string DomainNameFromSid(DsServer dc, NT4SID sid)
{
SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
return(DrsrHelper.GetFQDNFromDN(rootDse.defaultNamingContext));
}
/// <summary>
/// Returns true if the domain identified by sid is in a forest trusted by the caller's forest,
/// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise.
/// </summary>
/// <param name="dc"></param>
/// <param name="sid">The SID of a domain.</param>
/// <returns></returns>
static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid)
{
FOREST_TRUST_INFORMATION f;
bool b;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string[] tdos = LdapUtility.GetAttributeValuesString(
dc,
rootDse.rootDomainNamingContext,
"distinguishedName",
"(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
System.DirectoryServices.Protocols.SearchScope.Subtree);
foreach (string o in tdos)
{
byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
{
return(false);
}
foreach (Record e in f.Records)
{
if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo &&
(DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) &&
((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0))
{
b = true;
foreach (Record g in f.Records)
{
if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx &&
(g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 &&
(
((RecordTopLevelName)g.ForestTrustData).TopLevelName
== ((RecordDomainInfo)e.ForestTrustData).DnsName
||
TrustInfo.IsSubdomainOf(
((RecordDomainInfo)e.ForestTrustData).DnsName,
((RecordTopLevelName)g.ForestTrustData).TopLevelName)
)
)
{
b = false;
break;
}
}
if (b)
{
return(true);
}
}
}
}
return(false);
}
public void DRSR_DRSInterDomainMove_LDAP_Move_Object_From_Child_To_Parent()
{
DrsrTestChecker.Check();
EnvironmentConfig.Machine parentDcType = EnvironmentConfig.Machine.WritableDC1;
DsServer parentDc = (DsServer)EnvironmentConfig.MachineStore[parentDcType];
EnvironmentConfig.Machine childDcType = EnvironmentConfig.Machine.CDC;
DsServer childDc = (DsServer)EnvironmentConfig.MachineStore[childDcType];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
string srcObjDn = ldapAdapter.TestAddUserObj(childDc);
BaseTestSite.Log.Add(LogEntryKind.Comment, "LDAP add a new object: {0}.", srcObjDn);
string newObjRdn = DrsrHelper.GetRDNFromDN(srcObjDn);
string tgtParentObjDn = "CN=Users," + DrsrHelper.GetNamingContextDN(parentDc.Domain, NamingContext.DomainNC);
string newObjDn = newObjRdn + "," + tgtParentObjDn;
bool bNewObjAdded = ldapAdapter.IsObjectExist(parentDc, newObjDn);
if (bNewObjAdded)
{
ResultCode rCode = ldapAdapter.DeleteObject(parentDc, newObjDn);
BaseTestSite.Assume.AreEqual <ResultCode>(ResultCode.Success, rCode, "LDAP: {0} should be removed.", newObjDn);
}
using (LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(childDc.DnsHostName))) // connecting to the child domain in which the object exists
{
connection.Credential = new System.Net.NetworkCredential(user.Username, user.Password, parentDc.Domain.DNSName);
connection.SessionOptions.ProtocolVersion = 3;
connection.SessionOptions.SspiFlag = connection.SessionOptions.SspiFlag | 1; //Set Delegate flag.
connection.AuthType = AuthType.Kerberos;
connection.Bind();
try
{
BaseTestSite.Log.Add(LogEntryKind.Comment, "LDAP ModifyDN: moving object {0} to {1}.", srcObjDn, newObjDn);
ModifyDNRequest modDnRequest = new ModifyDNRequest(srcObjDn, tgtParentObjDn, newObjRdn);
modDnRequest.Controls.Add(new CrossDomainMoveControl(parentDc.DnsHostName)); // parent domain to which the object need to move
ModifyDNResponse modDnResponse = (ModifyDNResponse)connection.SendRequest(modDnRequest);
BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, modDnResponse.ResultCode,
"LDAP ModifyDN: server should invoke IDL_DRSInterDomainMove on target Dc and move the object.");
bool bOldObjDeleted = ldapAdapter.IsObjectExist(childDc, srcObjDn);
bNewObjAdded = ldapAdapter.IsObjectExist(parentDc, newObjDn);
BaseTestSite.Assert.IsFalse(bOldObjDeleted, "LDAP ModifyDN: the old object should be deleted from source DC.");
BaseTestSite.Assert.IsTrue(bNewObjAdded, "LDAP ModifyDN: the new object should be added into target DC.");
}
catch (DirectoryOperationException e)
{
BaseTestSite.Log.Add(LogEntryKind.Debug, "LDAP ModifyDN: ResultCode:{0}", e.Response.ResultCode.ToString());
BaseTestSite.Log.Add(LogEntryKind.Debug, "LDAP ModifyDN: ErrorMessage:{0}", e.Response.ErrorMessage.ToString());
BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, e.Response.ResultCode,
