diff --git a/Disco.Services/Devices/Enrolment/MacDeviceEnrolment.cs b/Disco.Services/Devices/Enrolment/MacDeviceEnrolment.cs index f8cb1a1c..7008a480 100644 --- a/Disco.Services/Devices/Enrolment/MacDeviceEnrolment.cs +++ b/Disco.Services/Devices/Enrolment/MacDeviceEnrolment.cs @@ -6,6 +6,8 @@ using PListNet; using PListNet.Nodes; using Renci.SshNet; using System; +using System.Collections.Generic; +using System.Data.Entity; using System.IO; using System.Linq; using System.Text; @@ -201,15 +203,20 @@ namespace Disco.Services.Devices.Enrolment throw new EnrolmentSafeException(@"The serial number cannot contain '/' or '\' characters."); EnrolmentLog.LogSessionProgress(sessionId, 10, "Querying Database"); - Device RepoDevice = Database.Devices.Include("AssignedUser").Include("DeviceProfile").Include("DeviceProfile").Where(d => d.SerialNumber == Request.DeviceSerialNumber).FirstOrDefault(); + Device device = Database.Devices + .Include(d => d.AssignedUser) + .Include(d => d.DeviceProfile) + .Include(d => d.DeviceModel) + .Include(d => d.DeviceDetails) + .Where(d => d.SerialNumber == Request.DeviceSerialNumber).FirstOrDefault(); if (!Trusted) { - if (RepoDevice == null) - throw new EnrolmentSafeException(string.Format("Unknown Device Serial Number (SN: '{0}')", Request.DeviceSerialNumber)); - if (!RepoDevice.AllowUnauthenticatedEnrol) - throw new EnrolmentSafeException(string.Format("Device isn't allowed an Unauthenticated Enrolment (SN: '{0}')", Request.DeviceSerialNumber)); + if (device == null) + throw new EnrolmentSafeException($"Unknown Device Serial Number (SN: '{Request.DeviceSerialNumber}')"); + if (!device.AllowUnauthenticatedEnrol) + throw new EnrolmentSafeException($"Device isn't allowed an Unauthenticated Enrolment (SN: '{Request.DeviceSerialNumber}')"); } - if (RepoDevice == null) + if (device == null) { EnrolmentLog.LogSessionProgress(sessionId, 50, "New Device, Building Disco Instance"); EnrolmentLog.LogSessionTaskAddedDevice(sessionId, Request.DeviceSerialNumber); @@ -222,7 +229,7 @@ namespace Disco.Services.Devices.Enrolment else EnrolmentLog.LogSessionDevice(sessionId, Request.DeviceSerialNumber, deviceModel.Id); - RepoDevice = new Device + device = new Device { SerialNumber = Request.DeviceSerialNumber, DeviceDomainId = Request.DeviceComputerName, @@ -230,9 +237,10 @@ namespace Disco.Services.Devices.Enrolment DeviceModel = deviceModel, AllowUnauthenticatedEnrol = false, CreatedDate = DateTime.Now, - EnrolledDate = DateTime.Now + EnrolledDate = DateTime.Now, + DeviceDetails = new List(), }; - Database.Devices.Add(RepoDevice); + Database.Devices.Add(device); } else { @@ -246,30 +254,36 @@ namespace Disco.Services.Devices.Enrolment else EnrolmentLog.LogSessionDevice(sessionId, Request.DeviceSerialNumber, deviceModel.Id); - RepoDevice.DeviceModel = deviceModel; + device.DeviceModel = deviceModel; - RepoDevice.DeviceDomainId = Request.DeviceComputerName; - if (!RepoDevice.EnrolledDate.HasValue) + device.DeviceDomainId = Request.DeviceComputerName; + if (!device.EnrolledDate.HasValue) { - RepoDevice.EnrolledDate = DateTime.Now; + device.EnrolledDate = DateTime.Now; } } - RepoDevice.LastEnrolDate = DateTime.Now; - RepoDevice.AllowUnauthenticatedEnrol = false; + + if (!string.IsNullOrEmpty(Request.DeviceLanMacAddress)) + device.DeviceDetails.LanMacAddress(device, Request.DeviceLanMacAddress); + if (!string.IsNullOrEmpty(Request.DeviceWlanMacAddress)) + device.DeviceDetails.WLanMacAddress(device, Request.DeviceWlanMacAddress); + + device.LastEnrolDate = DateTime.Now; + device.AllowUnauthenticatedEnrol = false; // Removed 2012-06-14 G# - Properties moved to DeviceProfile model & DB Migrated in DBv3. //DeviceProfileConfiguration RepoDeviceProfileContext = RepoDevice.DeviceProfile.Configuration(Context); EnrolmentLog.LogSessionProgress(sessionId, 90, "Building Response"); //if (RepoDeviceProfileContext.DistributionType == DeviceProfileConfiguration.DeviceProfileDistributionTypes.OneToOne && RepoDevice.AssignedUser != null) - if (RepoDevice.DeviceProfile.DistributionType == DeviceProfile.DistributionTypes.OneToOne && RepoDevice.AssignedUser != null) + if (device.DeviceProfile.DistributionType == DeviceProfile.DistributionTypes.OneToOne && device.AssignedUser != null) { - ADUserAccount AssignedUserInfo = ActiveDirectory.RetrieveADUserAccount(RepoDevice.AssignedUser.UserId); - EnrolmentLog.LogSessionTaskAssigningUser(sessionId, RepoDevice.SerialNumber, AssignedUserInfo.DisplayName, AssignedUserInfo.SamAccountName, AssignedUserInfo.Domain.NetBiosName, AssignedUserInfo.SecurityIdentifier.ToString()); + ADUserAccount AssignedUserInfo = ActiveDirectory.RetrieveADUserAccount(device.AssignedUser.UserId); + EnrolmentLog.LogSessionTaskAssigningUser(sessionId, device.SerialNumber, AssignedUserInfo.DisplayName, AssignedUserInfo.SamAccountName, AssignedUserInfo.Domain.NetBiosName, AssignedUserInfo.SecurityIdentifier.ToString()); response.DeviceAssignedUserUsername = AssignedUserInfo.SamAccountName; response.DeviceAssignedUserDomain = AssignedUserInfo.Domain.NetBiosName; response.DeviceAssignedUserName = AssignedUserInfo.DisplayName; response.DeviceAssignedUserSID = AssignedUserInfo.SecurityIdentifier.ToString(); } - response.DeviceComputerName = RepoDevice.DeviceDomainId; + response.DeviceComputerName = device.DeviceDomainId; EnrolmentLog.LogSessionProgress(sessionId, 100, "Completed Successfully"); } catch (EnrolmentSafeException ex) diff --git a/Disco.Services/Devices/Enrolment/WindowsDeviceEnrolment.cs b/Disco.Services/Devices/Enrolment/WindowsDeviceEnrolment.cs index b11529ec..921c42e0 100644 --- a/Disco.Services/Devices/Enrolment/WindowsDeviceEnrolment.cs +++ b/Disco.Services/Devices/Enrolment/WindowsDeviceEnrolment.cs @@ -7,6 +7,7 @@ using Disco.Services.Users; using System; using System.Collections.Concurrent; using System.Collections.Generic; +using System.Data.Entity; using System.Linq; using System.Security.Cryptography; @@ -42,7 +43,7 @@ namespace Disco.Services.Devices.Enrolment chars[i] = pendingIdentifierAlphabet[pendingIdentifierRng.Next(pendingIdentifierAlphabet.Length)]; } } - identifier = new string(chars); + identifier = new string(chars); if (!GetPendingEnrolments().Any(e => string.Equals(e.PendingIdentifier, identifier, StringComparison.Ordinal))) break; @@ -102,7 +103,6 @@ namespace Disco.Services.Devices.Enrolment return domain.GetAvailableDomainController(RequireWritable: true); }); - try { string sessionId; @@ -156,7 +156,12 @@ namespace Disco.Services.Devices.Enrolment } EnrolmentLog.LogSessionProgress(sessionId, 13, "Loading Device Data"); - Device RepoDevice = Database.Devices.Include("AssignedUser").Include("DeviceModel").Include("DeviceProfile").Where(d => d.SerialNumber == Request.SerialNumber).FirstOrDefault(); + Device device = Database.Devices + .Include(d => d.AssignedUser) + .Include(d => d.DeviceModel) + .Include(d => d.DeviceProfile) + .Include(d => d.DeviceDetails) + .Where(d => d.SerialNumber == Request.SerialNumber).FirstOrDefault(); EnrolmentLog.LogSessionProgress(sessionId, 15, "Discovering User/Device Disco ICT Permissions"); if (!sessionApproved) { @@ -167,33 +172,33 @@ namespace