(userAccountControl:1.2.840.113556.1.4.803:=128))";
break;
default:
Debug.Fail("ADStoreCtx.UserAccountControlConverter: fell off end looking for " + filter.PropertyName);
break;
}
return(result);
}
private static bool GroupTypeMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
Debug.Assert(winNTPropertyName == "groupType");
Debug.Assert(filter is GroupScopeFilter);
GroupScope valueToMatch = (GroupScope)filter.Value;
// All SAM local machine groups are local groups
if (valueToMatch == GroupScope.Local)
return true;
else
return false;
}
private static bool ExpirationDateMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
Debug.Assert(filter is ExpirationDateFilter);
Debug.Assert(winNTPropertyName == "AccountExpirationDate");
Nullable<DateTime> valueToCompare = (Nullable<DateTime>)filter.Value;
if (!valueToCompare.HasValue)
{
if ((de.Properties.Contains(winNTPropertyName) == false) ||
(de.Properties[winNTPropertyName].Count == 0) ||
(de.Properties[winNTPropertyName].Value == null))
return true;
}
else
{
if (de.Properties.Contains(winNTPropertyName) && (de.Properties[winNTPropertyName].Value != null))
{
DateTime value = (DateTime)de.Properties[winNTPropertyName].Value;
if (value.Equals(valueToCompare.Value))
return true;
}
}
return false;
}
private static bool BinaryMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
byte[] valueToMatch = (byte[])filter.Value;
if (valueToMatch == null)
{
if ((de.Properties.Contains(winNTPropertyName) == false) ||
(de.Properties[winNTPropertyName].Count == 0) ||
(de.Properties[winNTPropertyName].Value == null))
return true;
}
else
{
if (de.Properties.Contains(winNTPropertyName))
{
byte[] value = (byte[])de.Properties[winNTPropertyName].Value;
if ((value != null) && Utils.AreBytesEqual(value, valueToMatch))
return true;
}
}
return false;
}
private static bool SidMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
byte[] byteArray = Utils.StringToByteArray((string)filter.Value);
if (byteArray != null)
{
if (de.Properties["objectSid"].Count <= 0 || de.Properties["objectSid"].Value == null)
{
return false;
}
else
{
return Utils.AreBytesEqual(byteArray, (byte[])de.Properties["objectSid"].Value);
}
}
else
{
throw new InvalidOperationException(StringResources.StoreCtxSecurityIdentityClaimBadFormat);
}
}
private static bool IntMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
QbeMatchType value = (QbeMatchType)filter.Value;
bool flag = false;
if (value.Value != null)
{
if (de.Properties.Contains(winNTPropertyName))
{
int num = (int)de.Properties[winNTPropertyName].Value;
int value1 = (int)value.Value;
MatchType match = value.Match;
switch (match)
{
case MatchType.Equals:
{
flag = num == value1;
break;
}
case MatchType.NotEquals:
{
flag = num != value1;
break;
}
case MatchType.GreaterThan:
{
flag = num > value1;
break;
}
case MatchType.GreaterThanOrEquals:
{
flag = num >= value1;
break;
}
case MatchType.LessThan:
{
flag = num < value1;
break;
}
case MatchType.LessThanOrEquals:
{
flag = num <= value1;
break;
}
default:
{
flag = false;
break;
}
}
}
}
else
{
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
{
flag = true;
}
}
return(flag);
}
private static bool UserFlagsMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
bool value = (bool)filter.Value;
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0)
{
return false;
}
else
{
int num = (int)de.Properties[winNTPropertyName].Value;
string propertyName = filter.PropertyName;
string str = propertyName;
if (propertyName != null)
{
switch (str)
{
case "AuthenticablePrincipal.Enabled":
{
return (num & 2) != 0 ^ value;
}
case "AuthenticablePrincipal.AccountInfo.SmartcardLogonRequired":
{
return !((num & 0x40000) != 0 ^ value);
}
case "AuthenticablePrincipal.AccountInfo.DelegationPermitted":
