string DomainNameFromSid(DsServer dc, NT4SID sid) { SecurityIdentifier secId = new SecurityIdentifier(sid.Data, 0); RootDSE rootDse = LdapUtility.GetRootDSE(dc); return(DrsrHelper.GetFQDNFromDN(rootDse.defaultNamingContext)); }
/// <summary> /// Returns true if the domain identified by sid is in a forest trusted by the caller's forest, /// as determined by the FOREST_TRUST_INFORMATION state of the caller's forest, false otherwise. /// </summary> /// <param name="dc"></param> /// <param name="sid">The SID of a domain.</param> /// <returns></returns> static bool IsDomainSidInTrustedForest(DsServer dc, NT4SID sid) { FOREST_TRUST_INFORMATION f; bool b; RootDSE rootDse = LdapUtility.GetRootDSE(dc); string[] tdos = LdapUtility.GetAttributeValuesString( dc, rootDse.rootDomainNamingContext, "distinguishedName", "(&(objectClass=trustedDomain)(msDS-TrustForestTrustInfo=*)(trustAttributes:1.2.840.113556.1.4.803:=0x8))", System.DirectoryServices.Protocols.SearchScope.Subtree); foreach (string o in tdos) { byte[] trustInfo = (byte[])LdapUtility.GetAttributeValue(dc, o, "msDS-TrustForestTrustInfo"); if (!TrustInfo.UnmarshalForestTrustInfo(trustInfo, out f)) { return(false); } foreach (Record e in f.Records) { if (e.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo && (DrsrHelper.IsByteArrayEqual(sid.Data, ((RecordDomainInfo)e.ForestTrustData).Sid.Data)) && ((e.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0)) { b = true; foreach (Record g in f.Records) { if (g.RecordType == (byte)FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx && (g.Flags & TrustInfo.LSA_FTRECORD_DISABLED_REASONS) == 0 && ( ((RecordTopLevelName)g.ForestTrustData).TopLevelName == ((RecordDomainInfo)e.ForestTrustData).DnsName || TrustInfo.IsSubdomainOf( ((RecordDomainInfo)e.ForestTrustData).DnsName, ((RecordTopLevelName)g.ForestTrustData).TopLevelName) ) ) { b = false; break; } } if (b) { return(true); } } } } return(false); }
public void DRSR_DRSInterDomainMove_LDAP_Move_Object_From_Child_To_Parent() { DrsrTestChecker.Check(); EnvironmentConfig.Machine parentDcType = EnvironmentConfig.Machine.WritableDC1; DsServer parentDc = (DsServer)EnvironmentConfig.MachineStore[parentDcType]; EnvironmentConfig.Machine childDcType = EnvironmentConfig.Machine.CDC; DsServer childDc = (DsServer)EnvironmentConfig.MachineStore[childDcType]; DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin]; string srcObjDn = ldapAdapter.TestAddUserObj(childDc); BaseTestSite.Log.Add(LogEntryKind.Comment, "LDAP add a new object: {0}.", srcObjDn); string newObjRdn = DrsrHelper.GetRDNFromDN(srcObjDn); string tgtParentObjDn = "CN=Users," + DrsrHelper.GetNamingContextDN(parentDc.Domain, NamingContext.DomainNC); string newObjDn = newObjRdn + "," + tgtParentObjDn; bool bNewObjAdded = ldapAdapter.IsObjectExist(parentDc, newObjDn); if (bNewObjAdded) { ResultCode rCode = ldapAdapter.DeleteObject(parentDc, newObjDn); BaseTestSite.Assume.AreEqual <ResultCode>(ResultCode.Success, rCode, "LDAP: {0} should be removed.", newObjDn); } using (LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(childDc.DnsHostName))) // connecting to the child domain in which the object exists { connection.Credential = new System.Net.NetworkCredential(user.Username, user.Password, parentDc.Domain.DNSName); connection.SessionOptions.ProtocolVersion = 3; connection.SessionOptions.SspiFlag = connection.SessionOptions.SspiFlag | 1; //Set Delegate flag. connection.AuthType = AuthType.Kerberos; connection.Bind(); try { BaseTestSite.Log.Add(LogEntryKind.Comment, "LDAP ModifyDN: moving object {0} to {1}.", srcObjDn, newObjDn); ModifyDNRequest modDnRequest = new ModifyDNRequest(srcObjDn, tgtParentObjDn, newObjRdn); modDnRequest.Controls.Add(new CrossDomainMoveControl(parentDc.DnsHostName)); // parent domain to which the object need to move ModifyDNResponse modDnResponse = (ModifyDNResponse)connection.SendRequest(modDnRequest); BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, modDnResponse.ResultCode, "LDAP ModifyDN: server should invoke IDL_DRSInterDomainMove on target Dc and move the object."); bool bOldObjDeleted = ldapAdapter.IsObjectExist(childDc, srcObjDn); bNewObjAdded = ldapAdapter.IsObjectExist(parentDc, newObjDn); BaseTestSite.Assert.IsFalse(bOldObjDeleted, "LDAP ModifyDN: the old object should be deleted from source DC."); BaseTestSite.Assert.IsTrue(bNewObjAdded, "LDAP ModifyDN: the new object should be added into target DC."); } catch (DirectoryOperationException e) { BaseTestSite.Log.Add(LogEntryKind.Debug, "LDAP ModifyDN: ResultCode:{0}", e.Response.ResultCode.ToString()); BaseTestSite.Log.Add(LogEntryKind.Debug, "LDAP ModifyDN: ErrorMessage:{0}", e.Response.ErrorMessage.ToString()); BaseTestSite.Assert.AreEqual <ResultCode>(ResultCode.Success, e.Response.ResultCode, "LDAP ModifyDN: server should invoke the IDL_DRSInterDomainMove on target Dc and move the object."); } } }
public static uint MakeAttid(SCHEMA_PREFIX_TABLE t, string o) { string lastValueString; uint lastValue, lowerWord; byte[] binaryOID, oidPrefix; uint attr; uint pos = 0; string[] ss = o.Split('.'); lastValueString = ss[ss.Length - 1]; lastValue = Convert.ToUInt32(lastValueString); binaryOID = ToBinaryOID(o); if (lastValue < 128) { oidPrefix = SubBinary(binaryOID, 0, binaryOID.Length - 1); } else { oidPrefix = SubBinary(binaryOID, 0, binaryOID.Length - 2); } bool fToAdd = true; for (uint i = 0; i < t.PrefixCount; ++i) { if (DrsrHelper.IsByteArrayEqual(t.pPrefixEntry[i].prefix.elements, oidPrefix)) { fToAdd = false; pos = i; break; } } if (fToAdd) { pos = (uint)t.PrefixCount; AddPrefixTableEntry(ref t, oidPrefix); } lowerWord = lastValue % 16384; if (lastValue >= 16384) { lowerWord += 32768; } uint upperWord = t.pPrefixEntry[pos].ndx; attr = upperWord * 65536 + lowerWord; return(attr); }
DSNAME?DomainFromDomainDNSName(DsServer dc, string domainName) { string dn = DrsrHelper.GetDNFromFQDN(domainName); if (dn != null) { return(LdapUtility.CreateDSNameForObject(dc, dn)); } else { return(null); } }
public void DRSR_DRSGetMemberships_Get_Group_Members_Transitive() { DrsrTestChecker.Check(); // Init the data. EnvironmentConfig.Machine srv = EnvironmentConfig.Machine.WritableDC1; DsServer server = (DsServer)EnvironmentConfig.MachineStore[srv]; DsUser user = EnvironmentConfig.UserStore[EnvironmentConfig.User.ParentDomainAdmin]; uint ret = 0; ret = drsTestClient.DrsBind( srv, EnvironmentConfig.User.ParentDomainAdmin, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE ); BaseTestSite.Assert.AreEqual <uint>( 0, ret, "IDL_DRSBind: should return 0 with a success bind to DC"); string groupDn = "CN=Domain Users,CN=Users," + DrsrHelper.GetDNFromFQDN(ADCommonServerAdapter.Instance(Site).PrimaryDomainDnsName); DSNAME dsGroup = LdapUtility.CreateDSNameForObject( server, groupDn ); ret = drsTestClient.DrsGetMemberships( srv, dwInVersion_Values.V1, dsGroup, false, REVERSE_MEMBERSHIP_OPERATION_TYPE.GroupMembersTransitive, null); BaseTestSite.Assert.AreEqual <uint>( 0, ret, "IDL_DRSGetMemberships: return value should be 0"); // Unbind ret = drsTestClient.DrsUnbind(srv); BaseTestSite.Assert.AreEqual <uint>( 0, ret, "IDL_DRSUnbind: return value should be 0"); }
void VerifyCrackNamesListGlobalCatalogServers( DsServer dc, DRS_MSG_CRACKREQ req, DRS_MSG_CRACKREPLY?reply) { DsServer[] servers = ldapAd.ListGcServers(dc); testSite.Assert.IsTrue( reply.Value.V1.pResult[0].cItems == servers.Length, "IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: wrong server count, expect:{0}, got:{1}", servers.Length, reply.Value.V1.pResult[0].cItems ); string[] siteDns = new string[servers.Length]; string[] dnsHostNames = new string[servers.Length]; for (int i = 0; i < servers.Length; ++i) { siteDns[i] = servers[i].Site.DN.ToLower(); dnsHostNames[i] = servers[i].DnsHostName.ToLower(); } string[] drsrSiteDns = new string[reply.Value.V1.pResult[0].cItems]; string[] drsrDnsHostNames = new string[reply.Value.V1.pResult[0].cItems]; for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i) { drsrSiteDns[i] = reply.Value.V1.pResult[0].rItems[i].pName.ToLower(); drsrDnsHostNames[i] = reply.Value.V1.pResult[0].rItems[i].pDomain.ToLower(); testSite.Assert.IsTrue( reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR, "IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: return status should be 0, got {0}", reply.Value.V1.pResult[0].rItems[i].status ); } testSite.Assert.IsTrue( DrsrHelper.IsStringArrayEqual(siteDns, drsrSiteDns), "IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: failed to verify site DNs." ); testSite.Assert.IsTrue( DrsrHelper.IsStringArrayEqual(dnsHostNames, drsrDnsHostNames), "IDL_DRSCrackNames: DS_LIST_GLOBAL_CATALOG_SERVERS: failed to verify server DNS host names." ); }
void VerifyCrackNamesListServersForDomainInSite( DsServer dc, DRS_MSG_CRACKREQ req, DRS_MSG_CRACKREPLY?reply) { string domainDn = req.V1.rpNames[0]; string siteDn = req.V1.rpNames[1]; DsServer[] servers = ldapAd.ListServersForDomainInSite(dc, domainDn, siteDn); testSite.Assert.IsTrue( reply.Value.V1.pResult[0].cItems == servers.Length, "IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: wrong server count, expect:{0}, got:{1}", servers.Length, reply.Value.V1.pResult[0].cItems ); string[] serverDns = new string[servers.Length]; for (int i = 0; i < servers.Length; ++i) { serverDns[i] = servers[i].ServerObjectName; } string[] drsrServers = new string[reply.Value.V1.pResult[0].cItems]; for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i) { drsrServers[i] = reply.Value.V1.pResult[0].rItems[i].pName; testSite.Assert.IsTrue( reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR, "IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: return status should be 0, got {0}", reply.Value.V1.pResult[0].rItems[i].status ); } testSite.Assert.IsTrue( DrsrHelper.IsStringArrayEqual(serverDns, drsrServers), "IDL_DRSCrackNames: DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE: failed to verify servers in site {0}", siteDn ); }
void VerifyCrackNamesListNcs( DsServer dc, DRS_MSG_CRACKREQ req, DRS_MSG_CRACKREPLY?reply) { string[] ncs = ldapAd.ListNCs(dc); string[] drsrNcs = new string[reply.Value.V1.pResult[0].cItems]; for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i) { drsrNcs[i] = reply.Value.V1.pResult[0].rItems[i].pName; testSite.Assert.IsTrue( reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR, "IDL_DRSCrackNames: DS_LIST_NCS: return status should be 0, got {0}", reply.Value.V1.pResult[0].rItems[i].status ); } testSite.Assert.IsTrue( DrsrHelper.IsStringArrayEqual(ncs, drsrNcs), "IDL_DRSCrackNames: DS_LIST_NCS: failed to verify NCs." ); }
void VerifyCrackNamesListDomainsInSite( DsServer dc, DRS_MSG_CRACKREQ req, DRS_MSG_CRACKREPLY?reply) { string siteDn = req.V1.rpNames[0]; DsSite site = ldapAd.GetSite(dc, siteDn); string[] domains = new string[site.Domains.Length]; testSite.Assert.IsTrue( reply.Value.V1.pResult[0].cItems == domains.Length, "IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: wrong domain count, expect:{0}, got:{1}", domains.Length, reply.Value.V1.pResult[0].cItems ); for (int i = 0; i < site.Domains.Length; ++i) { domains[i] = site.Domains[i].Name; } string[] drsrDomains = new string[reply.Value.V1.pResult[0].cItems]; for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i) { drsrDomains[i] = reply.Value.V1.pResult[0].rItems[i].pName; testSite.Assert.IsTrue( reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR, "IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: return status should be 0, got {0}", reply.Value.V1.pResult[0].rItems[i].status ); } testSite.Assert.IsTrue( DrsrHelper.IsStringArrayEqual(domains, drsrDomains), "IDL_DRSCrackNames: DS_LIST_DOMAINS_IN_SITE: failed to verify servers in site {0}", siteDn ); }
