public DSNAME GetObjectNC(DsServer dc, DSNAME obj) { RootDSE rootDse = LdapUtility.GetRootDSE(dc); string dn = LdapUtility.ConvertUshortArrayToString(obj.StringName); string ncDn = ""; // there might be spaces between each RDN of the dn. dn = TrimDn(dn); // default first if (rootDse.defaultNamingContext != null) { // AD LDS doesn't have default NC if (dn.Contains(rootDse.defaultNamingContext)) { ncDn = rootDse.defaultNamingContext; } } if (dn.Contains(rootDse.configurationNamingContext)) { ncDn = rootDse.configurationNamingContext; } if (dn.Contains(rootDse.schemaNamingContext)) { ncDn = rootDse.schemaNamingContext; } return(LdapUtility.CreateDSNameForObject(dc, ncDn)); }
string GetCanonicalName(DsServer dc, DSNAME obj, bool extended) { string result; string dn = LdapUtility.ConvertUshortArrayToString(obj.StringName); //if (GetObjectNC(dc, obj).Guid == obj.Guid) if (RetrieveDCSuffixFromDn(dn) == dn) { return(DomainDNSNameFromDomain(dc, obj)); } DSNAME parentObj = GetDsName(dc, GetParentObjectDn(dn)).Value; result = GetCanonicalName(dc, parentObj, false); if (extended == true) { result = result + "\n"; } else { result = result + "/"; } string name = (string)GetAttributeValue(dc, dn, "name"); result = result + name; return(result); }
static int CompareDsNames(DSNAME a, DSNAME b) { string na = LdapUtility.ConvertUshortArrayToString(a.StringName); string nb = LdapUtility.ConvertUshortArrayToString(b.StringName); return(na.CompareTo(nb)); }
/// <summary> /// Get all site objects in the forest where the DC is located. /// </summary> /// <param name="dc">The DC in the forest.</param> /// <returns>All site objects in the forest.</returns> public DsSite[] ListSites(DsServer dc) { RootDSE rootDse = LdapUtility.GetRootDSE(dc); // Forest, so start with the root of config nc string siteRoot = "CN=Sites," + rootDse.configurationNamingContext; SearchResultEntryCollection results = null; ResultCode ret = Search( dc, siteRoot, "(objectClass=site)", System.DirectoryServices.Protocols.SearchScope.OneLevel, null, out results ); List <DsSite> sites = new List <DsSite>(); foreach (SearchResultEntry site in results) { string dn = site.DistinguishedName; sites.Add(GetSite(dc, dn)); } return(sites.ToArray()); }
public static string GetFSMORoleCN(DsDomain dsdomain, FSMORoles fsmoRole) { string dn = null; if (dsdomain is AddsDomain) { string defaultNC = LdapUtility.ConvertUshortArrayToString( ((AddsDomain)dsdomain).DomainNC.StringName); switch (fsmoRole) { case FSMORoles.PDC: { dn = defaultNC; break; } case FSMORoles.RidAllocation: { dn = "CN=RID Manager$,CN=System," + defaultNC; break; } case FSMORoles.Infrastructure: { dn = "CN=Infrastructure," + defaultNC; break; } default: break; } } else { switch (fsmoRole) { case FSMORoles.Schema: { dn = LdapUtility.ConvertUshortArrayToString( dsdomain.SchemaNC.StringName); break; } case FSMORoles.DomainNaming: { dn = "CN=Partitions," + LdapUtility.ConvertUshortArrayToString( dsdomain.ConfigNC.StringName); break; } default: break; } } return(dn); }
/// <summary> /// try delete object /// </summary> /// <returns></returns> bool op() { DsServer dc = (DsServer)EnvironmentConfig.MachineStore[dsServerType]; if (!LdapUtility.IsObjectExist(dc, objectDN)) { return(true); } for (int i = 0; i < 2; i++) { try { System.DirectoryServices.Protocols.ResultCode rCode = ldapAdapter.DeleteObject(dc, objectDN); if (rCode == System.DirectoryServices.Protocols.ResultCode.Success) { return(true); } } catch { System.Threading.Thread.Sleep(1000); } } return(false); }