{
return (num & 0x100000) != 0 ^ value;
}
case "AuthenticablePrincipal.PasswordInfo.PasswordNotRequired":
{
return !((num & 32) != 0 ^ value);
}
case "AuthenticablePrincipal.PasswordInfo.PasswordNeverExpires":
{
return !((num & 0x10000) != 0 ^ value);
}
case "AuthenticablePrincipal.PasswordInfo.UserCannotChangePassword":
{
return !((num & 64) != 0 ^ value);
}
case "AuthenticablePrincipal.PasswordInfo.AllowReversiblePasswordEncryption":
{
return !((num & 128) != 0 ^ value);
}
}
}
return false;
}
}
protected static string ExtensionCacheConverter(FilterBase filter, string suggestedAdProperty)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter ");
StringBuilder query = new StringBuilder();
if (filter.Value != null)
{
ExtensionCache ec = (ExtensionCache)filter.Value;
foreach (KeyValuePair<string, ExtensionCacheValue> kvp in ec.properties)
{
Type type = kvp.Value.Type == null ? kvp.Value.Value.GetType() : kvp.Value.Type;
GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter filter type " + type.ToString());
GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter match type " + kvp.Value.MatchType.ToString());
if (kvp.Value.Value is ICollection)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter encountered collection.");
ICollection collection = (ICollection)kvp.Value.Value;
foreach (object o in collection)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter collection filter type " + o.GetType().ToString());
query.Append(ExtensionTypeConverter(kvp.Key, o.GetType(), o, kvp.Value.MatchType));
}
}
else
{
query.Append(ExtensionTypeConverter(kvp.Key, type, kvp.Value.Value, kvp.Value.MatchType));
}
}
}
GlobalDebug.WriteLineIf(GlobalDebug.Info, "ADStoreCtx", "ExtensionCacheConverter complete built filter " + query.ToString());
return query.ToString();
}
protected static string GuidConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(String.Compare(suggestedAdProperty, "objectGuid", StringComparison.OrdinalIgnoreCase) == 0);
Debug.Assert(filter is GuidFilter);
Nullable<Guid> guid = (Nullable<Guid>)filter.Value;
StringBuilder sb = new StringBuilder();
if (guid == null)
{
// Spoke with ColinBr. Both values are used to represent "no expiration date set".
// sb.Append("(|(accountExpires=9223372036854775807)(accountExpires=0))");
}
else
{
sb.Append("(objectGuid=");
// Transform from hex string ("1AFF") to LDAP hex string ("\1A\FF")
string ldapHexGuid = ADUtils.HexStringToLdapHexString(guid.ToString());
if (ldapHexGuid == null)
throw new InvalidOperationException(StringResources.StoreCtxGuidIdentityClaimBadFormat);
sb.Append(ldapHexGuid);
sb.Append(")");
}
return sb.ToString();
}
protected static string AcctDisabledConverter(FilterBase filter, string suggestedAdProperty)
{
// Principal property is AccountEnabled where TRUE = enabled FALSE = disabled. In ADAM
// this is stored as accountDisabled where TRUE = disabled and FALSE = enabled so here we need to revese the value.
StringBuilder sb = new StringBuilder();
if (filter.Value != null)
{
sb.Append("(");
sb.Append(suggestedAdProperty);
sb.Append("=");
sb.Append(!(bool)filter.Value ? "TRUE" : "FALSE");
sb.Append(")");
}
else
{
sb.Append("(!(");
sb.Append(suggestedAdProperty);
sb.Append("=*))");
}
return sb.ToString();
}
protected static string MatchingDateTimeConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(filter.Value is QbeMatchType);
QbeMatchType qmt = (QbeMatchType)filter.Value;
Debug.Assert(qmt.Value is DateTime);
return (ExtensionTypeConverter(suggestedAdProperty, qmt.Value.GetType(), qmt.Value, qmt.Match));
}
// Use this function when searching for an attribute where the absence of the attribute = a default setting.
// i.e. ms-DS-UserPasswordNotRequired in ADAM where non existence equals false.
