Exemplo n.º 1
0
        //Function to create domain level dirContext object
        public static DirectoryContext CreateDirectoryContext(
                                        string DomainControllerName,
                                        string rootDN,
                                        string UserName,
                                        string Password,
                                        int portNumber,
                                        bool usingSimpleBind,
                                        out string errorMessage)
        {
            int ret = -1;

            errorMessage = null;

            string sDomainControllerIP = null;
            IPHostEntry domainControllerEntry=null;

            try
            {
                if (DomainControllerName != null)
                {
                    domainControllerEntry = Dns.GetHostEntry(DomainControllerName);
                }
                else
                {
                    return null;
                }
            }
            catch(Exception ex)
            {
                errorMessage =
                    String.Format(
                    "The specified domain either does not exist or DNS could not resolve the address of the domain controller : {0}",
                    DomainControllerName);
                Logger.Log("DirectoryContext.CreateDirectoryContext():" + ex.Message);
                Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                //Logger.ShowUserError(errorMessage);
                return null;
            }

            if (domainControllerEntry != null && domainControllerEntry.AddressList.Length > 0)
            {
                sDomainControllerIP = domainControllerEntry.AddressList[0].ToString();
            }
            else
            {
                errorMessage =
                    String.Format(
                    "DirectoryContext.CreateDirectoryContext(): Could not resolve address of domain controller : {0}",
                    DomainControllerName);
                //Logger.ShowUserError("DirectoryContext.CreateDirectoryContext(): Could not resolve address of domain controller: {0}");
                Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                errorMessage = "";
                return null;
            }

            IntPtr ld = LdapAPI.ldap_open(sDomainControllerIP, portNumber);
            if (ld == IntPtr.Zero)
            {
                errorMessage =
                    "The specified domain either does not exist or could not be contacted.  " +
                    "Please contact your system administrator to verify that your domain is " +
                    "properly configured and is currently online.";
                Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                errorMessage = "";
                //Logger.ShowUserError(errorMessage);
                return null;
            }

            //LdapTimeVal timeout = new LdapTimeVal(1, 0);
            ////IntPtr ptrTimeout = IntPtr.Zero;
            ////ptrTimeout = Marshal.AllocHGlobal(Marshal.SizeOf(timeout));
            ////Marshal.WriteInt32(ptrTimeout, timeout.);
            //ret = LdapAPI.ldap_connect(ld, timeout.ConvertToUM());
            //if (BailOnLdapError("LdapAPI.ldap_connect :", ret, out errorMessage))
            //{
            //    Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
            //    errorMessage = "";
            //    return null;
            //}

            LdapHandle ldapHandle = new LdapHandle(ld);

            string distinguishedName = string.Format("cn={0},cn=Users,{1}", UserName, rootDN);
            if (!String.IsNullOrEmpty(UserName) && !UserName.Equals("administrator", StringComparison.InvariantCultureIgnoreCase))
                distinguishedName = UserName;

            int version = LDAP_VERSION3;
            IntPtr ptrVersion = IntPtr.Zero;
            ptrVersion = Marshal.AllocHGlobal(Marshal.SizeOf(version));
            Marshal.WriteInt32(ptrVersion, version);
            ret = LdapAPI.ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, ptrVersion);
            if(BailOnLdapError("ldap_set_option OPT_PROTOCOL_VERSION :", ret, out errorMessage))
            {
                Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                errorMessage = "";
                return null;
            }

            ret = LdapAPI.ldap_set_option(ld, LDAP_OPT_REFERRALS, IntPtr.Zero);
            if(BailOnLdapError("ldap_set_option LDAP_OPT_REFERRALS :", ret, out errorMessage))
            {
                Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                errorMessage = "";
                return null;
            }

            if (!String.IsNullOrEmpty(Password))
            {
                usingSimpleBind = Configurations.SSOFailed = true;
            }