/// <summary> /// Get all domains in the forest. /// </summary> /// <param name="dc">The DC in the forest.</param> /// <returns>All domain objects in the forest.</returns> public DsDomain[] ListDomains(DsServer dc) { RootDSE rootDse = LdapUtility.GetRootDSE(dc); string partitionDn = "CN=Partitions," + rootDse.configurationNamingContext; SearchResultEntryCollection results = null; ResultCode re = LdapUtility.Search( dc, partitionDn, "(&(objectClass=crossRef)(systemFlags:1.2.840.113556.1.4.804:=2))", System.DirectoryServices.Protocols.SearchScope.Subtree, new string[] { "nCName" }, out results); if (re != ResultCode.Success) { return(null); } List <DsDomain> domains = new List <DsDomain>(); foreach (SearchResultEntry e in results) { DirectoryAttribute attr = e.Attributes["nCName"]; string dn = (string)attr[0]; DsDomain domain = new AddsDomain(); domain.Name = dn; domains.Add(domain); } return(domains.ToArray()); }
/// <summary> /// Get all NCs in the forest. /// </summary> /// <param name="dc">The DC in the forest.</param> /// <returns>All NC DNs in the forest.</returns> public string[] ListNCs(DsServer dc) { RootDSE rootDse = LdapUtility.GetRootDSE(dc); string partitionDn = "CN=Partitions," + rootDse.configurationNamingContext; SearchResultEntryCollection results = null; ResultCode re = LdapUtility.Search( dc, partitionDn, "(objectClass=crossRef)", System.DirectoryServices.Protocols.SearchScope.Subtree, new string[] { "nCName" }, out results); if (re != ResultCode.Success) { return(null); } List <string> ncs = new List <string>(); foreach (SearchResultEntry e in results) { DirectoryAttribute attr = e.Attributes["nCName"]; string dn = (string)attr[0]; ncs.Add(dn); } return(ncs.ToArray()); }
public static string GetDnFromNcType(DsServer srv, NamingContext ncType) { string baseDn = ""; RootDSE rootDse = LdapUtility.GetRootDSE(srv); switch (ncType) { case NamingContext.DomainNC: baseDn = rootDse.defaultNamingContext; break; case NamingContext.ConfigNC: baseDn = rootDse.configurationNamingContext; break; case NamingContext.SchemaNC: baseDn = rootDse.schemaNamingContext; break; default: throw new NotImplementedException(); //break; } return(baseDn); }
string DomainNetBIOSNameFromDomain(DsServer dc, DSNAME domainNc) { return(((string)GetAttributeValue( dc, LdapUtility.ConvertUshortArrayToString(domainNc.StringName), "name")).ToUpper()); }
// <summary> // the function is used to create a DrsUpdateRef request // </summary> public DRS_MSG_UPDREFS CreateRequestForDrsUpdateRef( EnvironmentConfig.Machine machine, DsServer dest, DRS_OPTIONS options, NamingContext nc = NamingContext.ConfigNC) { string nc_name = null; Guid nc_guid = Guid.Empty; string nc_sid = null; DSNAME nc_obj; switch (nc) { case NamingContext.ConfigNC: nc_obj = dest.Domain.ConfigNC; break; case NamingContext.SchemaNC: nc_obj = dest.Domain.SchemaNC; break; case NamingContext.AppNC: if (EnvironmentConfig.TestDS) { nc_obj = ((AddsDomain)dest.Domain).OtherNCs[0]; } else { nc_obj = ((AdldsDomain)dest.Domain).AppNCs[0]; } break; case NamingContext.DomainNC: if (!EnvironmentConfig.TestDS) { nc_obj = new DSNAME(); } nc_obj = ((AddsDomain)dest.Domain).DomainNC; break; default: nc_obj = new DSNAME(); break; } nc_name = LdapUtility.ConvertUshortArrayToString(nc_obj.StringName); nc_guid = nc_obj.Guid; nc_sid = convertSidToString(nc_obj.Sid); DRS_MSG_UPDREFS?req = DRSClient.CreateUpdateRefsRequest( nc_name, nc_guid, nc_sid, dest.DsaNetworkAddress, dest.NtdsDsaObjectGuid, options); return((DRS_MSG_UPDREFS)req); }