protected static string DefaultValueBoolConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(NonPresentAttrDefaultStateMapping != null);
Debug.Assert(NonPresentAttrDefaultStateMapping.ContainsKey(suggestedAdProperty));
StringBuilder sb = new StringBuilder();
if (filter.Value != null)
{
bool defaultState = NonPresentAttrDefaultStateMapping[suggestedAdProperty];
if (defaultState == (bool)filter.Value)
{
sb.Append("(|(!(");
sb.Append(suggestedAdProperty);
sb.Append("=*)(");
sb.Append(suggestedAdProperty);
sb.Append("=");
sb.Append((bool)filter.Value ? "TRUE" : "FALSE");
sb.Append(")))");
}
else
{
sb.Append("(");
sb.Append(suggestedAdProperty);
sb.Append("=");
sb.Append((bool)filter.Value ? "TRUE" : "FALSE");
sb.Append(")");
}
}
else
{
sb.Append("(!(");
sb.Append(suggestedAdProperty);
sb.Append("=*))");
}
return sb.ToString();
}
protected static string GroupTypeConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(String.Compare(suggestedAdProperty, "groupType", StringComparison.OrdinalIgnoreCase) == 0);
Debug.Assert(filter is GroupIsSecurityGroupFilter || filter is GroupScopeFilter);
// 1.2.840.113556.1.4.803 is like a bit-wise AND operator
switch (filter.PropertyName)
{
case GroupIsSecurityGroupFilter.PropertyNameStatic:
bool value = (bool)filter.Value;
// GROUP_TYPE_SECURITY_ENABLED
// If group is enabled, it IS security-enabled
if (value)
return "(groupType:1.2.840.113556.1.4.803:=2147483648)";
else
return "(!(groupType:1.2.840.113556.1.4.803:=2147483648))";
case GroupScopeFilter.PropertyNameStatic:
GroupScope value2 = (GroupScope)filter.Value;
switch (value2)
{
case GroupScope.Local:
// GROUP_TYPE_RESOURCE_GROUP, a.k.a. ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP
return "(groupType:1.2.840.113556.1.4.803:=4)";
case GroupScope.Global:
// GROUP_TYPE_ACCOUNT_GROUP, a.k.a. ADS_GROUP_TYPE_GLOBAL_GROUP
return "(groupType:1.2.840.113556.1.4.803:=2)";
default:
// GROUP_TYPE_UNIVERSAL_GROUP, a.k.a. ADS_GROUP_TYPE_UNIVERSAL_GROUP
Debug.Assert(value2 == GroupScope.Universal);
return "(groupType:1.2.840.113556.1.4.803:=8)";
}
default:
Debug.Fail("ADStoreCtx.GroupTypeConverter: fell off end looking for " + filter.PropertyName);
return "";
}
}
/*** If standard bool conversion is needed uncomment this function
protected static string BoolConverter(FilterBase filter, string suggestedAdProperty)
{
StringBuilder sb = new StringBuilder();
if (filter.Value != null)
{
sb.Append("(");
sb.Append(suggestedAdProperty);
sb.Append("=");
sb.Append( (bool)filter.Value ? "TRUE" : "FALSE" );
sb.Append(")");
}
else
{
sb.Append("(!(");
sb.Append(suggestedAdProperty);
sb.Append("=*))");
}
return sb.ToString();
}
*****/
protected static string CommaStringConverter(FilterBase filter, string suggestedAdProperty)
{
StringBuilder sb = new StringBuilder();
if (filter.Value != null)
{
sb.Append("(");
sb.Append(suggestedAdProperty);
sb.Append("=*");
sb.Append(ADUtils.PAPIQueryToLdapQueryString((string)filter.Value));
sb.Append("*");
sb.Append(")");
}
else
{
sb.Append("(!(");
sb.Append(suggestedAdProperty);
sb.Append("=*))");
}
return sb.ToString();
}
private static bool BinaryMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
byte[] value = (byte[])filter.Value;
if (value != null)
{
if (de.Properties.Contains(winNTPropertyName))
{
byte[] numArray = (byte[])de.Properties[winNTPropertyName].Value;
if (numArray != null && Utils.AreBytesEqual(numArray, value))
{
return true;
}
}
}
else
{
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
{
return true;
}
}
return false;
}
protected static string IdentityClaimConverter(FilterBase filter, string suggestedAdProperty)
{
IdentityClaim ic = (IdentityClaim)filter.Value;
if (ic.UrnScheme == null)
throw new ArgumentException(StringResources.StoreCtxIdentityClaimMustHaveScheme);
string urnValue = ic.UrnValue;
if (urnValue == null)
urnValue = "";
string filterString = null;
