public DSNAME GetObjectNC(DsServer dc, DSNAME obj)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string dn = LdapUtility.ConvertUshortArrayToString(obj.StringName);
string ncDn = "";
// there might be spaces between each RDN of the dn.
dn = TrimDn(dn);
// default first
if (rootDse.defaultNamingContext != null)
{
// AD LDS doesn't have default NC
if (dn.Contains(rootDse.defaultNamingContext))
{
ncDn = rootDse.defaultNamingContext;
}
}
if (dn.Contains(rootDse.configurationNamingContext))
{
ncDn = rootDse.configurationNamingContext;
}
if (dn.Contains(rootDse.schemaNamingContext))
{
ncDn = rootDse.schemaNamingContext;
}
return(LdapUtility.CreateDSNameForObject(dc, ncDn));
}
string GetCanonicalName(DsServer dc, DSNAME obj, bool extended)
{
string result;
string dn = LdapUtility.ConvertUshortArrayToString(obj.StringName);
//if (GetObjectNC(dc, obj).Guid == obj.Guid)
if (RetrieveDCSuffixFromDn(dn) == dn)
{
return(DomainDNSNameFromDomain(dc, obj));
}
DSNAME parentObj = GetDsName(dc, GetParentObjectDn(dn)).Value;
result = GetCanonicalName(dc, parentObj, false);
if (extended == true)
{
result = result + "\n";
}
else
{
result = result + "/";
}
string name = (string)GetAttributeValue(dc, dn, "name");
result = result + name;
return(result);
}
static int CompareDsNames(DSNAME a, DSNAME b)
{
string na = LdapUtility.ConvertUshortArrayToString(a.StringName);
string nb = LdapUtility.ConvertUshortArrayToString(b.StringName);
return(na.CompareTo(nb));
}
/// <summary>
/// Get all site objects in the forest where the DC is located.
/// </summary>
/// <param name="dc">The DC in the forest.</param>
/// <returns>All site objects in the forest.</returns>
public DsSite[] ListSites(DsServer dc)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
// Forest, so start with the root of config nc
string siteRoot = "CN=Sites," + rootDse.configurationNamingContext;
SearchResultEntryCollection results = null;
ResultCode ret = Search(
dc,
siteRoot,
"(objectClass=site)",
System.DirectoryServices.Protocols.SearchScope.OneLevel,
null,
out results
);
List <DsSite> sites = new List <DsSite>();
foreach (SearchResultEntry site in results)
{
string dn = site.DistinguishedName;
sites.Add(GetSite(dc, dn));
}
return(sites.ToArray());
}
public static string GetFSMORoleCN(DsDomain dsdomain, FSMORoles fsmoRole)
{
string dn = null;
if (dsdomain is AddsDomain)
{
string defaultNC = LdapUtility.ConvertUshortArrayToString(
((AddsDomain)dsdomain).DomainNC.StringName);
switch (fsmoRole)
{
case FSMORoles.PDC:
{
dn = defaultNC;
break;
}
case FSMORoles.RidAllocation:
{
dn = "CN=RID Manager$,CN=System," + defaultNC;
break;
}
case FSMORoles.Infrastructure:
{
dn = "CN=Infrastructure," + defaultNC;
break;
}
default:
break;
}
}
else
{
switch (fsmoRole)
{
case FSMORoles.Schema:
{
dn = LdapUtility.ConvertUshortArrayToString(
dsdomain.SchemaNC.StringName);
break;
}
case FSMORoles.DomainNaming:
{
dn = "CN=Partitions," + LdapUtility.ConvertUshortArrayToString(
dsdomain.ConfigNC.StringName);
break;
}
default:
break;
}
}
return(dn);
}
/// <summary>
/// try delete object
/// </summary>
/// <returns></returns>
bool op()
{
DsServer dc = (DsServer)EnvironmentConfig.MachineStore[dsServerType];
if (!LdapUtility.IsObjectExist(dc, objectDN))
{
return(true);
}
for (int i = 0; i < 2; i++)
{
try
{
System.DirectoryServices.Protocols.ResultCode rCode = ldapAdapter.DeleteObject(dc, objectDN);
if (rCode == System.DirectoryServices.Protocols.ResultCode.Success)
{
return(true);
}
}
catch
{
System.Threading.Thread.Sleep(1000);
}
}
return(false);
}
/// <summary>
/// Get all domains in the forest.