            if (usingSimpleBind)
            {
                if (Configurations.currentPlatform == LikewiseTargetPlatform.Windows)
                {
                    ret = LdapAPI.ldap_bind_s(ld, distinguishedName, Password, (ulong)LDAP_AUTHWindows.LDAP_AUTH_SIMPLE);
                }
                else
                {
                    ret = LdapAPI.ldap_bind_s(ld, distinguishedName, Password, (ulong)LDAP_AUTHLinux.LDAP_AUTH_SIMPLE);
                }
                if (BailOnLdapError("", ret, out errorMessage))
                {
                    Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                    return null;
                }
            }
            else  /***GSS-bind***/
            {
                if (Configurations.currentPlatform != LikewiseTargetPlatform.Windows)
                {
                    //set GSS-Remote Principal Name

                    //char ber_pvt_opt_on;    /* used to get a non-NULL address for *_OPT_ON */
                    ///* option on/off values */
                    //#define LDAP_OPT_ON           ((void *) &ber_pvt_opt_on)
                    //#define LDAP_OPT_OFF    ((void *) 0)
                    //status = ldap_set_option(ld, LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL, LDAP_OPT_ON);

                    char ber_pvt_opt_on = '1';
                    IntPtr ptrRemotePrincipalflags = IntPtr.Zero;
                    ptrRemotePrincipalflags = Marshal.AllocHGlobal(Marshal.SizeOf(ber_pvt_opt_on));
                    Marshal.WriteInt32(ptrRemotePrincipalflags, ber_pvt_opt_on);
                    ret = LdapAPI.ldap_set_option(ld, LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL, ptrRemotePrincipalflags);
                    if (BailOnLdapError("DirectoryContext GSS-Bind: ldap_set_option LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL, ptrRemotePrincipalflags=" + ptrRemotePrincipalflags,
                    ret, out errorMessage))
                    {
                        Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                        errorMessage = "";
                        return null;
                    }
                }

                //set GSS-SPNEGO options
                int secflags = ISC_REQ_MUTUAL_AUTH | ISC_REQ_REPLAY_DETECT;

                IntPtr ptrSecflags = IntPtr.Zero;
                ptrSecflags = Marshal.AllocHGlobal(Marshal.SizeOf(secflags));
                Marshal.WriteInt32(ptrSecflags, secflags);
                ret = LdapAPI.ldap_set_option(ld, LDAP_OPT_SSPI_FLAGS, ptrSecflags);
                if (BailOnLdapError("DirectoryContext GSS-Bind: ldap_set_option LDAP_OPT_SSPI_FLAGS, secflags=" + secflags,
                    ret, out errorMessage))
                {
                    Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                    errorMessage = "";
                    return null;
                }

                if (Configurations.currentPlatform != LikewiseTargetPlatform.Windows)
                {
                    secflags |= ISC_REQ_INTEGRITY;

                    ptrSecflags = IntPtr.Zero;
                    ptrSecflags = Marshal.AllocHGlobal(Marshal.SizeOf(secflags));
                    Marshal.WriteInt32(ptrSecflags, secflags);
                    ret = LdapAPI.ldap_set_option(ld, LDAP_OPT_SSPI_FLAGS, ptrSecflags);
                    if (BailOnLdapError("DirectoryContext GSS-Bind: ldap_set_option LDAP_OPT_SSPI_FLAGS, secflags=" + secflags,
                        ret, out errorMessage))
                    {
                        Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                        errorMessage = "";
                        return null;
                    }

                    secflags |= ISC_REQ_CONFIDENTIALITY;