IdentityClaimToFilter(urnValue, ic.UrnScheme, ref filterString, true);
return filterString;
}
private static bool ExpirationDateMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
DateTime? value = (DateTime?)filter.Value;
if (value.HasValue)
{
if (de.Properties.Contains(winNTPropertyName) && de.Properties[winNTPropertyName].Value != null)
{
DateTime dateTime = (DateTime)de.Properties[winNTPropertyName].Value;
if (dateTime.Equals(value.Value))
{
return true;
}
}
}
else
{
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
{
return true;
}
}
return false;
}
protected static string CertificateConverter(FilterBase filter, string suggestedAdProperty)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate =
(System.Security.Cryptography.X509Certificates.X509Certificate2)filter.Value;
byte[] rawCertificate = certificate.RawData;
StringBuilder sb = new StringBuilder();
sb.Append("(userCertificate=");
sb.Append(ADUtils.EscapeBinaryValue(rawCertificate));
sb.Append(")");
return sb.ToString();
}
private static bool IntMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
QbeMatchType value = (QbeMatchType)filter.Value;
bool flag = false;
if (value.Value != null)
{
if (de.Properties.Contains(winNTPropertyName))
{
int num = (int)de.Properties[winNTPropertyName].Value;
int value1 = (int)value.Value;
MatchType match = value.Match;
switch (match)
{
case MatchType.Equals:
{
flag = num == value1;
break;
}
case MatchType.NotEquals:
{
flag = num != value1;
break;
}
case MatchType.GreaterThan:
{
flag = num > value1;
break;
}
case MatchType.GreaterThanOrEquals:
{
flag = num >= value1;
break;
}
case MatchType.LessThan:
{
flag = num < value1;
break;
}
case MatchType.LessThanOrEquals:
{
flag = num <= value1;
break;
}
default:
{
flag = false;
break;
}
}
}
}
else
{
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || de.Properties[winNTPropertyName].Value == null)
{
flag = true;
}
}
return flag;
}
protected static string UserAccountControlConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(String.Compare(suggestedAdProperty, "userAccountControl", StringComparison.OrdinalIgnoreCase) == 0);
StringBuilder sb = new StringBuilder();
// bitwise-AND
bool value = (bool)filter.Value;
switch (filter.PropertyName)
{
case AuthPrincEnabledFilter.PropertyNameStatic:
// UF_ACCOUNTDISABLE
// Note that the logic is inverted on this one. We expose "Enabled",
// but AD stores it as "Disabled".
if (value)
sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=2))");
else
sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=2)");
break;
case SmartcardLogonRequiredFilter.PropertyNameStatic:
// UF_SMARTCARD_REQUIRED
if (value)
sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=262144)");
else
sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=262144))");
break;
case DelegationPermittedFilter.PropertyNameStatic:
// UF_NOT_DELEGATED
// Note that the logic is inverted on this one. That's because we expose
// "delegation allowed", but AD represents it as the inverse, "delegation NOT allowed"
if (value)
sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=1048576))");
else
sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=1048576)");
break;
case PasswordNotRequiredFilter.PropertyNameStatic:
// UF_PASSWD_NOTREQD
if (value)
sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=32)");
else
sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=32))");
break;
case PasswordNeverExpiresFilter.PropertyNameStatic:
// UF_DONT_EXPIRE_PASSWD
if (value)
sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=65536)");
else
sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=65536))");
break;
case CannotChangePasswordFilter.PropertyNameStatic:
// UF_PASSWD_CANT_CHANGE
// This bit doesn't work correctly in AD (AD models the "user can't change password"
// setting as special ACEs in the ntSecurityDescriptor).