private void DRSReplicaSync_Invalid_Input_4(DrsReplicaSync_Versions dwInVersion) { uint ret = drsTestClient.DrsBind( EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE); /* comments from TD */ /* * if (DRS_SYNC_BYNAME in options and msgIn.pszDsaSrc = null) * or (not DRS_SYNC_BYNAME in options and msgIn.uuidDsaSrc = null) * or (not DRS_SYNC_BYNAME in options and msgIn.uuidDsaSrc = NULLGUID) then * return ERROR_DS_DRA_INVALID_PARAMETER * endif */ /* Create request message */ DRS_MSG_REPSYNC msgIn = new DRS_MSG_REPSYNC(); // NC DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1]; RootDSE rootDse = LdapUtility.GetRootDSE(srv); DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext); switch (dwInVersion) { case DrsReplicaSync_Versions.V1: msgIn = drsTestClient.CreateDrsReplicaSyncV1Request(); /* Setting param #1 */ msgIn.V1.ulOptions = 0; /* Setting param #2 */ msgIn.V1.uuidDsaSrc = Guid.Empty; msgIn.V1.pNC = ncDsname; break; case DrsReplicaSync_Versions.V2: msgIn = drsTestClient.CreateDrsReplicaSyncV2Request(); /* Setting param #1 */ msgIn.V2.ulOptions = 0; /* Setting param #2 */ msgIn.V2.uuidDsaSrc = Guid.Empty; msgIn.V2.pNC = ncDsname; break; default: BaseTestSite.Assert.Fail("The version {0} is not supported.", dwInVersion); break; } /* Issue the request */ ret = drsTestClient.DRSClient.DrsReplicaSync( EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1], (uint)dwInVersion, msgIn); BaseTestSite.Assert.AreEqual <uint>( (uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER, ret, "DrsReplicaSync: return code mismatch." ); }
string DomainNameFromSid(DsServer dc, NT4SID sid) { SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0); RootDSE rootDse = LdapUtility.GetRootDSE(dc); return(DrsrHelper.GetFQDNFromDN(rootDse.defaultNamingContext)); }
void VerifyCrackNamesMapSchemaGuid( DsServer dc, DRS_MSG_CRACKREQ req, DRS_MSG_CRACKREPLY?reply) { RootDSE rootDse = LdapUtility.GetRootDSE(dc); Guid guid = new Guid(req.V1.rpNames[0]); string schemaGuidStr = LdapUtility.GetBinaryString(guid.ToByteArray()); string name = ldapAd.GetAttributeValueInString( dc, rootDse.schemaNamingContext, "lDAPDisplayName", "(schemaIDGUID=" + schemaGuidStr + ")", SearchScope.Subtree ); testSite.Assert.IsTrue( name == reply.Value.V1.pResult[0].rItems[0].pName, "IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify schema name, expect:{0}, got{1}", name, reply.Value.V1.pResult[0].rItems[0].pName ); string[] objClass = LdapUtility.GetAttributeValuesString( dc, rootDse.schemaNamingContext, "objectClass", "(schemaIDGUID=" + schemaGuidStr + ")", SearchScope.Subtree ); string objLastClass = objClass[objClass.Length - 1]; switch (objLastClass) { case "classSchema": testSite.Assert.IsTrue( DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS == reply.Value.V1.pResult[0].rItems[0].status, "IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}", DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS, reply.Value.V1.pResult[0].rItems[0].status ); break; case "attributeSchema": testSite.Assert.IsTrue( DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_ATTR == reply.Value.V1.pResult[0].rItems[0].status, "IDL_DRSCrackNames: DS_MAP_SCHEMA_GUID: failed to verify status, expect:{0}, got{1}", DS_NAME_ERROR.DS_NAME_ERROR_SCHEMA_GUID_CLASS, reply.Value.V1.pResult[0].rItems[0].status ); break; default: throw new NotImplementedException(); } }
public void DRSR_DRSGetNCChanges_Access_Denied() { DrsrTestChecker.Check(); uint ret = drsTestClient.DrsBind( EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainUser, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE | DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_GETCHGREPLY_V6); /* comments from TD */ /* * if IsGetNCChangesPermissionGranted(msgIn) == FALSE then * return ERROR_DRA_ACCESS_DENIED * endif * */ /* comments from likezh */ /* * IsGetNCChangesPermissionGranted(msgIn) == FALSE */ //throw new NotImplementedException(); /* Create request message */ DRS_MSG_GETCHGREQ msgIn = drsTestClient.CreateDrsGetNcChangesV8Request(); uint dwInVersion = 8; uint?dwOutVersion = 0; DRS_MSG_GETCHGREPLY?reply; /* Setting param #1 */ /*msgIn.V8.pNC = DefaultNC()*/ // NC DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1]; RootDSE rootDse = LdapUtility.GetRootDSE(srv); DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext); msgIn.V8.pNC = ncDsname; if (EnvironmentConfig.TestDS == false) { // ADAM requires a DSA GUID msgIn.V8.uuidDsaObjDest = srv.NtdsDsaObjectGuid; } /* Issue the request */ ret = drsTestClient.DRSClient.DrsGetNcChanges( EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1], dwInVersion, msgIn, out dwOutVersion, out reply); BaseTestSite.Assert.AreEqual <uint>( (uint)Win32ErrorCode_32.ERROR_DS_DRA_ACCESS_DENIED, ret, "DrsGetNcChanges: return code mismatch." ); }
/// <summary> /// Returns true if the domain identified by sid is in a forest trusted by the caller's forest, /// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise. /// </summary> /// <param name="dc"></param> /// <param name="sid">The SID of a domain.</param> /// <returns></returns> static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid) { FOREST_TRUST_INFORMATION f; bool b; RootDSE rootDse = LdapUtility.GetRootDSE(dc); string[] tdos = LdapUtility.GetAttributeValuesString( dc, rootDse.rootDomainNamingContext, "distinguishedName", "(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))", System.DirectoryServices.Protocols.SearchScope.Subtree); foreach (string o in tdos) { byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo"); if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f)) { return(false); } foreach (Record e in f.Records) { if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo && (DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) && ((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0)) { b = true; foreach (Record g in f.Records) { if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx && (g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 && ( ((RecordTopLevelName)g.ForestTrustData).TopLevelName == ((RecordDomainInfo)e.ForestTrustData).DnsName || TrustInfo.IsSubdomainOf( ((RecordDomainInfo)e.ForestTrustData).DnsName, ((RecordTopLevelName)g.ForestTrustData).TopLevelName) ) ) { b = false; break; } } if (b) { return(true); } } } } return(false); }
public static DSNAME CreateDSNameForObject(DsServer srv, string dn) { // Get the GUID first Guid?guid = LdapUtility.GetObjectGuid(srv, dn); string sid = GetObjectStringSid(srv, dn); return(DrsuapiClient.CreateDsName(dn, guid.Value, sid)); }
public void DRSR_DRSGetObjectExistence_Access_Denied() { DrsrTestChecker.Check(); uint ret = drsTestClient.DrsBind( EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainUser, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE); /* comments from TD */ /* * if not AccessCheckCAR(nc, DS-Replication-Get-Changes) then * return ERROR_DS_DRA_ACCESS_DENIED * endif * */ /* comments from likezh */ /* * !AccessCheckCAR(nc, DS-Replication-Get-Changes) */ //throw new NotImplementedException(); /* Create request message */ DRS_MSG_EXISTREQ msgIn = drsTestClient.CreateDrsGetObjectExistenceV1Request(); // NC DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1]; RootDSE rootDse = LdapUtility.GetRootDSE(srv); DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.defaultNamingContext); msgIn.V1.pNC = ncDsname; // This API will check the guidStart first to validate the input, so // to go thru that we set the guidStart to any guid. msgIn.V1.guidStart = DRSConstants.DrsRpcInterfaceGuid; uint dwInVersion = 1; uint?dwOutVersion = 0; DRS_MSG_EXISTREPLY?reply; /* Issue the request */ ret = drsTestClient.DRSClient.DrsGetObjectExistence( EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1], dwInVersion, msgIn, out dwOutVersion, out reply); BaseTestSite.Assert.AreEqual <uint>( (uint)Win32ErrorCode_32.ERROR_DS_DRA_ACCESS_DENIED, ret, "DrsGetObjectExistence: return code mismatch." ); }