/// </summary>
/// <param name="dc">The DC in the forest.</param>
/// <returns>All domain objects in the forest.</returns>
public DsDomain[] ListDomains(DsServer dc)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string partitionDn = "CN=Partitions," + rootDse.configurationNamingContext;
SearchResultEntryCollection results = null;
ResultCode re = LdapUtility.Search(
dc,
partitionDn,
"(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.804:=2))",
System.DirectoryServices.Protocols.SearchScope.Subtree,
new string[] { "nCName" },
out results);
if (re != ResultCode.Success)
{
return(null);
}
List <DsDomain> domains = new List <DsDomain>();
foreach (SearchResultEntry e in results)
{
DirectoryAttribute attr = e.Attributes["nCName"];
string dn = (string)attr[0];
DsDomain domain = new AddsDomain();
domain.Name = dn;
domains.Add(domain);
}
return(domains.ToArray());
}
/// <summary>
/// Get all NCs in the forest.
/// </summary>
/// <param name="dc">The DC in the forest.</param>
/// <returns>All NC DNs in the forest.</returns>
public string[] ListNCs(DsServer dc)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string partitionDn = "CN=Partitions," + rootDse.configurationNamingContext;
SearchResultEntryCollection results = null;
ResultCode re = LdapUtility.Search(
dc,
partitionDn,
"(objectClass=crossRef)",
System.DirectoryServices.Protocols.SearchScope.Subtree,
new string[] { "nCName" },
out results);
if (re != ResultCode.Success)
{
return(null);
}
List <string> ncs = new List <string>();
foreach (SearchResultEntry e in results)
{
DirectoryAttribute attr = e.Attributes["nCName"];
string dn = (string)attr[0];
ncs.Add(dn);
}
return(ncs.ToArray());
}
public static string GetDnFromNcType(DsServer srv, NamingContext ncType)
{
string baseDn = "";
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
switch (ncType)
{
case NamingContext.DomainNC:
baseDn = rootDse.defaultNamingContext;
break;
case NamingContext.ConfigNC:
baseDn = rootDse.configurationNamingContext;
break;
case NamingContext.SchemaNC:
baseDn = rootDse.schemaNamingContext;
break;
default:
throw new NotImplementedException();
//break;
}
return(baseDn);
}
string DomainNetBIOSNameFromDomain(DsServer dc, DSNAME domainNc)
{
return(((string)GetAttributeValue(
dc,
LdapUtility.ConvertUshortArrayToString(domainNc.StringName),
"name")).ToUpper());
}
// <summary>
// the function is used to create a DrsUpdateRef request
// </summary>
public DRS_MSG_UPDREFS CreateRequestForDrsUpdateRef(
EnvironmentConfig.Machine machine,
DsServer dest,
DRS_OPTIONS options,
NamingContext nc = NamingContext.ConfigNC)
{
string nc_name = null;
Guid nc_guid = Guid.Empty;
string nc_sid = null;
DSNAME nc_obj;
switch (nc)
{
case NamingContext.ConfigNC:
nc_obj = dest.Domain.ConfigNC;
break;
case NamingContext.SchemaNC:
nc_obj = dest.Domain.SchemaNC;
break;
case NamingContext.AppNC:
if (EnvironmentConfig.TestDS)
{
nc_obj = ((AddsDomain)dest.Domain).OtherNCs[0];
}
else
{
nc_obj = ((AdldsDomain)dest.Domain).AppNCs[0];
}
break;
case NamingContext.DomainNC:
if (!EnvironmentConfig.TestDS)
{
nc_obj = new DSNAME();
}
nc_obj = ((AddsDomain)dest.Domain).DomainNC;
break;
default:
nc_obj = new DSNAME();
break;
}
nc_name = LdapUtility.ConvertUshortArrayToString(nc_obj.StringName);
nc_guid = nc_obj.Guid;
nc_sid = convertSidToString(nc_obj.Sid);
DRS_MSG_UPDREFS?req = DRSClient.CreateUpdateRefsRequest(
nc_name,
nc_guid,
nc_sid,
dest.DsaNetworkAddress,
dest.NtdsDsaObjectGuid,
options);
return((DRS_MSG_UPDREFS)req);
}
private void DRSReplicaSync_Invalid_Input_4(DrsReplicaSync_Versions dwInVersion)
{
uint ret = drsTestClient.DrsBind(
EnvironmentConfig.Machine.WritableDC1,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
/* comments from TD */
/*
* if (DRS_SYNC_BYNAME in options and msgIn.pszDsaSrc = null)
* or (not DRS_SYNC_BYNAME in options and msgIn.uuidDsaSrc = null)
* or (not DRS_SYNC_BYNAME in options and msgIn.uuidDsaSrc = NULLGUID) then
* return ERROR_DS_DRA_INVALID_PARAMETER
* endif
*/
/* Create request message */
DRS_MSG_REPSYNC msgIn = new DRS_MSG_REPSYNC();
