private ResultSet FindByDate( FindByDateMatcher.DateProperty property, MatchType matchType, DateTime value, Type principalType ) { // We use the same SAMQuery set that we use for query-by-example, but with a different // SAMMatcher class to perform the date-range filter. // Get the entries we'll iterate over. Write access to Children is controlled through the // ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all // the child entries. So we have to clone the ctxBase --- not ideal, but it prevents // multithreading issues. DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children; Debug.Assert(entries != null); // The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned. List <string> schemaTypes = GetSchemaFilter(principalType); // Create the ResultSet that will perform the client-side filtering SAMQuerySet resultSet = new SAMQuerySet( schemaTypes, entries, _ctxBase, -1, // no size limit this, new FindByDateMatcher(property, matchType, value)); return(resultSet); }
// The core query operation. // Given a PrincipalSearcher containg a query filter, transforms it into the store schema // and performs the query to get a collection of matching native objects (up to a maximum of sizeLimit, // or uses the sizelimit already set on the DirectorySearcher if sizeLimit == -1). // If the PrincipalSearcher does not have a query filter (PrincipalSearcher.QueryFilter == null), // matches all principals in the store. // // The collection may not be complete, i.e., paging - the returned ResultSet will automatically // page in additional results as needed. internal override ResultSet Query(PrincipalSearcher ps, int sizeLimit) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "Query"); Debug.Assert(sizeLimit >= -1); // Build the description of the properties we'll filter by. In SAMStoreCtx, the "native" searcher // is simply the QbeFilterDescription, which will be passed to the SAMQuerySet to use to // manually filter out non-matching results. QbeFilterDescription propertiesToMatch = (QbeFilterDescription)PushFilterToNativeSearcher(ps); // Get the entries we'll iterate over. Write access to Children is controlled through the // ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all // the child entries. So we have to clone the ctxBase --- not ideal, but it prevents // multithreading issues. DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children; Debug.Assert(entries != null); // Determine the principal types of interest. The SAMQuerySet will use this to restrict // the types of DirectoryEntry objects returned. Type qbeFilterType = typeof(Principal); if (ps.QueryFilter != null) { qbeFilterType = ps.QueryFilter.GetType(); } List <string> schemaTypes = GetSchemaFilter(qbeFilterType); // Create the ResultSet that will perform the client-side filtering SAMQuerySet resultSet = new SAMQuerySet( schemaTypes, entries, _ctxBase, sizeLimit, this, new QbeMatcher(propertiesToMatch)); return(resultSet); }
internal override bool MoveNext() { bool flag; bool flag1 = false; if (this.sizeLimit != -1 && this.resultsReturned >= this.sizeLimit) { this.endReached = true; } if (!this.endReached) { do { flag = this.enumerator.MoveNext(); flag1 = false; if (!flag) { continue; } DirectoryEntry current = (DirectoryEntry)this.enumerator.Current; if (!this.IsOfCorrectType(current) || !this.matcher.Matches(current)) { flag1 = true; } else { this.current = current; SAMQuerySet sAMQuerySet = this; sAMQuerySet.resultsReturned = sAMQuerySet.resultsReturned + 1; } }while (flag1); return(flag); } else { return(false); } }
// Get groups of which p is a direct member internal override ResultSet GetGroupsMemberOf(Principal p) { // Enforced by the methods that call us Debug.Assert(p.unpersisted == false); if (!p.fakePrincipal) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: is real principal"); // No nested groups or computers as members of groups in SAM if (!(p is UserPrincipal)) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: not a user, returning empty set"); return(new EmptySet()); } Debug.Assert(p.UnderlyingObject != null); DirectoryEntry userDE = (DirectoryEntry)p.UnderlyingObject; UnsafeNativeMethods.IADsMembers iadsMembers = (UnsafeNativeMethods.IADsMembers)userDE.Invoke("Groups"); ResultSet resultSet = new SAMGroupsSet(iadsMembers, this, _ctxBase); return(resultSet); } else { // ADSI's IADsGroups doesn't work for fake principals like NT AUTHORITY\NETWORK SERVICE // We use the same SAMQuery set that we use for query-by-example, but with a different // SAMMatcher class to match groups which contain the specified principal as a member // Get the entries we'll iterate over. Write access to Children is controlled through the // ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all // the child entries. So we have to clone the ctxBase --- not ideal, but it prevents // multithreading issues. DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children; Debug.Assert(entries != null); // The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned. List <string> schemaTypes = GetSchemaFilter(typeof(GroupPrincipal)); SecurityIdentifier principalSid = p.Sid; byte[] SidB = new byte[principalSid.BinaryLength]; principalSid.GetBinaryForm(SidB, 0); if (principalSid == null) { GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SAMStoreCtx", "GetGroupsMemberOf: bad SID IC"); throw new InvalidOperationException(SR.StoreCtxNeedValueSecurityIdentityClaimToQuery); } // Create the ResultSet that will perform the client-side filtering SAMQuerySet resultSet = new SAMQuerySet( schemaTypes, entries, _ctxBase, -1, // no size limit this, new GroupMemberMatcher(SidB)); return(resultSet); } }