public void DRSR_DRSReplicaSync_No_Replica() { DrsrTestChecker.Check(); uint ret = drsTestClient.DrsBind( EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE); /* comments from TD */ /* * rf := select all v in nc!repsFrom * where DRS_SYNC_ALL in options * or (DRS_SYNC_BYNAME in options * and v.naDsa = msgIn.pszDsaSrc) * or (not DRS_SYNC_BYNAME in options * and v.uuidDsa = msgIn.uuidDsaSrc) * if rf = null then * return ERROR_DS_DRA_NO_REPLICA * endif * */ /* Create request message */ DRS_MSG_REPSYNC msgIn = drsTestClient.CreateDrsReplicaSyncV1Request(); uint dwInVersion = 1; /* Setting param #1 */ /*msgIn.V1.pszDsaSrc = "InvalidDsaSrc"*/ msgIn.V1.pszDsaSrc = "InvalidDsaSrc"; /* Setting param #2 */ /*msgIn.V1.ulOptions = (uint)DRS_OPTIONS.DRS_SYNC_BYNAME*/ msgIn.V1.ulOptions = (uint)DRS_OPTIONS.DRS_SYNC_BYNAME; // NC DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1]; RootDSE rootDse = LdapUtility.GetRootDSE(srv); DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.defaultNamingContext); msgIn.V1.pNC = ncDsname; /* Issue the request */ ret = drsTestClient.DRSClient.DrsReplicaSync( EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1], dwInVersion, msgIn); BaseTestSite.Assert.AreEqual <uint>( (uint)Win32ErrorCode_32.ERROR_DS_DRA_NO_REPLICA, ret, "DrsReplicaSync: return code mismatch." ); }
public void DRSR_DRSReplicaSync_Invalid_Input_2() { DrsrTestChecker.Check(); uint ret = drsTestClient.DrsBind( EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE); /* comments from TD */ /* * options := msgIn.ulOptions * if msgIn.pNC = null * or (not DRS_SYNC_ALL in options * and msgIn.uuidDsaSrc = null * and msgIn.pszDsaSrc = null) then * return ERROR_DS_DRA_INVALID_PARAMETER * endif * */ /* Create request message */ DRS_MSG_REPSYNC msgIn = drsTestClient.CreateDrsReplicaSyncV1Request(); uint dwInVersion = 1; /* Setting param #1 */ /*msgIn.V1.ulOptions = 0*/ msgIn.V1.ulOptions = 0; /* Setting param #2 */ /*msgIn.V1.uuidDsaSrc = Guid.Empty*/ msgIn.V1.uuidDsaSrc = Guid.Empty; /* Setting param #3 */ /*msgIn.V1.pszDsaSrc = null*/ msgIn.V1.pszDsaSrc = null; // NC DsServer srv = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1]; RootDSE rootDse = LdapUtility.GetRootDSE(srv); DSNAME ncDsname = LdapUtility.CreateDSNameForObject(srv, rootDse.configurationNamingContext); msgIn.V1.pNC = ncDsname; /* Issue the request */ ret = drsTestClient.DRSClient.DrsReplicaSync( EnvironmentConfig.DrsContextStore[EnvironmentConfig.Machine.WritableDC1], dwInVersion, msgIn); BaseTestSite.Assert.AreEqual <uint>( (uint)Win32ErrorCode_32.ERROR_DS_DRA_INVALID_PARAMETER, ret, "DrsReplicaSync: return code mismatch." ); }
DSNAME[] LookupAttr(DsServer dc, uint flags, string attrName, string attrValue) { if (attrName == null || attrValue == null) { return(null); } RootDSE rootDse = LdapUtility.GetRootDSE(dc); SearchResultEntryCollection results = null; ResultCode re = Search( dc, rootDse.defaultNamingContext, "(" + attrName + "=" + attrValue + ")", System.DirectoryServices.Protocols.SearchScope.Subtree, new string[] { "distinguishedName" }, out results); if (re == ResultCode.NoSuchObject) { // not found in default NC, try in config NC re = Search( dc, rootDse.configurationNamingContext, "(" + attrName + "=" + attrValue + ")", System.DirectoryServices.Protocols.SearchScope.Subtree, new string[] { "distinguishedName" }, out results); } if (re == ResultCode.NoSuchObject) { // not found in config NC, try in schema NC re = Search( dc, rootDse.schemaNamingContext, "(" + attrName + "=" + attrValue + ")", System.DirectoryServices.Protocols.SearchScope.Subtree, new string[] { "distinguishedName" }, out results); } if (re == ResultCode.Success && results.Count > 0) { List <DSNAME> names = new List <DSNAME>(); foreach (SearchResultEntry e in results) { names.Add(LdapUtility.CreateDSNameForObject(dc, e.DistinguishedName)); } return(names.ToArray()); } return(null); }