"LDAP ModifyDN: server should invoke the IDL_DRSInterDomainMove on target Dc and move the object.");
}
}
}
public static uint MakeAttid(SCHEMA_PREFIX_TABLE t, string o)
{
string lastValueString;
uint lastValue, lowerWord;
byte[] binaryOID, oidPrefix;
uint attr;
uint pos = 0;
string[] ss = o.Split('.');
lastValueString = ss[ss.Length - 1];
lastValue = Convert.ToUInt32(lastValueString);
binaryOID = ToBinaryOID(o);
if (lastValue < 128)
{
oidPrefix = SubBinary(binaryOID, 0, binaryOID.Length - 1);
}
else
{
oidPrefix = SubBinary(binaryOID, 0, binaryOID.Length - 2);
}
bool fToAdd = true;
for (uint i = 0; i < t.PrefixCount; ++i)
{
if (DrsrHelper.IsByteArrayEqual(t.pPrefixEntry[i].prefix.elements, oidPrefix))
{
fToAdd = false;
pos = i;
break;
}
}
if (fToAdd)
{
pos = (uint)t.PrefixCount;
AddPrefixTableEntry(ref t, oidPrefix);
}
lowerWord = lastValue % 16384;
if (lastValue >= 16384)
{
lowerWord += 32768;
}
uint upperWord = t.pPrefixEntry[pos].ndx;
attr = upperWord * 65536 + lowerWord;
return(attr);
}
DSNAME?DomainFromDomainDNSName(DsServer dc, string domainName)
{
string dn = DrsrHelper.GetDNFromFQDN(domainName);
if (dn != null)
{
return(LdapUtility.CreateDSNameForObject(dc, dn));
}
else
{
return(null);
}
}
public void DRSR_DRSGetMemberships_Get_Group_Members_Transitive()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSBind: should return 0 with a success bind to DC");
string groupDn = "CN=Domain Users,CN=Users," + DrsrHelper.GetDNFromFQDN(ADCommonServerAdapter.Instance(Site).PrimaryDomainDnsName);
DSNAME dsGroup = LdapUtility.CreateDSNameForObject(
server,
groupDn
);
ret = drsTestClient.DrsGetMemberships(
srv,
dwInVersion_Values.V1,
dsGroup,
false,
REVERSE_MEMBERSHIP_OPERATION_TYPE.GroupMembersTransitive,
null);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSGetMemberships: return value should be 0");
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSUnbind: return value should be 0");
}
void VerifyCrackNamesListGlobalCatalogServers(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
DsServer[] servers = ldapAd.ListGcServers(dc);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == servers.Length,
"IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: wrong server count, expect:{0}, got:{1}",
servers.Length,
reply.Value.V1.pResult[0].cItems
);
string[] siteDns = new string[servers.Length];
string[] dnsHostNames = new string[servers.Length];
for (int i = 0; i < servers.Length; ++i)
{
siteDns[i] = servers[i].Site.DN.ToLower();
dnsHostNames[i] = servers[i].DnsHostName.ToLower();
}
string[] drsrSiteDns = new string[reply.Value.V1.pResult[0].cItems];
string[] drsrDnsHostNames = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
drsrSiteDns[i] = reply.Value.V1.pResult[0].rItems[i].pName.ToLower();
drsrDnsHostNames[i] = reply.Value.V1.pResult[0].rItems[i].pDomain.ToLower();
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(siteDns, drsrSiteDns),
"IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: failed to verify site DNs."
);
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(dnsHostNames, drsrDnsHostNames),
"IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: failed to verify server DNS host names."
);
}
void VerifyCrackNamesListServersForDomainInSite(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
string domainDn = req.V1.rpNames[0];
string siteDn = req.V1.rpNames[1];
DsServer[] servers = ldapAd.ListServersForDomainInSite(dc, domainDn, siteDn);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == servers.Length,
"IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: wrong server count, expect:{0}, got:{1}",
servers.Length,
reply.Value.V1.pResult[0].cItems
);
string[] serverDns = new string[servers.Length];
for (int i = 0; i < servers.Length; ++i)
{
serverDns[i] = servers[i].ServerObjectName;
}
string[] drsrServers = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
drsrServers[i] = reply.Value.V1.pResult[0].rItems[i].pName;
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(serverDns, drsrServers),
"IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: failed to verify servers in site {0}",
siteDn
);
}
void VerifyCrackNamesListNcs(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
string[] ncs = ldapAd.ListNCs(dc);
string[] drsrNcs = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
drsrNcs[i] = reply.Value.V1.pResult[0].rItems[i].pName;
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_NCS: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(ncs, drsrNcs),
"IDL_DRSCrackNames: DS_LIST_NCS: failed to verify NCs."
