/// <summary>
/// The sequence [index .. index + size] of bytes in buffer is converted into a SID structure and returned.
/// </summary>
/// <param name="buffer"></param>
/// <param name="index"></param>
/// <param name="size"></param>
/// <returns></returns>
public static NT4SID ExtractSid(byte[] buffer, uint index, uint size)
{
NT4SID sid = new NT4SID();
Array.Copy(buffer, index, sid.Data, 0, size);
return(sid);
}
DSNAME[] LookupSID(DsServer dc, uint flags, NT4SID sid)
{
List <DSNAME> rt = new List <DSNAME>();
SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);
DSNAME[] rt1 = LookupAttr(dc, flags, "objectSid", secId.ToString());
DSNAME[] rt2 = LookupAttr(dc, flags, "sIDHistory", secId.ToString());
if (rt1 != null)
{
rt.AddRange(rt1);
}
if (rt2 != null)
{
rt.AddRange(rt2);
}
if (rt.Count > 0)
{
return(rt.ToArray());
}
else
{
return(null);
}
}
string DomainNameFromSid(DsServer dc, NT4SID sid)
{
SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
return(DrsrHelper.GetFQDNFromDN(rootDse.defaultNamingContext));
}
/// <summary>
/// Returns true if the domain identified by sid is in a forest trusted by the caller's forest,
/// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise.
/// </summary>
/// <param name="dc"></param>
/// <param name="sid">The SID of a domain.</param>
/// <returns></returns>
static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid)
{
FOREST_TRUST_INFORMATION f;
bool b;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string[] tdos = LdapUtility.GetAttributeValuesString(
dc,
rootDse.rootDomainNamingContext,
"distinguishedName",
"(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
System.DirectoryServices.Protocols.SearchScope.Subtree);
foreach (string o in tdos)
{
byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
{
return(false);
}
foreach (Record e in f.Records)
{
if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo &&
(DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) &&
((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0))
{
b = true;
foreach (Record g in f.Records)
{
if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx &&
(g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 &&
(
((RecordTopLevelName)g.ForestTrustData).TopLevelName
== ((RecordDomainInfo)e.ForestTrustData).DnsName
||
TrustInfo.IsSubdomainOf(
((RecordDomainInfo)e.ForestTrustData).DnsName,
((RecordTopLevelName)g.ForestTrustData).TopLevelName)
)
)
{
b = false;
break;
}
}
if (b)
{
return(true);
}
}
}
}
return(false);
}
public static string GetObjectDnBySid(DsServer dc, string baseDn, NT4SID sid)
{
return(GetAttributeValueInString(
dc,
baseDn,
"distinguishedName",
"(&(objectClass=*)(objectSid=" + GetBinaryString(sid.Data) + "))",
System.DirectoryServices.Protocols.SearchScope.Subtree
));
}
NT4SID SidFromStringSid(string name)
{
const int SidSize = 28;
NT4SID sid = new NT4SID();
sid.Data = new byte[SidSize];
SecurityIdentifier secId = new SecurityIdentifier(name);
secId.GetBinaryForm(sid.Data, 0);
return(sid);
}
NT4SID DomainSidFromSid(NT4SID sid)
{
SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);
SecurityIdentifier domainSid = secId.AccountDomainSid;
NT4SID nsid = new NT4SID();
nsid.Data = new byte[28];
domainSid.GetBinaryForm(nsid.Data, 0);
return(nsid);
}
/// <summary>
/// Validate if the specified sid is null sid (all data bytes are 0).
/// </summary>
/// <param name="sid">The sid.</param>
/// <returns>True if null sid, otherwise false.</returns>
public static bool IsNullSid(NT4SID sid)
{
if (sid.Data == null)
{
return(true);
}
foreach (byte bd in sid.Data)
{
if (bd != 0)
{
return(false);
}
}
return(true);
}
DSNAME GetDSNameFromSid(DsServer dc, NT4SID sid)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string baseDn = rootDse.defaultNamingContext;
StringBuilder sidStr = new StringBuilder();
for (int i = 0; i < sid.Data.Length; ++i)
{
sidStr.AppendFormat(@"\{0:x2}", sid.Data[i]);
}
string filter = "(objectSid=" + sidStr.ToString() + ")";
string dn = (string)GetAttributeValue(dc, baseDn, "distinguishedName", filter, System.DirectoryServices.Protocols.SearchScope.Subtree);
return(LdapUtility.CreateDSNameForObject(dc, dn));
}
/// <summary>
/// Compare if two NT4SID equals with each other
/// </summary>
/// <param name="sid1">Sid 1</param>
/// <param name="sid2">Sid 2</param>
/// <returns>True if the two sids equal with each other, otherwise false.</returns>
public static bool NT4SID_Equals(NT4SID sid1, NT4SID sid2)
{
if (IsNullSid(sid1) && IsNullSid(sid2))
{
return(true);
}
else if (IsNullSid(sid1) || IsNullSid(sid2))
{
return(false);
}
for (int i = 0; i < sid1.Data.Length; i++)
{
if (sid1.Data[i] != sid2.Data[i])
{
return(false);
}
}
return(true);
}
public DRS_MSG_REPMOD createDRS_MSG_REPMOD_Request(
EnvironmentConfig.Machine machine,
DsServer src,
DRS_OPTIONS replicaFlags,
DRS_MSG_REPMOD_FIELDS modifyFields,
DRS_OPTIONS options
)
{
#region generate the parameters
string ncReplicaDistinguishedName = LdapUtility.ConvertUshortArrayToString(src.Domain.ConfigNC.StringName);
Guid ncReplicaObjectGuid = src.Domain.ConfigNC.Guid;
NT4SID ncReplicaObjectSid = src.Domain.ConfigNC.Sid;
Guid sourceDsaGuid = src.NtdsDsaObjectGuid;
string sourceDsaName = src.DsaNetworkAddress;
#endregion
REPLTIMES s = new REPLTIMES();
s.rgTimes = new byte[84];
for (int i = 0; i < s.rgTimes.Length; i++)
{
s.rgTimes[i] = 1;
}
string sid = convertSidToString(ncReplicaObjectSid);
DRS_MSG_REPMOD?req = DRSClient.CreateReplicaModifyRequest(
ncReplicaDistinguishedName,
ncReplicaObjectGuid,
sid,
sourceDsaGuid,
sourceDsaName,
s,
replicaFlags,
modifyFields,
options);
return((DRS_MSG_REPMOD)req);
}
