/// <summary> /// Gets the list of groups those are all of members to the selected node /// </summary> /// <param name="groupDn"></param> /// <param name="_dirnode"></param> /// <returns></returns> public static List <string> GetMemberAttrofGroup(string groupDn, ADUCDirectoryNode _dirnode) { string[] search_attrs = { "objectsid", "member", null }; List <string> member = new List <string>(); ADUCDirectoryNode newGroupnode = new ADUCDirectoryNode(_dirnode, "group", groupDn); List <LdapEntry> ldapEntries = UserGroupUtils.getLdapEntries(false, newGroupnode, search_attrs, "(objectClass=*)", LdapAPI.LDAPSCOPE.BASE); if (ldapEntries != null && ldapEntries.Count > 0) { LdapEntry ldapNextEntry = ldapEntries[0]; if (ldapNextEntry != null) { string[] attrsList = ldapNextEntry.GetAttributeNames(); if (attrsList != null) { foreach (string attr in attrsList) { if (attr.Equals("member", StringComparison.InvariantCultureIgnoreCase)) { LdapValue[] attrValues = ldapNextEntry.GetAttributeValues(attr, newGroupnode.LdapContext); foreach (LdapValue attrValue in attrValues) { member.Add(attrValue.stringData); } } } } } } return(member); }
/// <summary> /// Gets all groups for the selected user AD Object is member of /// Add groups to the Member Of page listview /// </summary> /// <param name="ce"></param> /// <param name="servername"></param> /// <param name="name"></param> /// <param name="dirnode"></param> public void SetData(CredentialEntry ce, string servername, string name, ADUCDirectoryNode dirnode) { _servername = servername; _dirnode = dirnode; try { string[] groupDns = UserGroupUtils.GetGroupsforUser(dirnode); MemoflistView.Items.Clear(); //show a list of group names in the member of page Logger.Log("user member of contains: "); if (groupDns != null && groupDns.Length > 0) { //populate the data in usermemberOf page using groupDns foreach (string groupDn in groupDns) { Logger.Log("group: " + groupDn); //CN=Domain Users,CN=Users,DC=qadom,DC=centeris,DC=com // split the groupDns string[] slvItem = UserGroupUtils.splitDn(groupDn); string sLDAPPath = string.Format("LDAP://{0}/{1}", _dirnode.LdapContext.DomainName, groupDn); DirectoryEntry entry = new DirectoryEntry(sLDAPPath, _dirnode.LdapContext.UserName, _dirnode.LdapContext.Password); if (entry == null) { return; } ListViewItem lvItem = new ListViewItem(slvItem); lvItem.ImageIndex = MemOfPages.GetIndexForADObject(entry); MemoflistView.Items.Add(lvItem); lvItem.Tag = groupDn; if (!slvItem[0].Equals("Domain Users", StringComparison.InvariantCultureIgnoreCase)) { MemofDnList.Add(groupDn); } } //settings primary group to user sPrimayGroup = UserGroupUtils.GetPrimaryGroup(_dirnode); string[] Items = UserGroupUtils.splitDn(sPrimayGroup); if (!string.IsNullOrEmpty(Items[0])) { DomainUserlabel.Text = Items[0]; } if (MemoflistView.Items.Count > 0) { MemoflistView.Items[0].Selected = true; } } } catch (Exception ex) { Logger.LogException("UserMemberOfPage.SetData", ex); } }
public static int GetIndexForADObject(System.DirectoryServices.DirectoryEntry de) { try { object[] asProp = de.Properties["objectClass"].Value as object[]; // poke these in a list for easier reference List <string> liClasses = new List <string>(); foreach (string s in asProp) { liClasses.Add(s); } if (liClasses.Contains("user") || liClasses.Contains("computer")) { string usercontrol = de.Properties["userAccountControl"].Value.ToString(); int userControl = Convert.ToInt32(usercontrol); string userCtrlBinStr = UserGroupUtils.DecimalToBase(userControl, 2); if (userCtrlBinStr.Length >= 2) { if (liClasses.Contains("computer")) { if (userCtrlBinStr[userCtrlBinStr.Length - 2] == '1') { return((int)ADUCDirectoryNode.GetNodeType("Computer")); } else { return((int)ADUCDirectoryNode.GetNodeType("computer")); } } if (liClasses.Contains("user")) { if (userCtrlBinStr[userCtrlBinStr.Length - 2] == '1') { return((int)ADUCDirectoryNode.GetNodeType("disabledUser")); } else { return((int)ADUCDirectoryNode.GetNodeType("user")); } } } } else if (liClasses.Contains("group") || liClasses.Contains("foreignSecurityPrincipal")) { return((int)ADUCDirectoryNode.GetNodeType("group")); } } catch { return((int)ADUCDirectoryNode.GetNodeType("group")); } return((int)ADUCDirectoryNode.GetNodeType("group")); }
/// <summary> /// Removes the selected group from the Member of listview /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void RemoveButton_Click(object sender, EventArgs e) { if (MemoflistView.SelectedItems.Count > 0) { DialogResult dlg = MessageBox.Show(this, "Do you want to remove " + _dirnode.Text + " from the selected group(s)?", "Remove user from group", MessageBoxButtons.YesNo, MessageBoxIcon.Exclamation, MessageBoxDefaultButton.Button2); if (dlg == DialogResult.Yes) { foreach (ListViewItem item in MemoflistView.SelectedItems) { bool bIsPrimaryGroup = false; string removeDn = item.Tag as string; string[] slvItem = UserGroupUtils.splitDn(removeDn); if (!string.IsNullOrEmpty(slvItem[0]) && DomainUserlabel.Text.Trim().Equals(slvItem[0])) { bIsPrimaryGroup = true; string sMsg = "The primary group cannot be removed. Set another group \nas primary " + "if you want to remove this one"; container.ShowError(this, sMsg); } if (!bIsPrimaryGroup) { MemoflistView.Items.Remove(item); RemovedGroups.Add(removeDn); //remove the dn from added group list foreach (string str in AddedGroups) { if (str.Equals(removeDn, StringComparison.InvariantCultureIgnoreCase)) { } AddedGroups.Remove(removeDn); RemovedGroups.Remove(removeDn); break; } } } RemoveButton.Enabled = false; memListchanged = true; } } else { memListchanged = false; } UpdateApplyButton(); }
