Пример #1
0
        internal ADCertificateTemplateAccessRule(ActiveDirectoryAccessRule AccessRule)
        {
            Identity = AccessRule.IdentityReference.ToString();
            ActiveDirectoryRights Rights = AccessRule.ActiveDirectoryRights;

            if (Rights.HasFlag(ActiveDirectoryRights.GenericRead) || Rights.HasFlag(ActiveDirectoryRights.GenericExecute))
            {
                Read = true;
            }
            if (Rights.HasFlag(ActiveDirectoryRights.WriteDacl))
            {
                Write = true;
            }
            if (Rights.HasFlag(ActiveDirectoryRights.GenericAll))
            {
                FullControl = true;
            }
            if (Rights.HasFlag(ActiveDirectoryRights.ExtendedRight))
            {
                switch (AccessRule.ObjectType.ToString())
                {
                case ExtendedRightGuid.Enroll:
                    Enroll = true;
                    break;

                case ExtendedRightGuid.AutoEnroll:
                    AutoEnroll = true;
                    break;
                }
            }
        }
        void fromActiveDirectorySecurity()
        {
            ActiveDirectorySecurity dsSecurity;

            using (var entry = new DirectoryEntry("LDAP://" + _x500Name)) {
                dsSecurity = entry.ObjectSecurity;
            }

            try {
                SetOwner(dsSecurity.GetOwner(typeof(NTAccount)));
            } catch {
                SetOwner(dsSecurity.GetOwner(typeof(SecurityIdentifier)));
            }

            IEnumerable <IdentityReference> users = dsSecurity
                                                    .GetAccessRules(true, true, typeof(NTAccount))
                                                    .Cast <ActiveDirectoryAccessRule>()
                                                    .Select(x => x.IdentityReference)
                                                    .Distinct();

            foreach (IdentityReference user in users)
            {
                foreach (AccessControlType accessType in Enum.GetValues(typeof(AccessControlType)))
                {
                    CertTemplateRights rights = 0;
                    IEnumerable <ActiveDirectoryAccessRule> aceList = dsSecurity.GetAccessRules(true, true, typeof(NTAccount))
                                                                      .Cast <ActiveDirectoryAccessRule>()
                                                                      .Where(x => x.IdentityReference == user && x.AccessControlType == accessType);
                    foreach (ActiveDirectoryAccessRule ace in aceList)
                    {
                        ActiveDirectoryRights aceRights = ace.ActiveDirectoryRights;
                        if (aceRights.HasFlag(ActiveDirectoryRights.GenericRead) || aceRights.HasFlag(ActiveDirectoryRights.GenericExecute))
                        {
                            rights |= CertTemplateRights.Read;
                        }
                        if (aceRights.HasFlag(ActiveDirectoryRights.WriteDacl))
                        {
                            rights |= CertTemplateRights.Write;
                        }
                        if (aceRights.HasFlag(ActiveDirectoryRights.GenericAll))
                        {
                            rights |= CertTemplateRights.FullControl;
                        }
                        if (aceRights.HasFlag(ActiveDirectoryRights.ExtendedRight))
                        {
                            switch (ace.ObjectType.ToString())
                            {
                            case GUID_ENROLL:
                                rights |= CertTemplateRights.Enroll;
                                break;

                            case GUID_AUTOENROLL:
                                rights |= CertTemplateRights.Autoenroll;
                                break;
                            }
                        }
                    }
                    if (rights > 0)
                    {
                        AddAccessRule(new CertTemplateAccessRule(user, rights, accessType));
                    }
                }
            }
        }