                    ptrSecflags = IntPtr.Zero;
                    ptrSecflags = Marshal.AllocHGlobal(Marshal.SizeOf(secflags));
                    Marshal.WriteInt32(ptrSecflags, secflags);
                    ret = LdapAPI.ldap_set_option(ld, LDAP_OPT_SSPI_FLAGS, ptrSecflags);
                    if (BailOnLdapError("DirectoryContext GSS-Bind: ldap_set_option LDAP_OPT_SSPI_FLAGS, secflags=" + secflags,
                        ret, out errorMessage))
                    {
                        Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                        errorMessage = "";
                        return null;
                    }
                }
                if (Configurations.currentPlatform == LikewiseTargetPlatform.Windows)
                {
                    ret = LdapAPI.ldap_bind_s(ld, null, null, (ulong)LDAP_AUTHWindows.LDAP_AUTH_NEGOTIATE);
                }
                else
                {
                    ret = LdapAPI.ldap_bind_s(ld, null, null, (ulong)LDAP_AUTHLinux.LDAP_AUTH_NEGOTIATE);
                }
                if (BailOnLdapError("DirectoryContext GSS-Bind:ldap_bind_s :", ret, out errorMessage))
                {
                    Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                    errorMessage = "";
                    return null;
                }
            }

            //try to figure out the DC that serves as GC
            string configurationName = null;
            //searching with baseDn="" allows ldap to access the domain “RootDSE”.
            //Without passing that, it cannot access the configurationNamingContext
            DirectoryContext dirContext = new DirectoryContext(
                                DomainControllerName,
                                rootDN,
                                distinguishedName,
                                UserName,
                                Password,
                                ldapHandle,
                                portNumber);

            dirContext._domainControllerIP = sDomainControllerIP;
            LdapMessage ldapMessage;
            string gcServer = DomainControllerName;

            Logger.Log("root query is started querying ", Logger.ldapLogLevel);
            IntPtr MessagePtr;
            ret = LdapAPI.ldap_search_s(ld,
                                        "",
                                        (int)LdapAPI.LDAPSCOPE.BASE,
                                        "(objectClass=*)",
                                        null,
                                        0,
                                        out MessagePtr);

            ldapMessage = new LdapMessage(ldapHandle, MessagePtr);
            Logger.Log("root query is finished querying " + ret, Logger.ldapLogLevel);

            List<LdapEntry> ldapEntries = (ldapMessage != null ? ldapMessage.Ldap_Get_Entries() : null);
            Logger.Log("root query is finished querying with ldapEntries count : " + ldapEntries, Logger.ldapLogLevel);

            #region //Obtaining RootDSE attributes
            if (ldapEntries != null && ldapEntries.Count > 0)
            {
                LdapEntry rootDseEntry = ldapEntries[0];

                LdapValue[] values = rootDseEntry.GetAttributeValues("defaultNamingContext", dirContext);

                if (values != null && values.Length > 0)
                {
                    dirContext.DefaultNamingContext = values[0].stringData;
                }
                Logger.Log("defaultNamingContext is " + dirContext.DefaultNamingContext, Logger.ldapLogLevel);

                values = rootDseEntry.GetAttributeValues("schemaNamingContext", dirContext);

                if (values != null && values.Length > 0)
                {
                    dirContext.SchemaNamingContext = values[0].stringData;
                }
                Logger.Log("schemaNamingContext is " + dirContext.SchemaNamingContext, Logger.ldapLogLevel);

                values = rootDseEntry.GetAttributeValues("dnsHostName", dirContext);

                if (values != null && values.Length > 0)
                {
                    dirContext.DnsHostName = values[0].stringData;
                }
                Logger.Log("dnsHostName is " + dirContext.DnsHostName, Logger.ldapLogLevel);

                values = rootDseEntry.GetAttributeValues("rootDomainNamingContext", dirContext);

                if (values != null && values.Length > 0)
                {
                    dirContext.RootDomainNamingContext = values[0].stringData;
                }
                Logger.Log("dnsHostName is " + dirContext.RootDomainNamingContext, Logger.ldapLogLevel);

                values = rootDseEntry.GetAttributeValues("configurationNamingContext", dirContext);

                if (values != null && values.Length > 0)
                {
                    configurationName = values[0].stringData;
                }
                Logger.Log(
                    "configurationNamingContext is " + configurationName,
                    Logger.ldapLogLevel);

                values = rootDseEntry.GetAttributeValues("SupportedSASLMechanisms", dirContext);

                if (values != null && values.Length > 0)
                {
                    _supportedSASLMechanisms = new string[values.Length];
                    int index = 0;

                    foreach (LdapValue value in values)
                    {
                        _supportedSASLMechanisms[index] = value.stringData;