private static string OnApply_GetObjectRealmName(ADUCDirectoryNode _dirnode) { string[] search_attrs = { "sAMAccountName", "userPrincipalName", null }; string realmName = string.Empty; ADUCDirectoryNode newGroupnode = new ADUCDirectoryNode(_dirnode, _dirnode.ObjectClass, _dirnode.DistinguishedName); List <LdapEntry> ldapEntries = UserGroupUtils.getLdapEntries(false, newGroupnode, search_attrs, "(objectClass=*)", LdapAPI.LDAPSCOPE.BASE); if (ldapEntries != null && ldapEntries.Count > 0) { LdapEntry ldapNextEntry = ldapEntries[0]; if (ldapNextEntry != null) { string[] attrsList = ldapNextEntry.GetAttributeNames(); if (attrsList != null) { foreach (string attr in attrsList) { if (_dirnode.ObjectClass.Equals("group", StringComparison.InvariantCultureIgnoreCase) || _dirnode.ObjectClass.Equals("computer", StringComparison.InvariantCultureIgnoreCase)) { if (attr.Equals("sAMAccountName", StringComparison.InvariantCultureIgnoreCase)) { LdapValue[] attrValues = ldapNextEntry.GetAttributeValues(attr, newGroupnode.LdapContext); if (attrValues != null) { realmName = attrValues[0].stringData; break; } } } else if (_dirnode.ObjectClass.Equals("user", StringComparison.InvariantCultureIgnoreCase)) { if (attr.Equals("userPrincipalName", StringComparison.InvariantCultureIgnoreCase)) { LdapValue[] attrValues = ldapNextEntry.GetAttributeValues(attr, newGroupnode.LdapContext); if (attrValues != null) { realmName = attrValues[0].stringData; break; } } } } } } } return(realmName); }
/// <summary> /// Queries and initializes the ldapMessage for the selected group /// Gets all users and groups those are members for selected group /// Fills the list with listview /// </summary> /// <param name="ce"></param> /// <param name="servername"></param> /// <param name="name"></param> /// <param name="dirnode"></param> public void SetData(CredentialEntry ce, string servername, string name, ADUCDirectoryNode dirnode) { Dictionary <string, string> members = UserGroupUtils.GetGroupMembers(dirnode); foreach (string str in members.Keys) { OriginalObjects.Add(str); ModifiedObjects.Add(str.ToLower()); } _dirnode = dirnode; MemoflistView.Items.Clear(); //show a list of group names in the member of page Logger.Log("Group member contains: "); foreach (string sDN in members.Keys) { string[] slvItem = null; System.DirectoryServices.DirectoryEntry de = new System.DirectoryServices.DirectoryEntry(sDN, _dirnode.LdapContext.UserName, _dirnode.LdapContext.Password); if (members[sDN].Equals("foreignSecurityPrincipal")) { byte[] objectSid = de.Properties["objectSid"].Value as byte[]; string Sid = UserGroupUtils.SIDtoString(objectSid); string cn = UserGroupUtils.GetGroupFromForeignSecurity(Sid, dirnode.LdapContext); if (cn != null) { slvItem = new string[] { cn, "NT AUTHORITY" }; } else { continue; } } else { slvItem = UserGroupUtils.splitDn(sDN); } ListViewItem lvItem = new ListViewItem(slvItem); lvItem.ImageIndex = MemOfPages.GetIndexForADObject(de); MemoflistView.Items.Add(lvItem); lvItem.Tag = sDN; } if (MemoflistView.Items.Count > 0) { MemoflistView.Items[0].Selected = true; } }
//when adding a user to a new group, we need modify the group's "member" attribute to include this user, // we cannot modify the user's "memberof" attribute public bool OnApply() { bool retVal = true; if (IsPrimaryGroupChanged) { List <LDAPMod> attrlist = new List <LDAPMod>(); //the following portion of code uses openldap "ldap_Modify_s" string basedn = _dirnode.DistinguishedName; DirectoryContext dirContext = _dirnode.LdapContext; string[] objectClass_values = null; //first obtain the current primaryGroupID value DirectoryEntry de = new DirectoryEntry(string.Format("LDAP://{0}/{1}", dirContext.DomainName, ChangedPrimaryGroup));; if (de.Properties["primaryGroupToken"].Value != null) { int iPrimaryGroupToken = Convert.ToInt32(de.Properties["primaryGroupToken"].Value.ToString()); objectClass_values = new string[] { iPrimaryGroupToken.ToString(), null }; LDAPMod attr_info = new LDAPMod((int)LDAPMod.mod_ops.LDAP_MOD_REPLACE, "primaryGroupID", objectClass_values); LDAPMod[] attrinfo = new LDAPMod[] { attr_info }; int ret = dirContext.ModifySynchronous(basedn, attrinfo); Logger.Log("Modify primaryGroupID returns " + ret); if (ret == 0) { string[] Items = UserGroupUtils.splitDn(ChangedPrimaryGroup); if (!string.IsNullOrEmpty(Items[0])) { DomainUserlabel.Text = Items[0]; } } else { retVal = false; } } } retVal = MemOfPages.OnApply_helper(MemofDnList, AddedGroups, RemovedGroups, _dirnode, this); return(retVal); }