// NC
DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext);
switch (dwInVersion)
{
case DrsReplicaSync_Versions.V1:
msgIn = drsTestClient.CreateDrsReplicaSyncV1Request();
/* Setting param #1 */
msgIn.V1.ulOptions = 0;
/* Setting param #2 */
msgIn.V1.uuidDsaSrc = Guid.Empty;
msgIn.V1.pNC = ncDsname;
break;
case DrsReplicaSync_Versions.V2:
msgIn = drsTestClient.CreateDrsReplicaSyncV2Request();
/* Setting param #1 */
msgIn.V2.ulOptions = 0;
/* Setting param #2 */
msgIn.V2.uuidDsaSrc = Guid.Empty;
msgIn.V2.pNC = ncDsname;
break;
default:
BaseTestSite.Assert.Fail("The version {0} is not supported.", dwInVersion);
break;
}
/* Issue the request */
ret = drsTestClient.DRSClient.DrsReplicaSync(
EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
(uint)dwInVersion,
msgIn);
BaseTestSite.Assert.AreEqual <uint>(
(uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
ret,
"DrsReplicaSync: return code mismatch."
);
}
string DomainNameFromSid(DsServer dc, NT4SID sid)
{
SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0);
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
return(DrsrHelper.GetFQDNFromDN(rootDse.defaultNamingContext));
}
void VerifyCrackNamesMapSchemaGuid(
DsServer dc,
DRS_MSG_CRACKREQ req,
DRS_MSG_CRACKREPLY?reply)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
Guid guid = new Guid(req.V1.rpNames[0]);
string schemaGuidStr = LdapUtility.GetBinaryString(guid.ToByteArray());
string name = ldapAd.GetAttributeValueInString(
dc,
rootDse.schemaNamingContext,
"lDAPDisplayName",
"(schemaIDGUID=" + schemaGuidStr + ")",
SearchScope.Subtree
);
testSite.Assert.IsTrue(
name == reply.Value.V1.pResult[0].rItems[0].pName,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify schema name, expect:{0}, got{1}",
name,
reply.Value.V1.pResult[0].rItems[0].pName
);
string[] objClass = LdapUtility.GetAttributeValuesString(
dc,
rootDse.schemaNamingContext,
"objectClass",
"(schemaIDGUID=" + schemaGuidStr + ")",
SearchScope.Subtree
);
string objLastClass = objClass[objClass.Length - 1];
switch (objLastClass)
{
case "classSchema":
testSite.Assert.IsTrue(
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS == reply.Value.V1.pResult[0].rItems[0].status,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}",
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS,
reply.Value.V1.pResult[0].rItems[0].status
);
break;
case "attributeSchema":
testSite.Assert.IsTrue(
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_ATTR == reply.Value.V1.pResult[0].rItems[0].status,
"IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}",
DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS,
reply.Value.V1.pResult[0].rItems[0].status
);
break;
default:
throw new NotImplementedException();
}
}
public void DRSR_DRSGetNCChanges_Access_Denied()
{
DrsrTestChecker.Check();
uint ret = drsTestClient.DrsBind(
EnvironmentConfig.Machine.WritableDC1,
EnvironmentConfig.User.ParentDomainUser,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
| DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6);
/* comments from TD */
/*
* if IsGetNCChangesPermissionGranted(msgIn) == FALSE then
* return ERROR_DRA_ACCESS_DENIED
* endif
*
*/
/* comments from likezh */
/*
* IsGetNCChangesPermissionGranted(msgIn) == FALSE
*/
//throw new NotImplementedException();
/* Create request message */
DRS_MSG_GETCHGREQ msgIn = drsTestClient.CreateDrsGetNcChangesV8Request();
uint dwInVersion = 8;
uint?dwOutVersion = 0;
DRS_MSG_GETCHGREPLY?reply;
/* Setting param #1 */
/*msgIn.V8.pNC = DefaultNC()*/
// NC
DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext);
msgIn.V8.pNC = ncDsname;
if (EnvironmentConfig.TestDS == false)
{
// ADAM requires a DSA GUID
msgIn.V8.uuidDsaObjDest = srv.NtdsDsaObjectGuid;
}
/* Issue the request */
ret = drsTestClient.DRSClient.DrsGetNcChanges(
EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
dwInVersion,
msgIn,
out dwOutVersion,
out reply);
BaseTestSite.Assert.AreEqual <uint>(
(uint)Win32ErrorCode_32.ERROR_DS_DRA_ACCESS_DENIED,
ret,
"DrsGetNcChanges: return code mismatch."