throw new InvalidOperationException(
String.Format(
CultureInfo.CurrentCulture,
StringResources.StoreCtxUnsupportedPropertyForQuery,
PropertyNamesExternal.GetExternalForm(filter.PropertyName)));
case AllowReversiblePasswordEncryptionFilter.PropertyNameStatic:
// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
if (value)
sb.Append("(userAccountControl:1.2.840.113556.1.4.803:=128)");
else
sb.Append("(!(userAccountControl:1.2.840.113556.1.4.803:=128))");
break;
default:
Debug.Fail("ADStoreCtx.UserAccountControlConverter: fell off end looking for " + filter.PropertyName);
break;
}
return sb.ToString();
}
private static bool SamAccountNameMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
string str;
string value = (string)filter.Value;
int num = value.IndexOf('\\');
if (num != value.Length - 1)
{
if (num != -1)
{
str = value.Substring(num + 1);
}
else
{
str = value;
}
string str1 = str;
if (de.Properties["Name"].Count <= 0 || de.Properties["Name"].Value == null)
{
return false;
}
else
{
return QbeMatcher.WildcardStringMatch(filter, str1, (string)de.Properties["Name"].Value);
}
}
else
{
throw new InvalidOperationException(StringResources.StoreCtxNT4IdentityClaimWrongForm);
}
}
protected static string BinaryConverter(FilterBase filter, string suggestedAdProperty)
{
StringBuilder sb = new StringBuilder();
if (filter.Value != null)
{
sb.Append("(");
sb.Append(suggestedAdProperty);
sb.Append("=");
sb.Append(ADUtils.EscapeBinaryValue((byte[])filter.Value));
}
else
{
sb.Append("(!(");
sb.Append(suggestedAdProperty);
sb.Append("=*))");
}
sb.Append(")");
return sb.ToString();
}
private static bool StringMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
string value = (string)filter.Value;
if (value != null)
{
if (de.Properties.Contains(winNTPropertyName))
{
string str = (string)de.Properties[winNTPropertyName].Value;
if (str != null)
{
return QbeMatcher.WildcardStringMatch(filter, value, str);
}
}
}
else
{
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0 || ((string)de.Properties[winNTPropertyName].Value).Length == 0)
{
return true;
}
}
return false;
}
protected static string ExpirationDateConverter(FilterBase filter, string suggestedAdProperty)
{
Debug.Assert(String.Compare(suggestedAdProperty, "accountExpires", StringComparison.OrdinalIgnoreCase) == 0);
Debug.Assert(filter is ExpirationDateFilter);
Nullable<DateTime> date = (Nullable<DateTime>)filter.Value;
StringBuilder sb = new StringBuilder();
if (!date.HasValue)
{
// Spoke with ColinBr. Both values are used to represent "no expiration date set".
sb.Append("(|(accountExpires=9223372036854775807)(accountExpires=0))");
}
else
{
sb.Append("(accountExpires=");
sb.Append(ADUtils.DateTimeToADString(date.Value));
sb.Append(")");
}
return sb.ToString();
}
private static bool WildcardStringMatch(FilterBase filter, string wildcardFilter, string property)
{
Regex extra = filter.Extra as Regex;
if (extra == null)
{
extra = new Regex(SAMUtils.PAPIQueryToRegexString(wildcardFilter), RegexOptions.Singleline);
filter.Extra = extra;
}
Match match = extra.Match(property);
return match.Success;
}
private static bool UserFlagsMatcher(FilterBase filter, string winNTPropertyName, DirectoryEntry de)
{
Debug.Assert(winNTPropertyName == "UserFlags");
bool valueToMatch = (bool)filter.Value;
// If it doesn't contain the property, it certainly can't match the user's value
if (!de.Properties.Contains(winNTPropertyName) || de.Properties[winNTPropertyName].Count == 0)
return false;
int value = (int)de.Properties[winNTPropertyName].Value;
switch (filter.PropertyName)
{
// We want to return true iff both value and valueToMatch are true, or both are false
// (i.e., NOT XOR)
case AuthPrincEnabledFilter.PropertyNameStatic:
// UF_ACCOUNTDISABLE
// Note that the logic is inverted on this one. We expose "Enabled",
// but SAM stores it as "Disabled".
return (((value & 0x0002) != 0) ^ valueToMatch);
case SmartcardLogonRequiredFilter.PropertyNameStatic:
// UF_SMARTCARD_REQUIRED
return !(((value & 0x40000) != 0) ^ valueToMatch);
case DelegationPermittedFilter.PropertyNameStatic:
// UF_NOT_DELEGATED
// Note that the logic is inverted on this one. That's because we expose
// "delegation allowed", but AD represents it as the inverse, "delegation NOT allowed"
return (((value & 0x100000) != 0) ^ valueToMatch);
case PasswordNotRequiredFilter.PropertyNameStatic:
// UF_PASSWD_NOTREQD
return !(((value & 0x0020) != 0) ^ valueToMatch);
case PasswordNeverExpiresFilter.PropertyNameStatic:
// UF_DONT_EXPIRE_PASSWD
return !(((value & 0x10000) != 0) ^ valueToMatch);
case CannotChangePasswordFilter.PropertyNameStatic:
// UF_PASSWD_CANT_CHANGE
return !(((value & 0x0040) != 0) ^ valueToMatch);
case AllowReversiblePasswordEncryptionFilter.PropertyNameStatic:
// UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED
return !(((value & 0x0080) != 0) ^ valueToMatch);
default:
Debug.Fail("SAMQuerySet.UserFlagsMatcher: fell off end looking for " + filter.PropertyName);
return false;
}
}