/// <summary> /// Gets and initializes the LikewiseIdentityCell for each root level /// </summary> /// <param name="dirnode"></param> private void likewiseIdentityCell_init(ADUCDirectoryNode dirnode) { string likewiseCellDN = string.Concat("CN=$LikewiseIdentityCell,", dirnode.LdapContext.RootDN); LdapValue[] descriptionValues = UserGroupUtils.SearchAttrByDn(likewiseCellDN, dirnode, "description"); if (descriptionValues == null) { Logger.Log(String.Format( "No description attribute found in {0}", likewiseCellDN), Logger.LogLevel.Error); return; } foreach (LdapValue value in descriptionValues) { string descriptionString = value.stringData; if (!String.IsNullOrEmpty(descriptionString)) { string[] split = descriptionString.Split('='); if (split[0].Equals("unixHomeDirectory", StringComparison.InvariantCultureIgnoreCase)) { _defaultUnixHomedir = split[1].Trim(); } if (split[0].Equals("loginShell", StringComparison.InvariantCultureIgnoreCase)) { _loginShell = split[1].Trim(); } if (split[0].Equals("use2307Attrs", StringComparison.InvariantCultureIgnoreCase)) { if (split[1].Equals("True", StringComparison.InvariantCultureIgnoreCase)) { Logger.Log("RFC2307 mode is detected!", Logger.ldapLogLevel); } } } } }
private bool BuildSchemaCache(bool usingSimpleBind) { if (_adContext == null) { return(false); } _adContext.SchemaCache = LDAPSchemaCache.Build(_adContext); _schemaCache = _adContext.SchemaCache; DirectoryEntry.exisitngDirContext.Add(_adContext); DirectoryEntry.existingSchemaCache.Add(_schemaCache); string sldapPath = string.Concat("LDAP://", _hn.domainName, "/", rootDN); ADUCDirectoryNode rootNode = ADUCDirectoryNode.GetDirectoryRoot( _adContext, _rootDN, Resources.ADUC, typeof(ADUCPage), _plugin); if (rootNode == null) { Logger.Log("The rootNode is null"); return(false); } _rootNode = rootNode; _shortDomainName = UserGroupUtils.getnetBiosName(rootNode); Logger.Log( "the obtained NetbiosName is " + _shortDomainName, Logger.ldapLogLevel); return(true); }
/// <summary> /// Queries and fills the ldap message for the selected group /// Gets the attribute list from AD for group schema attribute. /// search for the attributes description, cn or name and displays them in a controls /// </summary> /// <param name="ce"></param> /// <param name="servername"></param> /// <param name="name"></param> /// <param name="dirnode"></param> public void SetData(CredentialEntry ce, string servername, string name, ADUCDirectoryNode dirnode) { try { this.dirnode = dirnode; this.plugin = dirnode.Plugin as ADUCPlugin; DirectoryContext dirContext = dirnode.LdapContext; Logonname = ""; PreLogonname = ""; //first obtain the current userAccountControl value DirectoryEntry de = new DirectoryEntry(string.Format("LDAP://{0}/{1}", dirContext.DomainName, dirnode.DistinguishedName)); int userCtrlInt = Convert.ToInt32(de.Properties["userAccountControl"].Value.ToString()); long pwdLastSet = Convert.ToInt64(de.Properties["pwdLastSet"].Value.ToString()); sUserWorkStations = de.Properties["userWorkstations"].Value as string; if (de.Properties["userPrincipalName"].Value != null) { Logonname = de.Properties["userPrincipalName"].Value as string; Logonname = Logonname.IndexOf('@') >= 0 ? Logonname.Substring(0, Logonname.IndexOf('@')) : Logonname; txtlogon.Text = Logonname; } txtpreLogonname.Text = de.Properties["sAMAccountName"].Value as string; PreLogonname = txtpreLogonname.Text.Trim(); txtDomian.Text = dirContext.DomainName.Substring(0, dirContext.DomainName.IndexOf('.')).ToUpper() + @"\"; cbDomain.Items.Add(string.Concat("@", dirContext.DomainName.ToUpper())); cbDomain.SelectedIndex = 0; double accountExpires = Convert.ToInt64(de.Properties["accountExpires"].Value); if (accountExpires == 9223372036854775807) { rbNever.Checked = true; } else { rbEndOf.Checked = true; ConvertFromUnixTimestamp(accountExpires); } try { string userCtrlBinStr = UserGroupUtils.DecimalToBase(userCtrlInt, 2); if (userCtrlBinStr.Length >= 10 && userCtrlBinStr[userCtrlBinStr.Length - 10] == '1') { bMustChangePwd = true; } if (userCtrlBinStr.Length >= 10 && userCtrlBinStr[userCtrlBinStr.Length - 2] == '1') { bAcountDisable = true; } if (userCtrlBinStr.Length >= 17 && userCtrlBinStr[userCtrlBinStr.Length - 17] == '1') { bNeverExpiresPwd = true; bMustChangePwd = false; } if (userCtrlBinStr.Length >= 10 && userCtrlBinStr[userCtrlBinStr.Length - 7] == '1' && pwdLastSet != 0) { bUserCannotChange = true; } if (userCtrlBinStr.Length >= 8 && userCtrlBinStr[userCtrlBinStr.Length - 8] == '1') { bStorePwd = true; } if (userCtrlBinStr.Length >= 19 && userCtrlBinStr[userCtrlBinStr.Length - 19] == '1') { bSmartCardRequired = true; } if (userCtrlBinStr.Length >= 21 && userCtrlBinStr[userCtrlBinStr.Length - 21] == '1') { bAccSensitive = true; } if (userCtrlBinStr.Length >= 22 && userCtrlBinStr[userCtrlBinStr.Length - 22] == '1') { bUseDESDescription = true; } if (userCtrlBinStr.Length >= 23 && userCtrlBinStr[userCtrlBinStr.Length - 23] == '1') { bNotKrbAuthentication = true; } } catch { } FillUserOptions(); dateTimePicker.Enabled = rbEndOf.Checked; this.ParentContainer.DataChanged = false; this.ParentContainer.btnApply.Enabled = false; } catch (Exception e) { Logger.LogException("UserAccountPage.SetData", e); } }