);
}
/// <summary>
/// Returns true if the domain identified by sid is in a forest trusted by the caller's forest,
/// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise.
/// </summary>
/// <param name="dc"></param>
/// <param name="sid">The SID of a domain.</param>
/// <returns></returns>
static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid)
{
FOREST_TRUST_INFORMATION f;
bool b;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string[] tdos = LdapUtility.GetAttributeValuesString(
dc,
rootDse.rootDomainNamingContext,
"distinguishedName",
"(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))",
System.DirectoryServices.Protocols.SearchScope.Subtree);
foreach (string o in tdos)
{
byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo");
if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f))
{
return(false);
}
foreach (Record e in f.Records)
{
if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo &&
(DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) &&
((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0))
{
b = true;
foreach (Record g in f.Records)
{
if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx &&
(g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 &&
(
((RecordTopLevelName)g.ForestTrustData).TopLevelName
== ((RecordDomainInfo)e.ForestTrustData).DnsName
||
TrustInfo.IsSubdomainOf(
((RecordDomainInfo)e.ForestTrustData).DnsName,
((RecordTopLevelName)g.ForestTrustData).TopLevelName)
)
)
{
b = false;
break;
}
}
if (b)
{
return(true);
}
}
}
}
return(false);
}
public static DSNAME CreateDSNameForObject(DsServer srv, string dn)
{
// Get the GUID first
Guid?guid = LdapUtility.GetObjectGuid(srv, dn);
string sid = GetObjectStringSid(srv, dn);
return(DrsuapiClient.CreateDsName(dn, guid.Value, sid));
}
public void DRSR_DRSGetObjectExistence_Access_Denied()
{
DrsrTestChecker.Check();
uint ret = drsTestClient.DrsBind(
EnvironmentConfig.Machine.WritableDC1,
EnvironmentConfig.User.ParentDomainUser,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
/* comments from TD */
/*
* if not AccessCheckCAR(nc, DS-Replication-Get-Changes) then
* return ERROR_DS_DRA_ACCESS_DENIED
* endif
*
*/
/* comments from likezh */
/*
* !AccessCheckCAR(nc, DS-Replication-Get-Changes)
*/
//throw new NotImplementedException();
/* Create request message */
DRS_MSG_EXISTREQ msgIn = drsTestClient.CreateDrsGetObjectExistenceV1Request();
// NC
DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.defaultNamingContext);
msgIn.V1.pNC = ncDsname;
// This API will check the guidStart first to validate the input, so
// to go thru that we set the guidStart to any guid.
msgIn.V1.guidStart = DRSConstants.DrsRpcInterfaceGuid;
uint dwInVersion = 1;
uint?dwOutVersion = 0;
DRS_MSG_EXISTREPLY?reply;
/* Issue the request */
ret = drsTestClient.DRSClient.DrsGetObjectExistence(
EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
dwInVersion,
msgIn,
out dwOutVersion,
out reply);
BaseTestSite.Assert.AreEqual <uint>(
(uint)Win32ErrorCode_32.ERROR_DS_DRA_ACCESS_DENIED,
ret,
"DrsGetObjectExistence: return code mismatch."