void VerifyCrackNamesListDomains( DsServer dc, DRS_MSG_CRACKREQ req, DRS_MSG_CRACKREPLY?reply) { DsDomain[] domains = ldapAd.ListDomains(dc); testSite.Assert.IsTrue( reply.Value.V1.pResult[0].cItems == domains.Length, "IDL_DRSCrackNames: DS_LIST_DOMAINS: wrong domain count, expect:{0}, got:{1}", domains.Length, reply.Value.V1.pResult[0].cItems ); string[] domainDns = new string[domains.Length]; for (int i = 0; i < domains.Length; ++i) { domainDns[i] = domains[i].Name; } DS_NAME_RESULTW result = reply.Value.V1.pResult[0]; string[] listDomainDns = new string[result.cItems]; for (int i = 0; i < result.cItems; ++i) { testSite.Assert.IsTrue( result.rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR, "IDL_DRSCrackNames: DS_LIST_DOMAINS: return status should be 0, got {0}", result.rItems[i].status ); listDomainDns[i] = result.rItems[i].pName; } testSite.Assert.IsTrue( DrsrHelper.IsStringArrayEqual(domainDns, listDomainDns), "IDL_DRSCrackNames: DS_LIST_DOMAINS: failed to verify domain DNs." ); }
// Verify DS_LIST_SITES of IDL_DRSCrackNames void VerifyCrackNamesListAllSites( DsServer dc, DRS_MSG_CRACKREQ req, DRS_MSG_CRACKREPLY?reply) { DsSite[] sites = ldapAd.ListSites(dc); testSite.Assert.IsTrue( reply.Value.V1.pResult[0].cItems == sites.Length, "IDL_DRSCrackNames: DS_LIST_SITES: wrong site count, expect:{0}, got:{1}", sites.Length, reply.Value.V1.pResult[0].cItems ); string[] siteDns = new string[sites.Length]; for (int i = 0; i < sites.Length; ++i) { siteDns[i] = sites[i].DN; } string[] listSiteDns = new string[reply.Value.V1.pResult[0].cItems]; for (int i = 0; i < reply.Value.V1.pResult[0].cItems; ++i) { testSite.Assert.IsTrue( reply.Value.V1.pResult[0].rItems[i].status == DS_NAME_ERROR.DS_NAME_NO_ERROR, "IDL_DRSCrackNames: DS_LIST_SITES: return status should be 0, got {0}", reply.Value.V1.pResult[0].rItems[i].status ); listSiteDns[i] = reply.Value.V1.pResult[0].rItems[i].pName; } testSite.Assert.IsTrue( DrsrHelper.IsStringArrayEqual(siteDns, listSiteDns), "IDL_DRSCrackNames: DS_LIST_SITES: failed to verify site DNs" ); }
string DomainDNSNameFromDomain(DsServer dc, DSNAME domainNc) { // Looks like this method also returns NetBIOS name // return DomainNetBIOSNameFromDomain(dc, domainNc); return(DrsrHelper.GetFQDNFromDN(LdapUtility.ConvertUshortArrayToString(domainNc.StringName))); }
public void DRSR_DRSCloneDC_V1_Success() { DrsrTestChecker.Check(); DsServer svr = (DsServer)EnvironmentConfig.MachineStore[EnvironmentConfig.Machine.WritableDC1]; AddObjectUpdate machineAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1, svr.ComputerObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName)); updateStorage.PushUpdate(machineAccount); AddObjectUpdate ntdsContainerAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1, "CN=" + EnvironmentConfig.ClonedDCNetbiosName + "," + DrsrHelper.GetParentDNFromChildDN(DrsrHelper.GetParentDNFromChildDN(svr.NtdsDsaObjectName))); updateStorage.PushUpdate(ntdsContainerAccount); AddObjectUpdate ntdsAccount = new AddObjectUpdate(EnvironmentConfig.Machine.WritableDC1, svr.NtdsDsaObjectName.Replace(svr.NetbiosName, EnvironmentConfig.ClonedDCNetbiosName)); updateStorage.PushUpdate(ntdsAccount); BaseTestSite.Assert.IsTrue(ldapAdapter.GrantControlAccess(svr, EnvironmentConfig.UserStore[EnvironmentConfig.User.MainDCAccount], svr.Domain.Name, System.DirectoryServices.ActiveDirectoryRights.ExtendedRight, System.Security.AccessControl.AccessControlType.Allow, DRSConstants.ExtendRights.DSCloneDomainController), "Grant control access to clone DC firstly"); drsTestClient.DrsBind(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.User.MainDCAccount, DRS_EXTENSIONS_IN_FLAGS.DRS_EXT_BASE); drsTestClient.DrsAddCloneDC(EnvironmentConfig.Machine.WritableDC1, EnvironmentConfig.ClonedDCNetbiosName, svr.Site.CN); }