示例#1
0
        protected byte[] SendAndRecieveLdapAp(LdapServer ldapServer, byte[] gssApiToken, KerberosConstValue.GSSToken gssToken)
        {
            SocketTransportConfig transportConfig = new SocketTransportConfig();

            transportConfig.RemoteIpAddress = System.Net.IPAddress.Parse(ldapServer.IPAddress);
            transportConfig.RemoteIpPort    = ldapServer.LdapPort;
            transportConfig.BufferSize      = 8192;
            transportConfig.Type            = StackTransportType.Tcp;
            transportConfig.Role            = Role.Client;
            AdtsLdapClient ldapClient = new AdtsLdapClient(AdtsLdapVersion.V3, transportConfig);

            ldapClient.Connect();

            string gss = (gssToken == KerberosConstValue.GSSToken.GSSSPNG) ? "GSS-SPNEGO" : "GSSAPI";
            AdtsBindRequestPacket bindRequest = ldapClient.CreateSaslBindRequest(gss, gssApiToken);

            ldapClient.SendPacket(bindRequest);
            AdtsLdapPacket response = ldapClient.ExpectPacket(KerberosConstValue.TIMEOUT_DEFAULT);

            BaseTestSite.Assert.IsNotNull(response, "Ldap response should not be null");
            BaseTestSite.Assert.IsInstanceOfType(response, typeof(AdtsBindResponsePacket), "Ldap response should be a bind response.");

            AdtsBindResponsePacket bindResponse = (AdtsBindResponsePacket)response;

            //Response code is 14, Sasl Bind In Progress, need future investigate
            byte[] repToken = ((BindResponse)bindResponse.GetInnerRequestOrResponse()).serverSaslCreds.ByteArrayValue;
            return(repToken);
        }
        public void LDAP_AD_DS_Add_Constraints_ComputerObject()
        {
            BaseTestSite.Assume.IsTrue(EnvironmentConfig.ServerVer >= ServerVersion.Win2012, "Server OS version should be not less than Windows Server 2012");

            #region Connect and bind to server

            SocketTransportConfig transportConfig = new SocketTransportConfig();
            transportConfig.RemoteIpAddress = IPAddress.Parse(AD_LDAPModelAdapter.Instance(Site).PDCIPAddress);
            transportConfig.RemoteIpPort    = int.Parse(AD_LDAPModelAdapter.Instance(Site).ADDSPortNum, CultureInfo.InvariantCulture);
            transportConfig.BufferSize      = AD_LDAPModelAdapter.Instance(Site).transportBufferSize;
            transportConfig.Type            = StackTransportType.Tcp;
            transportConfig.Role            = Role.Client;
            AdtsLdapClient ldapClientStack = new AdtsLdapClient(AdtsLdapVersion.V3, transportConfig);
            ldapClientStack.Connect();

            //The user do not have RIGHT_DS_CREATE_CHILD access rights
            String   userName      = AD_LDAPModelAdapter.Instance(Site).testUser7Name;
            String   password      = AD_LDAPModelAdapter.Instance(Site).testUser7Pwd;
            String   netbiosDomain = AD_LDAPModelAdapter.Instance(Site).PrimaryDomainNetBiosName;
            TimeSpan timeout       = AD_LDAPModelAdapter.Instance(Site).timeout;

            //Using SSL binding
            //Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.AccountCredential transportCredential = new Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.AccountCredential(
            //    Site.Properties["FullDomainName"], userName, password);
            //Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.ClientSecurityContextAttribute contextAttributes = Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.ClientSecurityContextAttribute.Connection;
            //Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.SspiClientSecurityContext securityContext = new Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.SspiClientSecurityContext(
            //            Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.SecurityPackageType.Kerberos,
            //            transportCredential,
            //            "LDAP/" + Site.Properties["ServerComputerName"],
            //            contextAttributes,
            //            Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.SecurityTargetDataRepresentation.SecurityNetworkDrep);
            //securityContext.Initialize(null);
            //AdtsBindRequestPacket bindRequest = ldapClientStack.CreateSaslBindRequest(securityContext, false);

            AdtsBindRequestPacket bindRequest = ldapClientStack.CreateSimpleBindRequest(userName, password, netbiosDomain);
            //send bind request
            ldapClientStack.SendPacket(bindRequest);
            AdtsLdapPacket         response     = ldapClientStack.ExpectPacket(timeout);
            AdtsBindResponsePacket bindResponse = (AdtsBindResponsePacket)response;

            //check the connectiong between client and server
            Site.Assert.AreEqual <long>(
                LDAPResult_resultCode.success,
                (long)((BindResponse)bindResponse.GetInnerRequestOrResponse()).resultCode.Value,
                "Bind response result should be LDAPResult_resultCode.success.");

            #endregion

            #region Add a Computer Object

            string computerName     = "testAddConstraints";
            string computerObjectDN = "CN=" + computerName + ",CN=Computers," + AD_LDAPModelAdapter.Instance(Site).rootDomainNC;
            KeyValuePair <string, string[]>[] attrs = new KeyValuePair <string, string[]> [5];
            attrs[0] = new KeyValuePair <string, string[]>("objectClass", new string[] { "computer" });
            attrs[1] = new KeyValuePair <string, string[]>("dNSHostName", new string[] { computerName + "." + AD_LDAPModelAdapter.Instance(Site).PrimaryDomainDnsName });
            attrs[2] = new KeyValuePair <string, string[]>("servicePrincipalName", new string[] { "host/" + computerName + "." + AD_LDAPModelAdapter.Instance(Site).PrimaryDomainDnsName, "host/" + computerName });
            attrs[3] = new KeyValuePair <string, string[]>("sAMAccountName", new string[] { computerName + "$" });
            //attrs[4] = new KeyValuePair<string, string[]>("userAccountControl", new string[]{ "4098" });
            //If the account is created with UF_ACCOUNTDISABLE set in userAccountControl, unicodePwd is not required.
            //attrs[5] = new KeyValuePair<string, string[]>("unicodePwd", new string[] { "Password01!" });

            AdtsAddRequestPacket addRequest = ldapClientStack.CreateAddRequest(computerObjectDN, attrs);
            ldapClientStack.SendPacket(addRequest);
            response = ldapClientStack.ExpectPacket(timeout);
            AdtsAddResponsePacket addResponse = (AdtsAddResponsePacket)response;
            string ldapErrorCode = Enum.GetName(typeof(ResultCode), ((Microsoft.Protocols.TestTools.StackSdk.ActiveDirectory.Adts.Asn1CodecV3.AddResponse)
                                                                     addResponse.GetInnerRequestOrResponse()).resultCode.Value).ToString();
            //BaseTestSite.Assert.AreEqual<string>(
            //         "some error code",
            //         ldapErrorCode,
            //         @"");
            #endregion

            #region Unbind and Disconnect

            AdtsUnbindRequestPacket unbindRequest = ldapClientStack.CreateUnbindRequest();
            ldapClientStack.SendPacket(unbindRequest);
            ldapClientStack.Disconnect();
            ldapClientStack = null;

            #endregion
        }