);
}
public void DRSR_DRSReplicaSync_No_Replica()
{
DrsrTestChecker.Check();
uint ret = drsTestClient.DrsBind(
EnvironmentConfig.Machine.WritableDC1,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
/* comments from TD */
/*
* rf := select all v in nc!repsFrom
* where DRS_SYNC_ALL in options
* or (DRS_SYNC_BYNAME in options
* and v.naDsa = msgIn.pszDsaSrc)
* or (not DRS_SYNC_BYNAME in options
* and v.uuidDsa = msgIn.uuidDsaSrc)
* if rf = null then
* return ERROR_DS_DRA_NO_REPLICA
* endif
*
*/
/* Create request message */
DRS_MSG_REPSYNC msgIn = drsTestClient.CreateDrsReplicaSyncV1Request();
uint dwInVersion = 1;
/* Setting param #1 */
/*msgIn.V1.pszDsaSrc = "InvalidDsaSrc"*/
msgIn.V1.pszDsaSrc = "InvalidDsaSrc";
/* Setting param #2 */
/*msgIn.V1.ulOptions = (uint)DRS_OPTIONS.DRS_SYNC_BYNAME*/
msgIn.V1.ulOptions = (uint)DRS_OPTIONS.DRS_SYNC_BYNAME;
// NC
DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.defaultNamingContext);
msgIn.V1.pNC = ncDsname;
/* Issue the request */
ret = drsTestClient.DRSClient.DrsReplicaSync(
EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
dwInVersion,
msgIn);
BaseTestSite.Assert.AreEqual <uint>(
(uint)Win32ErrorCode_32.ERROR_DS_DRA_NO_REPLICA,
ret,
"DrsReplicaSync: return code mismatch."
);
}
public void DRSR_DRSReplicaSync_Invalid_Input_2()
{
DrsrTestChecker.Check();
uint ret = drsTestClient.DrsBind(
EnvironmentConfig.Machine.WritableDC1,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE);
/* comments from TD */
/*
* options := msgIn.ulOptions
* if msgIn.pNC = null
* or (not DRS_SYNC_ALL in options
* and msgIn.uuidDsaSrc = null
* and msgIn.pszDsaSrc = null) then
* return ERROR_DS_DRA_INVALID_PARAMETER
* endif
*
*/
/* Create request message */
DRS_MSG_REPSYNC msgIn = drsTestClient.CreateDrsReplicaSyncV1Request();
uint dwInVersion = 1;
/* Setting param #1 */
/*msgIn.V1.ulOptions = 0*/
msgIn.V1.ulOptions = 0;
/* Setting param #2 */
/*msgIn.V1.uuidDsaSrc = Guid.Empty*/
msgIn.V1.uuidDsaSrc = Guid.Empty;
/* Setting param #3 */
/*msgIn.V1.pszDsaSrc = null*/
msgIn.V1.pszDsaSrc = null;
// NC
DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1];
RootDSE rootDse = LdapUtility.GetRootDSE(srv);
DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext);
msgIn.V1.pNC = ncDsname;
/* Issue the request */
ret = drsTestClient.DRSClient.DrsReplicaSync(
EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1],
dwInVersion,
msgIn);
BaseTestSite.Assert.AreEqual <uint>(
(uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER,
ret,
"DrsReplicaSync: return code mismatch."
);
}
DSNAME[] LookupAttr(DsServer dc, uint flags, string attrName, string attrValue)
{
if (attrName == null || attrValue == null)
{
return(null);
}
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
SearchResultEntryCollection results = null;
ResultCode re = Search(
dc,
rootDse.defaultNamingContext,
"(" + attrName + "=" + attrValue + ")",
System.DirectoryServices.Protocols.SearchScope.Subtree,
new string[] { "distinguishedName" },
out results);
if (re == ResultCode.NoSuchObject)
{
// not found in default NC, try in config NC
re = Search(
dc,
rootDse.configurationNamingContext,
"(" + attrName + "=" + attrValue + ")",
System.DirectoryServices.Protocols.SearchScope.Subtree,
new string[] { "distinguishedName" },
out results);
}
if (re == ResultCode.NoSuchObject)
{
// not found in config NC, try in schema NC
re = Search(
dc,
rootDse.schemaNamingContext,
"(" + attrName + "=" + attrValue + ")",
