internal SAMMembersSet(string groupPath, UnsafeNativeMethods.IADsGroup group, bool recursive, SAMStoreCtx storeCtx, DirectoryEntry ctxBase)
{
this.atBeginning = true;
this.groupsVisited = new List <string>();
this.groupsToVisit = new List <string>();
this.foreignMembers = new List <DirectoryEntry>();
this.foreignGroups = new List <GroupPrincipal>();
this.storeCtx = storeCtx;
this.ctxBase = ctxBase;
this.@group = group;
this.originalGroup = group;
this.recursive = recursive;
this.groupsVisited.Add(groupPath);
UnsafeNativeMethods.IADsMembers aDsMember = group.Members();
this.membersEnumerator = ((IEnumerable)aDsMember).GetEnumerator();
}
internal override bool Matches(DirectoryEntry groupDE)
{
// If it has no SID, it's not a security principal, and we're not interested in it.
// (In reg-SAM, computers don't have accounts and therefore don't have SIDs, but ADSI
// creates fake Computer objects for them. In LSAM, computers CAN have accounts, and thus
// SIDs).
if (groupDE.Properties["objectSid"] == null || groupDE.Properties["objectSid"].Count == 0)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMQuerySet", "GroupMemberMatcher: Matches: skipping no-SID group={0}", groupDE.Path);
return(false);
}
// Enumerate the members of the group, looking for a match
UnsafeNativeMethods.IADsGroup iADsGroup = (UnsafeNativeMethods.IADsGroup)groupDE.NativeObject;
UnsafeNativeMethods.IADsMembers iADsMembers = iADsGroup.Members();
foreach (UnsafeNativeMethods.IADs nativeMember in ((IEnumerable)iADsMembers))
{
// Wrap the DirectoryEntry around the native ADSI object
// (which already has the correct credentials)
DirectoryEntry memberDE = new DirectoryEntry(nativeMember);
// No SID --> not interesting
if (memberDE.Properties["objectSid"] == null || memberDE.Properties["objectSid"].Count == 0)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMQuerySet", "GroupMemberMatcher: Matches: skipping member no-SID member={0}", memberDE.Path);
continue;
}
byte[] memberSid = (byte[])memberDE.Properties["objectSid"].Value;
// Did we find a matching member in the group?
if (Utils.AreBytesEqual(memberSid, _memberSidToMatch))
{
GlobalDebug.WriteLineIf(GlobalDebug.Info,
"SAMQuerySet",
"GroupMemberMatcher: Matches: match member={0}, group={1)",
memberDE.Path,
groupDE.Path);
return(true);
}
}
// We tried all the members in the group and didn't get a match on any
GlobalDebug.WriteLineIf(GlobalDebug.Info, "SAMQuerySet", "SamMatcher: Matches: no match, group={0}", groupDE.Path);
return(false);
}
internal override bool Matches(DirectoryEntry groupDE)
{
bool flag;
if (groupDE.Properties["objectSid"] == null || groupDE.Properties["objectSid"].Count == 0)
{
return(false);
}
else
{
UnsafeNativeMethods.IADsGroup nativeObject = (UnsafeNativeMethods.IADsGroup)groupDE.NativeObject;
UnsafeNativeMethods.IADsMembers aDsMember = nativeObject.Members();
IEnumerator enumerator = ((IEnumerable)aDsMember).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
UnsafeNativeMethods.IADs current = (UnsafeNativeMethods.IADs)enumerator.Current;
DirectoryEntry directoryEntry = new DirectoryEntry(current);
if (directoryEntry.Properties["objectSid"] == null || directoryEntry.Properties["objectSid"].Count == 0)
{
continue;
}
byte[] value = (byte[])directoryEntry.Properties["objectSid"].Value;
if (!Utils.AreBytesEqual(value, this.memberSidToMatch))
{
continue;
}
flag = true;
return(flag);
}
return(false);
}
finally
{
IDisposable disposable = enumerator as IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
return(flag);
}
}
internal SAMMembersSet(string groupPath, UnsafeNativeMethods.IADsGroup group, bool recursive, SAMStoreCtx storeCtx, DirectoryEntry ctxBase)
{
GlobalDebug.WriteLineIf(GlobalDebug.Info,
"SAMMembersSet",
"SAMMembersSet: groupPath={0}, recursive={1}, base={2}",
groupPath,
recursive,
ctxBase.Path);
_storeCtx = storeCtx;
_group = group;
_originalGroup = group;
_recursive = recursive;
_groupsVisited.Add(groupPath); // so we don't revisit it
UnsafeNativeMethods.IADsMembers iADsMembers = group.Members();
_membersEnumerator = ((IEnumerable)iADsMembers).GetEnumerator();
}