DSNAME[] LookupSPN(DsServer dc, uint flags, string name) { DSNAME[] rt = null; Guid? dcGuid = null; string[] spnMappings = null; string mappedSpn = null; RootDSE rootDse = LdapUtility.GetRootDSE(dc); rt = LookupAttr(dc, flags, "servicePrincipalName", name); if (rt != null) { return(rt); } string dsService = "CN=Directory Service,CN=Windows NT,CN=Services," + rootDse.configurationNamingContext; spnMappings = LdapUtility.GetAttributeValuesString(dc, dsService + rootDse.configurationNamingContext, "sPNMappings"); if (spnMappings != null) { mappedSpn = MapSPN(name, spnMappings); if (mappedSpn != null) { rt = LookupAttr(dc, flags, "servicePrincipalName", mappedSpn); if (rt != null) { return(rt); } } } if (GetServiceClassFromSPN(name) == DrsrUtility.DRSUAPI_RPC_INTERFACE_UUID.ToString().ToUpper() && GetServiceNameFromSPN(name) == DomainNameFromDN(rootDse.defaultNamingContext)) { dcGuid = new Guid(GetInstanceNameFromSPN(name)); if (dcGuid != null) { string objDn = LdapUtility.GetObjectDnByGuid(dc, rootDse.configurationNamingContext, dcGuid.Value); if (objDn != null) { objDn = GetParentObjectDn(objDn); if (objDn != null) { string srvRef = (string)GetAttributeValue(dc, objDn, "serverReference"); rt = new DSNAME[] { GetDsName(dc, srvRef).Value }; } } } } return(rt); }
DSNAME?DescendantObject(DsServer dc, string ancestor, string rdns) { string dn = rdns + ancestor; DSNAME ds = LdapUtility.CreateDSNameForObject(dc, dn); if (ds.StringName == null) { return(null); } return(ds); }
public DSNAME[] GetMemberships( DsServer dc, DSNAME names, REVERSE_MEMBERSHIP_OPERATION_TYPE operationType, DSNAME?limitingDomain) { string baseDn = LdapUtility.ConvertUshortArrayToString( ((AddsDomain)dc.Domain).DomainNC.StringName ); string name = LdapUtility.ConvertUshortArrayToString(names.StringName); List <DSNAME> results = new List <DSNAME>(); // GroupMembersTransitive if (operationType == REVERSE_MEMBERSHIP_OPERATION_TYPE.GroupMembersTransitive) { return(GetGroupMembersTransitive(dc, names)); } // Get the primary group first DSNAME primaryGroup = LdapUtility.GetPrimaryGroup(dc, name, baseDn).Value; uint groupType = (uint)Convert.ToInt32( (string)LdapUtility.GetAttributeValue( dc, LdapUtility.ConvertUshortArrayToString(primaryGroup.StringName), "groupType") ); if (FilterGroupOperationType(operationType, groupType)) { // Valid primary group results.Add(primaryGroup); } string[] memberOfs = LdapUtility.GetAttributeValuesString(dc, name, "memberOf"); foreach (string grpName in memberOfs) { // Get groupType and filter using the filters groupType = (uint)Convert.ToInt32( LdapUtility.GetAttributeValue(dc, grpName, "groupType") ); if (!FilterGroupOperationType(operationType, groupType)) { continue; } results.Add(LdapUtility.CreateDSNameForObject(dc, grpName)); } return(results.ToArray()); }
DSNAME?DomainFromDomainDNSName(DsServer dc, string domainName) { string dn = DrsrHelper.GetDNFromFQDN(domainName); if (dn != null) { return(LdapUtility.CreateDSNameForObject(dc, dn)); } else { return(null); } }