System.DirectoryServices.Protocols.SearchScope.Subtree,
new string[] { "distinguishedName" },
out results);
}
if (re == ResultCode.Success && results.Count > 0)
{
List <DSNAME> names = new List <DSNAME>();
foreach (SearchResultEntry e in results)
{
names.Add(LdapUtility.CreateDSNameForObject(dc, e.DistinguishedName));
}
return(names.ToArray());
}
return(null);
}
DSNAME[] LookupSPN(DsServer dc, uint flags, string name)
{
DSNAME[] rt = null;
Guid? dcGuid = null;
string[] spnMappings = null;
string mappedSpn = null;
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
rt = LookupAttr(dc, flags, "servicePrincipalName", name);
if (rt != null)
{
return(rt);
}
string dsService = "CN=Directory Service,CN=Windows NT,CN=Services," + rootDse.configurationNamingContext;
spnMappings = LdapUtility.GetAttributeValuesString(dc, dsService + rootDse.configurationNamingContext, "sPNMappings");
if (spnMappings != null)
{
mappedSpn = MapSPN(name, spnMappings);
if (mappedSpn != null)
{
rt = LookupAttr(dc, flags, "servicePrincipalName", mappedSpn);
if (rt != null)
{
return(rt);
}
}
}
if (GetServiceClassFromSPN(name) == DrsrUtility.DRSUAPI_RPC_INTERFACE_UUID.ToString().ToUpper() &&
GetServiceNameFromSPN(name) == DomainNameFromDN(rootDse.defaultNamingContext))
{
dcGuid = new Guid(GetInstanceNameFromSPN(name));
if (dcGuid != null)
{
string objDn = LdapUtility.GetObjectDnByGuid(dc, rootDse.configurationNamingContext, dcGuid.Value);
if (objDn != null)
{
objDn = GetParentObjectDn(objDn);
if (objDn != null)
{
string srvRef = (string)GetAttributeValue(dc, objDn, "serverReference");
rt = new DSNAME[] { GetDsName(dc, srvRef).Value };
}
}
}
}
return(rt);
}
DSNAME?DescendantObject(DsServer dc, string ancestor, string rdns)
{
string dn = rdns + ancestor;
DSNAME ds = LdapUtility.CreateDSNameForObject(dc, dn);
if (ds.StringName == null)
{
return(null);
}
return(ds);
}
public DSNAME[] GetMemberships(
DsServer dc,
DSNAME names,
REVERSE_MEMBERSHIP_OPERATION_TYPE operationType,
DSNAME?limitingDomain)
{
string baseDn = LdapUtility.ConvertUshortArrayToString(
((AddsDomain)dc.Domain).DomainNC.StringName
);
string name = LdapUtility.ConvertUshortArrayToString(names.StringName);
List <DSNAME> results = new List <DSNAME>();
// GroupMembersTransitive
if (operationType == REVERSE_MEMBERSHIP_OPERATION_TYPE.GroupMembersTransitive)
{
return(GetGroupMembersTransitive(dc, names));
}
// Get the primary group first
DSNAME primaryGroup = LdapUtility.GetPrimaryGroup(dc, name, baseDn).Value;
uint groupType = (uint)Convert.ToInt32(
(string)LdapUtility.GetAttributeValue(
dc,
LdapUtility.ConvertUshortArrayToString(primaryGroup.StringName),
"groupType")
);
if (FilterGroupOperationType(operationType, groupType))
{
// Valid primary group
results.Add(primaryGroup);
}
string[] memberOfs = LdapUtility.GetAttributeValuesString(dc, name, "memberOf");
foreach (string grpName in memberOfs)
{
// Get groupType and filter using the filters
groupType = (uint)Convert.ToInt32(
LdapUtility.GetAttributeValue(dc, grpName, "groupType")
);
if (!FilterGroupOperationType(operationType, groupType))
{
continue;
}
results.Add(LdapUtility.CreateDSNameForObject(dc, grpName));
}
return(results.ToArray());
}
DSNAME?DomainFromDomainDNSName(DsServer dc, string domainName)
{
string dn = DrsrHelper.GetDNFromFQDN(domainName);
if (dn != null)
{
return(LdapUtility.CreateDSNameForObject(dc, dn));
}
else
{
return(null);
}
}
public void DRSR_DRSGetMemberships_Get_Group_Members_Transitive()
{
DrsrTestChecker.Check();
// Init the data.
EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1;
DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv];
DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin];
uint ret = 0;
ret = drsTestClient.DrsBind(
srv,
EnvironmentConfig.User.ParentDomainAdmin,
DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE
);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSBind: should return 0 with a success bind to DC");
string groupDn = "CN=Domain Users,CN=Users," + DrsrHelper.GetDNFromFQDN(ADCommonServerAdapter.Instance(Site).PrimaryDomainDnsName);
DSNAME dsGroup = LdapUtility.CreateDSNameForObject(
server,
groupDn
);
ret = drsTestClient.DrsGetMemberships(
srv,
dwInVersion_Values.V1,
dsGroup,
false,
REVERSE_MEMBERSHIP_OPERATION_TYPE.GroupMembersTransitive,
null);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSGetMemberships: return value should be 0");
// Unbind
ret = drsTestClient.DrsUnbind(srv);
BaseTestSite.Assert.AreEqual <uint>(
0,
ret,
"IDL_DRSUnbind: return value should be 0");
}
public static uint attrTyp(DsServer dc, string attrName)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
SCHEMA_PREFIX_TABLE prefixTable = OIDUtility.CreatePrefixTable();
string attrOid = GetAttributeValueInString(
dc,
rootDse.schemaNamingContext,
"attributeID",
"(lDAPDisplayName=" + attrName + ")",
System.DirectoryServices.Protocols.SearchScope.OneLevel
);
uint attrTyp = OIDUtility.MakeAttid(prefixTable, attrOid);
return(attrTyp);
}
DSNAME GetDSNameFromSid(DsServer dc, NT4SID sid)
{
RootDSE rootDse = LdapUtility.GetRootDSE(dc);
string baseDn = rootDse.defaultNamingContext;
StringBuilder sidStr = new StringBuilder();
for (int i = 0; i < sid.Data.Length; ++i)
{
sidStr.AppendFormat(@"\{0:x2}", sid.Data[i]);
}
string filter = "(objectSid=" + sidStr.ToString() + ")";
string dn = (string)GetAttributeValue(dc, baseDn, "distinguishedName", filter, System.DirectoryServices.Protocols.SearchScope.Subtree);
return(LdapUtility.CreateDSNameForObject(dc, dn));
}
public void DRSR_RODC_ReadOnly_LDAP()
{
DrsrTestChecker.Check();
// although this case is really not related to DRSR, using LDAP write access
// to a RODC here could really prove that the DC is Read-only
// A proper-functioning RODC should just return a referral.
EnvironmentConfig.Machine rodcEnum = EnvironmentConfig.Machine.RODC;
EnvironmentConfig.Machine dc1Enum = EnvironmentConfig.Machine.WritableDC1;
EnvironmentConfig.Machine dc2Enum = EnvironmentConfig.Machine.WritableDC2;
DsServer dc1 = (DsServer)EnvironmentConfig.MachineStore[dc1Enum];
DsServer dc2 = (DsServer)EnvironmentConfig.MachineStore[dc2Enum];
DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[rodcEnum];
// try to add a user on the RODC without referral chasing
rodc.LdapConn.SessionOptions.ReferralChasing = ReferralChasingOptions.None;
// to avoid naming conflict
Random rnd = new Random();
string nc = LdapUtility.ConvertUshortArrayToString(((AddsDomain)rodc.Domain).DomainNC.StringName);
string dn = "CN=ShouldNotExist" + rnd.Next().ToString() + ",CN=Users," + nc;
AddResponse resp = null;
try
{
AddRequest req = new AddRequest(dn, "user");
resp = (AddResponse)rodc.LdapConn.SendRequest(req);
}
catch (DirectoryOperationException e)
{
BaseTestSite.Assert.Fail(e.Message);
}
// first, verify the response is a referral
BaseTestSite.Assert.IsTrue(resp.ResultCode == ResultCode.Referral, "Expected a referral");
BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "referral host is " + resp.Referral[0].Host);
// then, verify it is referring to the writable DC
BaseTestSite.Assert.IsTrue(
dc1.DnsHostName.ToLower().Trim() == resp.Referral[0].Host.ToLower().Trim() ||
dc2.DnsHostName.ToLower().Trim() == resp.Referral[0].Host.ToLower().Trim(),
"The referral should point to the writable DC");
}
// Helper functions
string GetLdapDisplayName(DsServer dc, uint attrType, SCHEMA_PREFIX_TABLE prefixTable)
{
// translate the attrType to OID
string oid = OIDUtility.OidFromAttrid(prefixTable, attrType);
// get the lDAPDisplayName of the attribute
// schema nc
string schemaNc = LdapUtility.GetDnFromNcType(dc, NamingContext.SchemaNC);
return(ldapAdapter.GetAttributeValueInString(
dc,
schemaNc,
"lDAPDisplayName",
"(attributeID=" + oid + ")",
SearchScope.OneLevel
));
}