// Get groups of which p is a direct member internal override ResultSet GetGroupsMemberOf(Principal p) { // Enforced by the methods that call us Debug.Assert(p.unpersisted == false); if (!p.fakePrincipal) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: is real principal"); // No nested groups or computers as members of groups in SAM if (!(p is UserPrincipal)) { GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMStoreCtx", "GetGroupsMemberOf: not a user, returning empty set"); return new EmptySet(); } Debug.Assert(p.UnderlyingObject != null); DirectoryEntry userDE = (DirectoryEntry)p.UnderlyingObject; UnsafeNativeMethods.IADsMembers iadsMembers = (UnsafeNativeMethods.IADsMembers)userDE.Invoke("Groups"); ResultSet resultSet = new SAMGroupsSet(iadsMembers, this, _ctxBase); return resultSet; } else { // ADSI's IADsGroups doesn't work for fake principals like NT AUTHORITY\NETWORK SERVICE // We use the same SAMQuery set that we use for query-by-example, but with a different // SAMMatcher class to match groups which contain the specified principal as a member // Get the entries we'll iterate over. Write access to Children is controlled through the // ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all // the child entries. So we have to clone the ctxBase --- not ideal, but it prevents // multithreading issues. DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children; Debug.Assert(entries != null); // The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned. List<string> schemaTypes = GetSchemaFilter(typeof(GroupPrincipal)); SecurityIdentifier principalSid = p.Sid; byte[] SidB = new byte[principalSid.BinaryLength]; principalSid.GetBinaryForm(SidB, 0); if (principalSid == null) { GlobalDebug.WriteLineIf(GlobalDebug.Warn, "SAMStoreCtx", "GetGroupsMemberOf: bad SID IC"); throw new InvalidOperationException(StringResources.StoreCtxNeedValueSecurityIdentityClaimToQuery); } // Create the ResultSet that will perform the client-side filtering SAMQuerySet resultSet = new SAMQuerySet( schemaTypes, entries, _ctxBase, -1, // no size limit this, new GroupMemberMatcher(SidB)); return resultSet; } }
private ResultSet FindByDate( FindByDateMatcher.DateProperty property, MatchType matchType, DateTime value, Type principalType ) { // We use the same SAMQuery set that we use for query-by-example, but with a different // SAMMatcher class to perform the date-range filter. // Get the entries we'll iterate over. Write access to Children is controlled through the // ctxBaseLock, but we don't want to have to hold that lock while we're iterating over all // the child entries. So we have to clone the ctxBase --- not ideal, but it prevents // multithreading issues. DirectoryEntries entries = SDSUtils.BuildDirectoryEntry(_ctxBase.Path, _credentials, _authTypes).Children; Debug.Assert(entries != null); // The SAMQuerySet will use this to restrict the types of DirectoryEntry objects returned. List<string> schemaTypes = GetSchemaFilter(principalType); // Create the ResultSet that will perform the client-side filtering SAMQuerySet resultSet = new SAMQuerySet( schemaTypes, entries, _ctxBase, -1, // no size limit this, new FindByDateMatcher(property, matchType, value)); return resultSet; }
private ResultSet FindByDate(FindByDateMatcher.DateProperty property, MatchType matchType, DateTime value, Type principalType) { DirectoryEntries children = SDSUtils.BuildDirectoryEntry(this.ctxBase.Path, this.credentials, this.authTypes).Children; List<string> schemaFilter = this.GetSchemaFilter(principalType); SAMQuerySet sAMQuerySet = new SAMQuerySet(schemaFilter, children, this.ctxBase, -1, this, new FindByDateMatcher(property, matchType, value)); return sAMQuerySet; }
internal override ResultSet Query(PrincipalSearcher ps, int sizeLimit) { QbeFilterDescription nativeSearcher = (QbeFilterDescription)this.PushFilterToNativeSearcher(ps); DirectoryEntries children = SDSUtils.BuildDirectoryEntry(this.ctxBase.Path, this.credentials, this.authTypes).Children; Type type = typeof(Principal); if (ps.QueryFilter != null) { type = ps.QueryFilter.GetType(); } List<string> schemaFilter = this.GetSchemaFilter(type); SAMQuerySet sAMQuerySet = new SAMQuerySet(schemaFilter, children, this.ctxBase, sizeLimit, this, new QbeMatcher(nativeSearcher)); return sAMQuerySet; }
internal override ResultSet GetGroupsMemberOf(Principal p) { if (p.fakePrincipal) { DirectoryEntries children = SDSUtils.BuildDirectoryEntry(this.ctxBase.Path, this.credentials, this.authTypes).Children; List<string> schemaFilter = this.GetSchemaFilter(typeof(GroupPrincipal)); SecurityIdentifier sid = p.Sid; byte[] numArray = new byte[sid.BinaryLength]; sid.GetBinaryForm(numArray, 0); if (sid != null) { SAMQuerySet sAMQuerySet = new SAMQuerySet(schemaFilter, children, this.ctxBase, -1, this, new GroupMemberMatcher(numArray)); return sAMQuerySet; } else { throw new InvalidOperationException(StringResources.StoreCtxNeedValueSecurityIdentityClaimToQuery); } } else { if (p as UserPrincipal != null) { DirectoryEntry underlyingObject = (DirectoryEntry)p.UnderlyingObject; UnsafeNativeMethods.IADsMembers aDsMember = (UnsafeNativeMethods.IADsMembers)underlyingObject.Invoke("Groups", new object[0]); ResultSet sAMGroupsSet = new SAMGroupsSet(aDsMember, this, this.ctxBase); return sAMGroupsSet; } else { return new EmptySet(); } } }