/// <summary> /// Removes the selected user/group from the list /// On Apply will removes the selected listview item from "members" attribute for the selected "group" /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void RemoveButton_Click(object sender, EventArgs e) { if (MemoflistView.SelectedItems.Count > 0) { DialogResult dlg = MessageBox.Show(this, "Do you want to remove the selected member(s) from the group?", CommonResources.GetString("Caption_Console"), MessageBoxButtons.YesNo, MessageBoxIcon.Exclamation, MessageBoxDefaultButton.Button2); if (dlg == DialogResult.Yes) { foreach (ListViewItem item in MemoflistView.SelectedItems) { string sDn = item.Tag as string; string sLdapPath = string.Format("LDAP://{0}/{1}", _dirnode.LdapContext.DomainName, sDn); DirectoryEntry entry = new DirectoryEntry(sLdapPath, _dirnode.LdapContext.UserName, _dirnode.LdapContext.Password); if (entry == null) { return; } ADUCDirectoryNode dn = new ADUCDirectoryNode( sDn, _dirnode.LdapContext, _dirnode.ObjectClass, Properties.Resources.computer, _dirnode.t, _dirnode.Plugin, _dirnode.IsDisabled); string primaryDn = UserGroupUtils.GetPrimaryGroup(dn); if (primaryDn != null && primaryDn.Trim().Equals(_dirnode.DistinguishedName, StringComparison.InvariantCultureIgnoreCase)) { string Msg = "This is the member's primary group, so the member cannot be removed. " + "Go to the Member Of tab of \n" + "the member's property sheet and set another group " + "as primary. You can then remove the member from this group"; container.ShowError(Msg); return; } ListViewItem[] lvItemArr = new ListViewItem[MemoflistView.Items.Count - 1]; List <ListViewItem> lvItemList = new List <ListViewItem>(); int i = 0; foreach (ListViewItem lvitem in MemoflistView.Items) { if (!lvitem.Equals(item)) { lvItemList.Add(lvitem); } } foreach (ListViewItem lvitem in lvItemList) { lvItemArr[i++] = lvitem; } MemoflistView.Items.Clear(); MemoflistView.Items.AddRange(lvItemArr); ModifiedObjects.Remove((item.Tag as string).ToLower()); memListchanged = true; } RemoveButton.Enabled = false; } } else { memListchanged = false; } UpdateApplyButton(); }
/// <summary> /// Shows the AddUserToGroup dialog with the all groups and users /// AddUsertoGroup.MEMBERS_PAGE parameter will tell the tree to show both Group and User /// On Apply will adds new entry to the "members" attribute for the selected "group" /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void Addbutton_Click(object sender, EventArgs e) { // show picker string sLdapPath = string.Format("LDAP://{0}/{1}", _dirnode.LdapContext.DomainName, _dirnode.DistinguishedName); string sProtocol; string sServer; string sCNs; string sDCs; System.DirectoryServices.SDSUtils.CrackPath(sLdapPath, out sProtocol, out sServer, out sCNs, out sDCs); string groupScope = GetgroupType(); System.DirectoryServices.Misc.DsPicker f = new System.DirectoryServices.Misc.DsPicker(groupScope); f.SetData(System.DirectoryServices.Misc.DsPicker.DialogType.SELECT_ONLY_DOMAIN_USERS_OR_GROUPS, sProtocol, sServer, sDCs, true); if (f.waitForm != null && f.waitForm.bIsInterrupted) { return; } if (f.ShowDialog(this) == DialogResult.OK) { if (f.ADobjectsArray != null && f.ADobjectsArray.Length != 0) { foreach (System.DirectoryServices.Misc.ADObject ado in f.ADobjectsArray) { bool bIsObjectExists = false; string sDN = ado.de.Properties["distinguishedName"].Value as string; string[] slvItem = UserGroupUtils.splitDn(sDN); if (IsItemExists(sDN)) { string sMsg = "The object " + slvItem[0] + " is already in the list \nand cannot be added a second time"; container.ShowError(sMsg); bIsObjectExists = true; } if (sDN.Equals(_dirnode.DistinguishedName)) { container.ShowError("A group cannot be made a member of itself."); continue; } if (!bIsObjectExists) { ListViewItem lvItem = new ListViewItem(slvItem); lvItem.ImageIndex = MemOfPages.GetIndexForADObject(ado.de); MemoflistView.Items.Add(lvItem); lvItem.Tag = sDN; bool found = false; foreach (string str in ModifiedObjects) { if (str.Equals(sDN, StringComparison.InvariantCultureIgnoreCase)) { found = true; break; } } //do not add duplicate objects if (!found) { ModifiedObjects.Add(sDN.ToLower()); } memListchanged = true; } } } } else { memListchanged = false; } UpdateApplyButton(); }