);
}
void VerifyCrackNamesListDomainsInSite(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
string siteDn = req.V1.rpNames[0];
DsSite site = ldapAd.GetSite(dc, siteDn);
string[] domains = new string[site.Domains.Length];
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == domains.Length,
"IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: wrong domain count, expect:{0}, got:{1}",
domains.Length,
reply.Value.V1.pResult[0].cItems
);
for (int i = 0; i < site.Domains.Length; ++i)
{
domains[i] = site.Domains[i].Name;
}
string[] drsrDomains = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
drsrDomains[i] = reply.Value.V1.pResult[0].rItems[i].pName;
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(domains, drsrDomains),
"IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: failed to verify servers in site {0}",
siteDn
);
}
void VerifyCrackNamesListDomains(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
DsDomain[] domains = ldapAd.ListDomains(dc);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == domains.Length,
"IDL_DRSCrackNames: DS_LIST_DOMAINS: wrong domain count, expect:{0}, got:{1}",
domains.Length,
reply.Value.V1.pResult[0].cItems
);
string[] domainDns = new string[domains.Length];
for (int i = 0; i < domains.Length; ++i)
{
domainDns[i] = domains[i].Name;
}
DS_NAME_RESULTW result = reply.Value.V1.pResult[0];
string[] listDomainDns = new string[result.cItems];
for (int i = 0; i < result.cItems; ++i)
{
testSite.Assert.IsTrue(
result.rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_DOMAINS: return status should be 0, got {0}",
result.rItems[i].status
);
listDomainDns[i] = result.rItems[i].pName;
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(domainDns, listDomainDns),
"IDL_DRSCrackNames: DS_LIST_DOMAINS: failed to verify domain DNs."
);
}
// Verify DS_LIST_SITES of IDL_DRSCrackNames
void VerifyCrackNamesListAllSites(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
DsSite[] sites = ldapAd.ListSites(dc);
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].cItems == sites.Length,
"IDL_DRSCrackNames: DS_LIST_SITES: wrong site count, expect:{0}, got:{1}",
sites.Length,
reply.Value.V1.pResult[0].cItems
);
string[] siteDns = new string[sites.Length];
for (int i = 0; i < sites.Length; ++i)
{
siteDns[i] = sites[i].DN;
}
string[] listSiteDns = new string[reply.Value.V1.pResult[0].cItems];
for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i)
{
testSite.Assert.IsTrue(
reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR,
"IDL_DRSCrackNames: DS_LIST_SITES: return status should be 0, got {0}",
reply.Value.V1.pResult[0].rItems[i].status
);
listSiteDns[i] = reply.Value.V1.pResult[0].rItems[i].pName;
}
testSite.Assert.IsTrue(
DrsrHelper.IsStringArrayEqual(siteDns, listSiteDns),
"IDL_DRSCrackNames: DS_LIST_SITES: failed to verify site DNs"
);
}
string DomainDNSNameFromDomain(DsServer dc, DSNAME domainNc)
{
// Looks like this method also returns NetBIOS name
// return DomainNetBIOSNameFromDomain(dc, domainNc);
return(DrsrHelper.GetFQDNFromDN(LdapUtility.ConvertUshortArrayToString(domainNc.StringName)));
}
public void DRSR_DRSCloneDC_V1_Success()
{
DrsrTestChecker.Check();
DsServer svr = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
AddObjectUpdate machineAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
svr.ComputerObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName));
updateStorage.PushUpdate(machineAccount);
AddObjectUpdate ntdsContainerAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
"CN=" + EnvironmentConfig.ClonedDCNetbiosName + "," + DrsrHelper.GetParentDNFromChildDN(DrsrHelper.GetParentDNFromChildDN(svr.NtdsDsaObjectName)));
updateStorage.PushUpdate(ntdsContainerAccount);
AddObjectUpdate ntdsAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1,
svr.NtdsDsaObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName));
updateStorage.PushUpdate(ntdsAccount);
BaseTestSite.Assert.IsTrue(ldapAdapter.GrantControlAccess(svr,
EnvironmentConfig.UserStore[EnvironmentConfig.User.MainDCAccount],
svr.Domain.Name,
System.DirectoryServices.ActiveDirectoryRights.ExtendedRight,
System.Security.AccessControl.AccessControlType.Allow,
DRSConstants.ExtendRights.DSCloneDomainController),
"Grant control access to clone DC firstly");
drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.MainDCAccount, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
drsTestClient.DrsAddCloneDC(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.ClonedDCNetbiosName, svr.Site.CN);
}