                        Logger.Log(
                                    "SupportedSASLMechanisms is " + value.stringData,
                                    Logger.ldapLogLevel);
                        index++;
                    }
                }

                dirContext.ConfigurationNamingContext = configurationName;

            #endregion

                ret = LdapAPI.ldap_search_s(ld,
                                        configurationName,
                                        (int)LdapAPI.LDAPSCOPE.BASE,
                                        "(&(objectcategory=ntdsdsa)(options=1))",
                                        new string[] { "distinguishedName", null },
                                        0,
                                        out MessagePtr);

                ldapMessage = new LdapMessage(ldapHandle, MessagePtr);

                if(BailOnLdapError("ldap_search_s :", ret, out errorMessage))
                {
                    Logger.Log("DirectoryContext.CreateDirectoryContext(): " + errorMessage);
                    errorMessage = "";
                    return null;
                }

                ldapEntries = (ldapMessage != null ? ldapMessage.Ldap_Get_Entries() : null);

                if (ldapEntries != null && ldapEntries.Count > 0)
                {
                    //we only check the first one, then we quit finding others (when we do optimization, this algorithm shall be a lot more complicated
                    LdapEntry ldapNextEntry = ldapEntries[0];

                    values = ldapNextEntry.GetAttributeValues("distinguishedName", dirContext);

                    if (values != null && values.Length > 0)
                    {
                        string dn = values[0].stringData;
                        string[] splits1 = dn.Split(',');
                        string[] splits2 = rootDN.Split(',');

                        gcServer = splits1[1].Substring(3).ToLower();
                        foreach (string str in splits2)
                            gcServer = string.Concat(gcServer, ".", str.Substring(3).ToLower());

                        Logger.Log(
                            "global catelog server is " + gcServer,
                            Logger.ldapLogLevel);
                    }
                }
            }

            dirContext.GCServername = gcServer;
            dirContext.BindMethod = usingSimpleBind;

            ldapHandle.DirectoryContext = dirContext;

            return dirContext;
        }
Exemplo n.º 2
0
        protected DirectoryContext(
                    string ServerName,
                    string rootDN,
                    string DistinguishedName,
                    string UserName,
                    string Password,
                    LdapHandle ldapHandle,
                    int portNumber)
        {
            _rootDN = rootDN;

            string[] domainDNcom = _rootDN.Split(',');

            string domainName = "";
            foreach (string str in domainDNcom)
            {
                string temp = string.Concat(str.Substring(3), ".");
                domainName = string.Concat(domainName, temp);
            }

            domainName = domainName.Substring(0, domainName.Length - 1);

            _domainName = domainName;

            _domainControllerName = ServerName;
            _distinguishedName = DistinguishedName;
            _userName = UserName;
            _password = Password;
            _ldapHandle = new LdapHandle(ldapHandle.Handle, this);
            _portNumber = portNumber;
        }
Exemplo n.º 3
0
        public DirectoryContext(DirectoryContext dirContext)
        {

            _rootDN = dirContext.RootDN;

            string[] domainDNcom = _rootDN.Split(',');

            string domainName = "";
            foreach (string str in domainDNcom)
            {
                string temp = string.Concat(str.Substring(3), ".");
                domainName = string.Concat(domainName, temp);
            }

            domainName = domainName.Substring(0, domainName.Length - 1);

            _domainName = domainName;

            _domainControllerName = dirContext.DomainControllerName;
            _distinguishedName = dirContext.DistinguishedName;
            _userName = dirContext.UserName;
            _password = dirContext.Password;
            _ldapHandle = new LdapHandle(dirContext.LdapHandle.Handle, this);
            _portNumber = dirContext.PortNumber;
        }
Exemplo n.º 4
0
        public LdapMessage(LdapHandle ldapHandle, IntPtr ldapMessage)
		{
			_ldapHandle = ldapHandle;
			_ldapMessage = ldapMessage;
		    _dircontext = null;
        }