/// <summary> /// Queries and fills the ldap message for the selected computer /// Gets the attribute list from AD for computer schema attribute. /// search for the attributes dNSHostName, cn or name and displays them in a controls /// </summary> /// <param name="ce"></param> /// <param name="servername"></param> /// <param name="name"></param> /// <param name="dirnode"></param> public void SetData(CredentialEntry ce, string servername, string name, ADUCDirectoryNode dirnode) { try { this.dirnode = dirnode; int ret = -1; List <LdapEntry> ldapEntries = null; ret = dirnode.LdapContext.ListChildEntriesSynchronous (dirnode.DistinguishedName, LdapAPI.LDAPSCOPE.BASE, "(objectClass=*)", null, false, out ldapEntries); if (ldapEntries == null || ldapEntries.Count == 0) { return; } LdapEntry ldapNextEntry = ldapEntries[0]; string[] attrsList = ldapNextEntry.GetAttributeNames(); if (attrsList != null) { foreach (string attr in attrsList) { string sValue = ""; LdapValue[] attrValues = ldapNextEntry.GetAttributeValues(attr, dirnode.LdapContext); if (attrValues != null && attrValues.Length > 0) { foreach (LdapValue value in attrValues) { sValue = sValue + "," + value.stringData; } } if (sValue.StartsWith(",")) { sValue = sValue.Substring(1); } sValue = sValue.Substring(0, sValue.Length); if (string.Compare(sValue, "") == 0) { sValue = "<Not Set>"; } if (string.Compare(attr, "cn") == 0) { this.lblComputerName.Text = sValue; } if (string.Compare(attr, "sAMAccountName") == 0) { if (sValue.EndsWith("$")) { this.txtCName.Text = sValue.Substring(0, sValue.Length - 1); } else { this.txtCName.Text = sValue; } } if (string.Compare(attr, "description") == 0) { this.txtDescription.Text = sValue; _editObject.Description = sValue; } if (string.Compare(attr, "dNSHostName") == 0) { this.txtDNSName.Text = sValue; } if (string.Compare(attr, "userAccountControl") == 0) { int userCtrlVal = 0; if (attrValues != null && attrValues.Length > 0) { userCtrlVal = Convert.ToInt32(attrValues[0].stringData); } string userCtrlBinStr = UserGroupUtils.DecimalToBase(userCtrlVal, 16); _editObject.UserCtrlBinStr = userCtrlVal; this.txtRole.Text = "Workstation or server"; if (userCtrlBinStr.Length >= 3) { //Determine role of computer if (userCtrlBinStr.Length == 3) { //examine the third position from the left (2=NORMAL_ACCOUNT) if (userCtrlBinStr[0] == '2') { this.txtRole.Text = "Normal computer"; } //examine the third position from the left (2=INTERDOMAIN_TRUST_ACCOUNT) if (userCtrlBinStr[0] == '8') { this.txtRole.Text = "Inter domain trust computer"; } } else { //examine the forth position from the left (2=WORKSTATION_TRUST_ACCOUNT) if (userCtrlBinStr[userCtrlBinStr.Length - 4] == '1') { this.txtRole.Text = "Workstation or server"; } //examine the forth position from the left (2=SERVER_TRUST_ACCOUNT) if (userCtrlBinStr[userCtrlBinStr.Length - 4] == '2') { this.txtRole.Text = "Domain controller"; } } } if (userCtrlBinStr.Length >= 5) { //Determine whether this user is TRUSTED_FOR_DELEGATION //examine the fifth position from the left (8=TRUSTED_FOR_DELEGATION, 0=NOT TRUSTED) //TRUSTED_FOR_DELEGATION if (userCtrlBinStr[userCtrlBinStr.Length - 5] == '8') { this.checkBoxTrust.CheckedChanged -= new System.EventHandler(this.checkBoxTrust_CheckedChanged); checkBoxTrust.Checked = true; this.checkBoxTrust.CheckedChanged += new System.EventHandler(this.checkBoxTrust_CheckedChanged); } else if (userCtrlBinStr[userCtrlBinStr.Length - 5] == '0') { checkBoxTrust.Checked = false; } } else { checkBoxTrust.Checked = false; } _editObject.DelegateTrust = checkBoxTrust.Checked; } } } UpdateOriginalData(); UpdateApplyButton(); } catch (Exception e) { container.ShowError(e.Message); } }
/// <summary> /// Populate the AddUsertoGroup model dialog /// AddUsertoGroup.MEMOF_PAGE is parameter which filter only the groups /// Gets the selected group and add it to the list, removed from the RemovedGroups list if it is exists /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void Addbutton_Click(object sender, EventArgs e) { // show picker string sLdapPath = string.Format("LDAP://{0}/{1}", _dirnode.LdapContext.DomainName, _dirnode.DistinguishedName); string sProtocol; string sServer; string sCNs; string sDCs; System.DirectoryServices.SDSUtils.CrackPath(sLdapPath, out sProtocol, out sServer, out sCNs, out sDCs); System.DirectoryServices.Misc.DsPicker f = new System.DirectoryServices.Misc.DsPicker(); f.SetData(System.DirectoryServices.Misc.DsPicker.DialogType.SELECT_GROUPS, sProtocol, sServer, sDCs, true); if (f.waitForm != null && f.waitForm.bIsInterrupted) { return; } if (f.ShowDialog(this) == DialogResult.OK) { if (f.ADobjectsArray != null && f.ADobjectsArray.Length != 0) { foreach (System.DirectoryServices.Misc.ADObject ado in f.ADobjectsArray) { bool bIsObjectExists = false; string sDN = ado.de.Properties["distinguishedName"].Value as string; string[] slvItem = UserGroupUtils.splitDn(sDN); if (IsItemExists(sDN)) { string sMsg = "The object " + slvItem[0] + " is already in the list \nand cannot be added a second time"; container.ShowError(sMsg); bIsObjectExists = true; } if (!bIsObjectExists) { string sLDAPPath = string.Format("LDAP://{0}/{1}", _dirnode.LdapContext.DomainName, sDN); DirectoryEntry entry = new DirectoryEntry(sLDAPPath, _dirnode.LdapContext.UserName, _dirnode.LdapContext.Password); if (entry == null) { return; } ListViewItem lvItem = new ListViewItem(slvItem); lvItem.ImageIndex = MemOfPages.GetIndexForADObject(entry); MemoflistView.Items.Add(lvItem); lvItem.Tag = sDN; if (!slvItem[0].Equals("Domain Users", StringComparison.InvariantCultureIgnoreCase)) { MemofDnList.Add(sDN); AddedGroups.Add(sDN); foreach (string str in RemovedGroups) { if (str.Equals(sDN, StringComparison.InvariantCultureIgnoreCase)) { } // Remove the selected group from the list, if it is exists RemovedGroups.Remove(sDN); break; } } memListchanged = true; } } } } else { memListchanged = false; } UpdateApplyButton(); }
/// <summary> /// Getting added all children to the selected node that are of type ObjectClass="group" /// , ObjectClass="user", ObjectClass="computer", ObjectClass="organizationalUnit" /// </summary> public void ListGroupAndUserOUChildren() { int ret = -1; if (haveRetrievedChildren && !this.IsModified) { return; } string[] attrs = { "objectClass", "distinguishedName", null }; DateTime start = DateTime.Now; ret = dirContext.ListChildEntriesSynchronous (distinguishedName, LdapAPI.LDAPSCOPE.ONE_LEVEL, "(objectClass=*)", attrs, false, out ldapEntries); if (ldapEntries == null || ldapEntries.Count == 0) { //haveRetrievedChildren = true; //return; //clears the domian level node, if the ldap connection timed out or disconnected ADUCPlugin plugin = this.Plugin as ADUCPlugin; haveRetrievedChildren = true; this.IsModified = false; if (ret == (int)Likewise.LMC.Utilities.ErrorCodes.LDAPEnum.LDAP_SERVER_DOWN || ret == (int)Likewise.LMC.Utilities.ErrorCodes.LDAPEnum.LDAP_CONNECT_ERROR || ret == -1) { if (ret == -1) { ret = (int)ErrorCodes.LDAPEnum.LDAP_TIMEOUT; Logger.LogMsgBox(ErrorCodes.LDAPString(ret)); } plugin._pluginNode.Nodes.Clear(); this.sc.ShowControl(plugin._pluginNode); } else { Nodes.Clear(); } return; } foreach (LdapEntry ldapNextEntry in ldapEntries) { string s = ldapNextEntry.GetDN(); string objectClass = ""; LdapValue[] values = ldapNextEntry.GetAttributeValues("objectClass", dirContext); if (values != null && values.Length > 0) { //use the most specific object Class, which will be listed last. objectClass = values[values.Length - 1].stringData; Logger.Log("Start--", Logger.ldapLogLevel); for (int i = 0; i < values.Length; i++) { Logger.Log("objectclass is " + values[i], Logger.ldapLogLevel); } Logger.Log("End--", Logger.ldapLogLevel); } if (objectClass.Equals("group", StringComparison.InvariantCultureIgnoreCase)) { ADUCDirectoryNode dtn = new ADUCDirectoryNode(s, dirContext, objectClass, Resources.Group_16, NodeType, Plugin, false); dtn.sc = this.sc; Nodes.Add(dtn); } bool IsDisabled = false; bool IsDc = false; if (objectClass.Equals("user", StringComparison.InvariantCultureIgnoreCase) || objectClass.Equals("computer", StringComparison.InvariantCultureIgnoreCase)) { values = ldapNextEntry.GetAttributeValues("userAccountControl", dirContext); int userCtrlVal = 0; if (values != null && values.Length > 0) { userCtrlVal = Convert.ToInt32(values[0].stringData); } if (userCtrlVal.Equals(8224) || userCtrlVal.Equals(8202) || userCtrlVal.Equals(532480)) { IsDc = true; } string userCtrlBinStr = UserGroupUtils.DecimalToBase(userCtrlVal, 2); //Determine whether this user is enabled or disabled //examine the second to last position from the right (0=Active, 1=Inactive) if (userCtrlBinStr.Length >= 2) { if (userCtrlBinStr[userCtrlBinStr.Length - 2] == '1') { IsDisabled = true; } else if (userCtrlBinStr[userCtrlBinStr.Length - 2] == '0') { IsDisabled = false; } } ADUCDirectoryNode dtn = new ADUCDirectoryNode(s, dirContext, objectClass, Resources.Group_16, NodeType, Plugin, IsDisabled); dtn.sc = this.sc; dtn._IsDomainController = IsDc; Nodes.Add(dtn); } if (objectClass.Equals("organizationalUnit", StringComparison.InvariantCultureIgnoreCase)) { ADUCDirectoryNode dtn = new ADUCDirectoryNode(s, dirContext, objectClass, Resources.Group_16, NodeType, Plugin, false); dtn.sc = this.sc; Nodes.Add(dtn); } } haveRetrievedChildren = true; }