public void DRSR_DRSGetMemberships_Get_Group_Members_Transitive() { DrsrTestChecker.Check(); // Init the data. EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1; DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv]; DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin]; uint ret = 0; ret = drsTestClient.DrsBind( srv, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE ); BaseTestSite.Assert.AreEqual <uint>( 0, ret, "IDL_DRSBind: should return 0 with a success bind to DC"); string groupDn = "CN=Domain Users,CN=Users," + DrsrHelper.GetDNFromFQDN(ADCommonServerAdapter.Instance(Site).PrimaryDomainDnsName); DSNAME dsGroup = LdapUtility.CreateDSNameForObject( server, groupDn ); ret = drsTestClient.DrsGetMemberships( srv, dwInVersion_Values.V1, dsGroup, false, REVERSE_MEMBERSHIP_OPERATION_TYPE.GroupMembersTransitive, null); BaseTestSite.Assert.AreEqual <uint>( 0, ret, "IDL_DRSGetMemberships: return value should be 0"); // Unbind ret = drsTestClient.DrsUnbind(srv); BaseTestSite.Assert.AreEqual <uint>( 0, ret, "IDL_DRSUnbind: return value should be 0"); }
public static uint attrTyp(DsServer dc, string attrName) { RootDSE rootDse = LdapUtility.GetRootDSE(dc); SCHEMA_PREFIX_TABLE prefixTable = OIDUtility.CreatePrefixTable(); string attrOid = GetAttributeValueInString( dc, rootDse.schemaNamingContext, "attributeID", "(lDAPDisplayName=" + attrName + ")", System.DirectoryServices.Protocols.SearchScope.OneLevel ); uint attrTyp = OIDUtility.MakeAttid(prefixTable, attrOid); return(attrTyp); }
DSNAME GetDSNameFromSid(DsServer dc, NT4SID sid) { RootDSE rootDse = LdapUtility.GetRootDSE(dc); string baseDn = rootDse.defaultNamingContext; StringBuilder sidStr = new StringBuilder(); for (int i = 0; i < sid.Data.Length; ++i) { sidStr.AppendFormat(@"\{0:x2}", sid.Data[i]); } string filter = "(objectSid=" + sidStr.ToString() + ")"; string dn = (string)GetAttributeValue(dc, baseDn, "distinguishedName", filter, System.DirectoryServices.Protocols.SearchScope.Subtree); return(LdapUtility.CreateDSNameForObject(dc, dn)); }
public void DRSR_RODC_ReadOnly_LDAP() { DrsrTestChecker.Check(); // although this case is really not related to DRSR, using LDAP write access // to a RODC here could really prove that the DC is Read-only // A proper-functioning RODC should just return a referral. EnvironmentConfig.Machine rodcEnum = EnvironmentConfig.Machine.RODC; EnvironmentConfig.Machine dc1Enum = EnvironmentConfig.Machine.WritableDC1; EnvironmentConfig.Machine dc2Enum = EnvironmentConfig.Machine.WritableDC2; DsServer dc1 = (DsServer)EnvironmentConfig.MachineStore[dc1Enum]; DsServer dc2 = (DsServer)EnvironmentConfig.MachineStore[dc2Enum]; DsServer rodc = (DsServer)EnvironmentConfig.MachineStore[rodcEnum]; // try to add a user on the RODC without referral chasing rodc.LdapConn.SessionOptions.ReferralChasing = ReferralChasingOptions.None; // to avoid naming conflict Random rnd = new Random(); string nc = LdapUtility.ConvertUshortArrayToString(((AddsDomain)rodc.Domain).DomainNC.StringName); string dn = "CN=ShouldNotExist" + rnd.Next().ToString() + ",CN=Users," + nc; AddResponse resp = null; try { AddRequest req = new AddRequest(dn, "user"); resp = (AddResponse)rodc.LdapConn.SendRequest(req); } catch (DirectoryOperationException e) { BaseTestSite.Assert.Fail(e.Message); } // first, verify the response is a referral BaseTestSite.Assert.IsTrue(resp.ResultCode == ResultCode.Referral, "Expected a referral"); BaseTestSite.Log.Add(LogEntryKind.Checkpoint, "referral host is " + resp.Referral[0].Host); // then, verify it is referring to the writable DC BaseTestSite.Assert.IsTrue( dc1.DnsHostName.ToLower().Trim() == resp.Referral[0].Host.ToLower().Trim() || dc2.DnsHostName.ToLower().Trim() == resp.Referral[0].Host.ToLower().Trim(), "The referral should point to the writable DC"); }
// Helper functions string GetLdapDisplayName(DsServer dc, uint attrType, SCHEMA_PREFIX_TABLE prefixTable) { // translate the attrType to OID string oid = OIDUtility.OidFromAttrid(prefixTable, attrType); // get the lDAPDisplayName of the attribute // schema nc string schemaNc = LdapUtility.GetDnFromNcType(dc, NamingContext.SchemaNC); return(ldapAdapter.GetAttributeValueInString( dc, schemaNc, "lDAPDisplayName", "(attributeID=" + oid + ")", SearchScope.OneLevel )); }