/// <summary> /// List the all children for the selected distinguished name /// Adds the all children to the node /// </summary> public ADUCDirectoryNode[] ListChildren(ADUCDirectoryNode dnode) { Logger.Log("DirectoryNode.ListChildren() called", Logger.ldapLogLevel); int ret = -1; string[] attrList = new string[] { "dummy", "objectClass", "distinguishedName", "userAccountControl", null }; ret = dirContext.ListChildEntriesSynchronous (distinguishedName, LdapAPI.LDAPSCOPE.ONE_LEVEL, "(objectClass=*)", attrList, false, out ldapEntries); if (ldapEntries == null || ldapEntries.Count == 0) { //clears the domian level node, if the ldap connection timed out or disconnected ADUCPlugin plugin = this.Plugin as ADUCPlugin; haveRetrievedChildren = true; this.IsModified = false; if (ret == (int)Likewise.LMC.Utilities.ErrorCodes.LDAPEnum.LDAP_SERVER_DOWN || ret == (int)Likewise.LMC.Utilities.ErrorCodes.LDAPEnum.LDAP_CONNECT_ERROR || ret == -1) { if (ret == -1) { ret = (int)ErrorCodes.LDAPEnum.LDAP_TIMEOUT; Logger.LogMsgBox(ErrorCodes.LDAPString(ret)); } plugin._pluginNode.Nodes.Clear(); this.sc.ShowControl(plugin._pluginNode); } return(null); } DateTime timer = Logger.StartTimer(); List <ADUCDirectoryNode> nodesToAdd = new List <ADUCDirectoryNode>(); int nodesAdded = 0; foreach (LdapEntry ldapNextEntry in ldapEntries) { string currentDN = ldapNextEntry.GetDN(); if (!String.IsNullOrEmpty(currentDN)) { bool IsDisabled = false; bool IsDc = false; LdapValue[] values = ldapNextEntry.GetAttributeValues("objectClass", dirContext); string objectClass = ""; if (values != null && values.Length > 0) { objectClass = values[values.Length - 1].stringData; } if (objectClass.Equals("user", StringComparison.InvariantCultureIgnoreCase) || objectClass.Equals("computer", StringComparison.InvariantCultureIgnoreCase)) { values = ldapNextEntry.GetAttributeValues("userAccountControl", dirContext); int userCtrlVal = 0; if (values != null && values.Length > 0) { userCtrlVal = Convert.ToInt32(values[0].stringData); } if (userCtrlVal.Equals(8224) || userCtrlVal.Equals(8202) || userCtrlVal.Equals(532480)) { IsDc = true; } string userCtrlBinStr = UserGroupUtils.DecimalToBase(userCtrlVal, 2); //Determine whether this user is enabled or disabled //examine the second to last position from the right (0=Active, 1=Inactive) if (userCtrlBinStr.Length >= 2) { if (userCtrlBinStr[userCtrlBinStr.Length - 2] == '1') { IsDisabled = true; } else if (userCtrlBinStr[userCtrlBinStr.Length - 2] == '0') { IsDisabled = false; } } } ADUCDirectoryNode newNode = new ADUCDirectoryNode(currentDN, dirContext, objectClass, Resources.Group_16, NodeType, Plugin, IsDisabled); newNode.sc = this.sc; newNode._IsDomainController = IsDc; newNode.Text = newNode.Text.Substring(3); Logger.Log(String.Format("new Entry: {0}", currentDN), Logger.ldapLogLevel); Logger.Log(String.Format("scheduling addition of new Entry: {0}", currentDN), Logger.ldapLogLevel); nodesToAdd.Add(newNode); nodesAdded++; } } ADUCDirectoryNode[] nodesToAddRecast = new ADUCDirectoryNode[nodesAdded]; try { nodesToAdd.Sort(delegate(ADUCDirectoryNode d1, ADUCDirectoryNode d2) { return(d1.Text.CompareTo(d2.Text)); } ); for (int i = 0; i < nodesAdded; i++) { nodesToAddRecast[i] = nodesToAdd[i]; } } catch (Exception) { } Logger.TimerMsg(ref timer, String.Format("DirectoryNode.ListChildren(): Entry Processing({0})", distinguishedName)); this.IsModified = false; haveRetrievedChildren = true; return(nodesToAddRecast); }
/// <summary> /// List the all children for the selected distinguished name /// Adds the all children to the node /// </summary> public void ListChildren() { Logger.Log("ADUCDirectoryNode.ListChildren() called", Logger.ldapLogLevel); int ret = -1; if (haveRetrievedChildren && !this.IsModified) { return; } string[] attrList = new string[] { "dummy", "objectClass", "distinguishedName", "userAccountControl", null }; ret = dirContext.ListChildEntriesSynchronous (distinguishedName, LdapAPI.LDAPSCOPE.ONE_LEVEL, "(objectClass=*)", attrList, false, out ldapEntries); if (ldapEntries == null || ldapEntries.Count == 0) { //clears the domian level node, if the ldap connection timed out or disconnected ADUCPlugin plugin = this.Plugin as ADUCPlugin; haveRetrievedChildren = true; this.IsModified = false; if (ret == (int)Likewise.LMC.Utilities.ErrorCodes.LDAPEnum.LDAP_SERVER_DOWN || ret == (int)Likewise.LMC.Utilities.ErrorCodes.LDAPEnum.LDAP_CONNECT_ERROR || ret == -1) { if (ret == -1) { ret = (int)ErrorCodes.LDAPEnum.LDAP_TIMEOUT; Logger.LogMsgBox(ErrorCodes.LDAPString(ret)); } plugin._pluginNode.Nodes.Clear(); this.sc.ShowControl(plugin._pluginNode); } else { Nodes.Clear(); } return; } else if (IsModified) { Nodes.Clear(); } DateTime timer = Logger.StartTimer(); //The following is optimized for speed, taking into account that in Mono, //Nodes.Add() and Nodes.AddRange() both take a long time to complete. //Nodes.AddRange() does not offer much time savings over Nodes.Add() //Therefore, make two hashtables holding the new and old contents of the DN. //Determine which have been added, and which have been deleted, to minimize the number of calls //to Nodes.Add() and Nodes.Remove(); Hashtable oldEntries = new Hashtable(); Hashtable newEntries = new Hashtable(); List <ADUCDirectoryNode> nodesToAdd = new List <ADUCDirectoryNode>(); int nodesAdded = 0; foreach (TreeNode node in Nodes) { ADUCDirectoryNode dNode = (ADUCDirectoryNode)node; if (dNode != null && !String.IsNullOrEmpty(dNode.distinguishedName) && !oldEntries.ContainsKey(dNode.distinguishedName)) { oldEntries.Add(dNode.distinguishedName, dNode); } } foreach (LdapEntry ldapNextEntry in ldapEntries) { string currentDN = ldapNextEntry.GetDN(); if (!String.IsNullOrEmpty(currentDN)) { LdapValue[] values = ldapNextEntry.GetAttributeValues("objectClass", dirContext); string objectClass = ""; if (values != null && values.Length > 0) { objectClass = values[values.Length - 1].stringData; } bool IsDisabled = false; bool IsDc = false; if (objectClass.Equals("user", StringComparison.InvariantCultureIgnoreCase) || objectClass.Equals("computer", StringComparison.InvariantCultureIgnoreCase)) { values = ldapNextEntry.GetAttributeValues("userAccountControl", dirContext); int userCtrlVal = 0; if (values != null && values.Length > 0) { userCtrlVal = Convert.ToInt32(values[0].stringData); } if (userCtrlVal.Equals(8224) || userCtrlVal.Equals(8202) || userCtrlVal.Equals(532480)) { IsDc = true; } string userCtrlBinStr = UserGroupUtils.DecimalToBase(userCtrlVal, 2); //Determine whether this user is enabled or disabled //examine the second to last position from the right (0=Active, 1=Inactive) if (userCtrlBinStr.Length >= 2) { if (userCtrlBinStr[userCtrlBinStr.Length - 2] == '1') { IsDisabled = true; } else if (userCtrlBinStr[userCtrlBinStr.Length - 2] == '0') { IsDisabled = false; } } } ADUCDirectoryNode newNode = new ADUCDirectoryNode(currentDN, dirContext, objectClass, Resources.Group_16, NodeType, Plugin, IsDisabled); newNode.sc = this.sc; newNode._IsDomainController = IsDc; newNode.Text = newNode.Text.Substring(3); Logger.Log(String.Format("new Entry: {0}", currentDN), Logger.ldapLogLevel); newEntries.Add(currentDN, newNode); if (oldEntries.ContainsKey(currentDN)) { ADUCDirectoryNode oldNode = (ADUCDirectoryNode)oldEntries[currentDN]; if ((oldNode != null && oldNode.ObjectClass != objectClass) || (oldNode != null && oldNode.IsDisabled != IsDisabled)) { oldEntries.Remove(currentDN); oldEntries.Add(currentDN, newNode); Nodes.Remove(oldNode); nodesToAdd.Add(newNode); nodesAdded++; } } else { Logger.Log(String.Format("scheduling addition of new Entry: {0}", currentDN), Logger.ldapLogLevel); nodesToAdd.Add(newNode); nodesAdded++; } } } foreach (Object o in oldEntries.Keys) { string oldNodeKey = (string)o; Logger.Log(String.Format("old Entry: {0}", oldNodeKey)); if (!String.IsNullOrEmpty(oldNodeKey) && !newEntries.ContainsKey(oldNodeKey)) { ADUCDirectoryNode oldNode = (ADUCDirectoryNode)oldEntries[oldNodeKey]; if (oldNode != null) { Logger.Log(String.Format("removing old Entry: {0}", oldNodeKey), Logger.ldapLogLevel); Nodes.Remove(oldNode); } } } ADUCDirectoryNode[] nodesToAddRecast = new ADUCDirectoryNode[nodesAdded]; try { nodesToAdd.Sort(delegate(ADUCDirectoryNode d1, ADUCDirectoryNode d2) { return(d1.Text.CompareTo(d2.Text)); } ); for (int i = 0; i < nodesAdded; i++) { nodesToAddRecast[i] = nodesToAdd[i]; } } catch (Exception) { } Nodes.AddRange(nodesToAddRecast); Logger.TimerMsg(ref timer, String.Format("DirectoryNode.ListChildren(): Entry Processing({0})", distinguishedName)); this.IsModified = false; haveRetrievedChildren = true; }
/// <summary> /// Queries and fills the ldap message for the Domain /// Gets the attribute list from AD for Domain schema attribute. /// search for the attributes description /// </summary> /// <param name="ce"></param> /// <param name="servername"></param> /// <param name="name"></param> /// <param name="dirnode"></param> public void SetData(CredentialEntry ce, string servername, string name, ADUCDirectoryNode dirnode) { try { this.dirnode = dirnode; int ret = -1; List <LdapEntry> ldapEntries = null; ret = dirnode.LdapContext.ListChildEntriesSynchronous (dirnode.DistinguishedName, LdapAPI.LDAPSCOPE.BASE, "(objectClass=*)", null, false, out ldapEntries); if (ldapEntries == null || ldapEntries.Count == 0) { return; } LdapEntry ldapNextEntry = ldapEntries[0]; string[] attrsList = ldapNextEntry.GetAttributeNames(); if (attrsList != null) { foreach (string attr in attrsList) { string sValue = ""; LdapValue[] attrValues = ldapNextEntry.GetAttributeValues(attr, dirnode.LdapContext); if (attrValues != null && attrValues.Length > 0) { foreach (LdapValue value in attrValues) { sValue = sValue + "," + value.stringData; } } if (sValue.StartsWith(",")) { sValue = sValue.Substring(1); } if (string.Compare(sValue, "") == 0) { sValue = "<Not Set>"; } if (string.Compare(attr, "description") == 0) { this.txtDescription.Text = sValue; Description = sValue; } if (string.Compare(attr, "objectSid") == 0) { System.DirectoryServices.DirectoryEntry de = new System.DirectoryServices.DirectoryEntry(dirnode.DistinguishedName); byte[] objectSid = de.Properties["objectSid"].Value as byte[]; string Sid = UserGroupUtils.SIDtoString(objectSid); string cn = UserGroupUtils.GetGroupFromForeignSecurity(Sid, dirnode.LdapContext); if (cn != null) { lblName.Text = string.Concat("NT AUTHORITY\\", cn); } } } this.ParentContainer.DataChanged = false; this.ParentContainer.btnApply.Enabled = false; } } catch (Exception e) { container.ShowError(e.Message); } // throw new NotImplementedException(); }