Disco.Services.Devices.Enrolment if (!authenticatedToken.Has(Claims.Device.Actions.EnrolDevices)) { if (!authenticatedToken.Has(Claims.ComputerAccount)) - throw new EnrolmentSafeException(string.Format("Connection not correctly authenticated (SN: {0}; Auth User: {1})", Request.SerialNumber, authenticatedToken.User.UserId)); + throw new EnrolmentSafeException($"Connection not correctly authenticated (SN: {Request.SerialNumber}; Auth User: {authenticatedToken.User.UserId})"); if (domain == null) domain = ActiveDirectory.Context.GetDomainByName(Request.DNSDomainName); - if (!authenticatedToken.User.UserId.Equals(string.Format(@"{0}\{1}$", domain.NetBiosName, Request.ComputerName), StringComparison.OrdinalIgnoreCase)) - throw new EnrolmentSafeException(string.Format("Connection not correctly authenticated (SN: {0}; Auth User: {1})", Request.SerialNumber, authenticatedToken.User.UserId)); + if (!authenticatedToken.User.UserId.Equals($@"{domain.NetBiosName}\{Request.ComputerName}$", StringComparison.OrdinalIgnoreCase)) + throw new EnrolmentSafeException($"Connection not correctly authenticated (SN: {Request.SerialNumber}; Auth User: {authenticatedToken.User.UserId})"); } } else { - if (RepoDevice == null) + if (device == null) { - throw new EnrolmentSafeException(string.Format("Unknown Device Serial Number (SN: '{0}')", Request.SerialNumber)); + throw new EnrolmentSafeException($"Unknown Device Serial Number (SN: '{Request.SerialNumber}')"); } - if (!RepoDevice.AllowUnauthenticatedEnrol) + if (!device.AllowUnauthenticatedEnrol) { - if (RepoDevice.DeviceProfile.AllowUntrustedReimageJobEnrolment) + if (device.DeviceProfile.AllowUntrustedReimageJobEnrolment) { - if (Database.Jobs.Count(j => j.DeviceSerialNumber == RepoDevice.SerialNumber && j.JobTypeId == JobType.JobTypeIds.SImg && !j.ClosedDate.HasValue) == 0) + if (Database.Jobs.Count(j => j.DeviceSerialNumber == device.SerialNumber && j.JobTypeId == JobType.JobTypeIds.SImg && !j.ClosedDate.HasValue) == 0) { - throw new EnrolmentSafeException(string.Format("Device has no open 'Software - Reimage' job (SN: '{0}')", Request.SerialNumber)); + throw new EnrolmentSafeException($"Device has no open 'Software - Reimage' job (SN: '{Request.SerialNumber}')"); } } else { - throw new EnrolmentSafeException(string.Format("Device isn't allowed an Unauthenticated Enrolment (SN: '{0}')", Request.SerialNumber)); + throw new EnrolmentSafeException($"Device isn't allowed an Unauthenticated Enrolment (SN: '{Request.SerialNumber}')"); } } } @@ -235,11 +240,11 @@ namespace Disco.Services.Devices.Enrolment if (domain == null) domain = ActiveDirectory.Context.GetDomainByName(Request.DNSDomainName); - var requestDeviceId = string.Format(@"{0}\{1}", domain.NetBiosName, Request.ComputerName); + var requestDeviceId = $@"{domain.NetBiosName}\{Request.ComputerName}"; adMachineAccount = domainController.Value.RetrieveADMachineAccount(requestDeviceId, uuidGuid, macAddressGuid); } - if (RepoDevice == null) + if (device == null) { EnrolmentLog.LogSessionProgress(sessionId, 30, "New Device, Creating Disco Instance"); EnrolmentLog.LogSessionTaskAddedDevice(sessionId, Request.SerialNumber); @@ -252,7 +257,7 @@ namespace Disco.Services.Devices.Enrolment else EnrolmentLog.LogSessionDevice(sessionId, Request.SerialNumber, deviceModel.Id); - RepoDevice = new Device + device = new Device { SerialNumber = Request.SerialNumber, DeviceDomainId = domain == null ? Request.ComputerName : $@"{domain.NetBiosName}\{Request.ComputerName}", @@ -264,14 +269,7 @@ namespace Disco.Services.Devices.Enrolment LastEnrolDate = DateTime.Now, DeviceDetails = new List() }; - Database.Devices.Add(RepoDevice); - - var lanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => !na.IsWlanAdapter).Select(na => na.MACAddress)); - var wlanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => na.IsWlanAdapter).Select(na => na.MACAddress)); - if (!string.IsNullOrEmpty(lanMacAddresses)) - RepoDevice.DeviceDetails.LanMacAddress(RepoDevice, lanMacAddresses); - if (!string.IsNullOrEmpty(wlanMacAddresses)) - RepoDevice.DeviceDetails.WLanMacAddress(RepoDevice, wlanMacAddresses); + Database.Devices.Add(device); } else { @@ -285,66 +283,65 @@ namespace Disco.Services.Devices.Enrolment else EnrolmentLog.LogSessionDevice(sessionId, Request.SerialNumber, deviceModel.Id); - RepoDevice.DeviceModel = deviceModel; + device.DeviceModel = deviceModel; var deviceDomainId = domain == null ? Request.ComputerName : $@"{domain.NetBiosName}\{Request.ComputerName}"; - if (!string.Equals(RepoDevice.DeviceDomainId, deviceDomainId, StringComparison.Ordinal)) - RepoDevice.DeviceDomainId = deviceDomainId; + if (!string.Equals(device.DeviceDomainId, deviceDomainId, StringComparison.Ordinal)) + device.DeviceDomainId = deviceDomainId; - var lanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => !na.IsWlanAdapter).Select(na => na.MACAddress)); - var wlanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => na.IsWlanAdapter).Select(na => na.MACAddress)); - if (!string.IsNullOrEmpty(lanMacAddresses)) - RepoDevice.DeviceDetails.LanMacAddress(RepoDevice, lanMacAddresses); - if (!string.IsNullOrEmpty(wlanMacAddresses)) - RepoDevice.DeviceDetails.WLanMacAddress(RepoDevice, wlanMacAddresses); - - if (!RepoDevice.EnrolledDate.HasValue) - RepoDevice.EnrolledDate = DateTime.Now; - RepoDevice.LastEnrolDate = DateTime.Now; + if (!device.EnrolledDate.HasValue) + device.EnrolledDate = DateTime.Now; + device.LastEnrolDate = DateTime.Now; } // store hardware audit information + var lanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => !na.IsWlanAdapter).Select(na => na.MACAddress)); + var wlanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => na.IsWlanAdapter).Select(na => na.MACAddress)); + if (!string.IsNullOrEmpty(lanMacAddresses)) + device.DeviceDetails.LanMacAddress(device, lanMacAddresses); + if (!string.IsNullOrEmpty(wlanMacAddresses)) + device.DeviceDetails.WLanMacAddress(device, wlanMacAddresses); if (Request.Hardware.Bios?.Count > 0) - RepoDevice.DeviceDetails.Bios(RepoDevice, Request.Hardware.Bios); + device.DeviceDetails.Bios(device, Request.Hardware.Bios); if (Request.Hardware.BasebBoard?.Count > 0) - RepoDevice.DeviceDetails.BaseBoard(RepoDevice, Request.Hardware.BasebBoard); + device.DeviceDetails.BaseBoard(device, Request.Hardware.BasebBoard); if (Request.Hardware.ComputerSystem?.Count > 0) - RepoDevice.DeviceDetails.ComputerSystem(RepoDevice, Request.Hardware.ComputerSystem); + device.DeviceDetails.ComputerSystem(device, Request.Hardware.ComputerSystem); if (Request.Hardware.Processors?.Count > 0) - RepoDevice.DeviceDetails.Processors(RepoDevice, Request.Hardware.Processors); + device.DeviceDetails.Processors(device, Request.Hardware.Processors); if (Request.Hardware.PhysicalMemory?.Count > 0) - RepoDevice.DeviceDetails.PhysicalMemory(RepoDevice, Request.Hardware.PhysicalMemory); + device.DeviceDetails.PhysicalMemory(device, Request.Hardware.PhysicalMemory); if (Request.Hardware.DiskDrives?.Count > 0) - RepoDevice.DeviceDetails.DiskDrives(RepoDevice, Request.Hardware.DiskDrives); + device.DeviceDetails.DiskDrives(device, Request.Hardware.DiskDrives); if (Request.Hardware.NetworkAdapters?.Count > 0) - RepoDevice.DeviceDetails.NetworkAdapters(RepoDevice, Request.Hardware.NetworkAdapters); + device.DeviceDetails.NetworkAdapters(device, Request.Hardware.NetworkAdapters); if (Request.Hardware.Batteries?.Count > 0) - RepoDevice.DeviceDetails.Batteries(RepoDevice, Request.Hardware.Batteries); + device.DeviceDetails.Batteries(device, Request.Hardware.Batteries); if (adMachineAccount == null) { - if (RepoDevice.DeviceProfile.ProvisionADAccount) + if (device.DeviceProfile.ProvisionADAccount) { EnrolmentLog.LogSessionProgress(sessionId, 50, "Provisioning an Active Directory Computer Account"); - if (string.IsNullOrWhiteSpace(RepoDevice.DeviceProfile.OrganisationalUnit)) + if (string.IsNullOrWhiteSpace(device.DeviceProfile.OrganisationalUnit)) throw new InvalidOperationException("No Organisational Unit has been set in the device profile"); if (domain == null) - domain = ActiveDirectory.Context.GetDomainFromDistinguishedName(RepoDevice.DeviceProfile.OrganisationalUnit); + domain = ActiveDirectory.Context.GetDomainFromDistinguishedName(device.DeviceProfile.OrganisationalUnit); - if (string.IsNullOrEmpty(RepoDevice.DeviceDomainId) || RepoDevice.DeviceProfile.EnforceComputerNameConvention) - RepoDevice.DeviceDomainId = RepoDevice.ComputerNameRender(Database, domain); - else if (!ActiveDirectory.IsValidDomainAccountId(RepoDevice.DeviceDomainId)) - if (RepoDevice.DeviceProfile.EnforceComputerNameConvention) - RepoDevice.DeviceDomainId = RepoDevice.ComputerNameRender(Database, domain); + if (string.IsNullOrEmpty(device.DeviceDomainId) || device.DeviceProfile.EnforceComputerNameConvention) + device.DeviceDomainId = device.ComputerNameRender(Database, domain); + else if (!ActiveDirectory.IsValidDomainAccountId(device.DeviceDomainId)) + if (device.DeviceProfile.EnforceComputerNameConvention) + device.DeviceDomainId = device.ComputerNameRender(Database, domain); else - RepoDevice.DeviceDomainId = $@"{domain.NetBiosName}\{Request.ComputerName}"; + device.DeviceDomainId = $@"{domain.NetBiosName}\{Request.ComputerName}"; string offlineProvisionDiagnosicInfo; - EnrolmentLog.LogSessionTaskProvisioningADAccount(sessionId, RepoDevice.SerialNumber, RepoDevice.DeviceDomainId); - adMachineAccount = domainController.Value.RetrieveADMachineAccount(RepoDevice.DeviceDomainId); + EnrolmentLog.LogSessionTaskProvisioningADAccount(sessionId, device.SerialNumber, device.DeviceDomainId); + adMachineAccount = domainController.Value.RetrieveADMachineAccount(device.DeviceDomainId); - response.OfflineDomainJoinManifest = domainController.Value.OfflineDomainJoinProvision(RepoDevice.DeviceDomainId, RepoDevice.DeviceProfile.OrganisationalUnit, ref adMachineAccount, out offlineProvisionDiagnosicInfo); + response.OfflineDomainJoinManifest = domainController.Value.OfflineDomainJoinProvision(device.DeviceDomainId, device.DeviceProfile.OrganisationalUnit, ref adMachineAccount, out offlineProvisionDiagnosicInfo); EnrolmentLog.LogSessionDiagnosticInformation(sessionId, offlineProvisionDiagnosicInfo); @@ -355,7 +352,7 @@ namespace Disco.Services.Devices.Enrolment response.ComputerName = adMachineAccount.Name; response.DomainName = adMachineAccount.Domain.NetBiosName; } - else if (ActiveDirectory.IsValidDomainAccountId(RepoDevice.DeviceDomainId, out var accountUsername, out var accountDomain)) + else if (ActiveDirectory.IsValidDomainAccountId(device.DeviceDomainId, out var accountUsername, out var accountDomain)) { response.DomainName = accountDomain == null ? null : accountDomain.NetBiosName; response.ComputerName = accountUsername; @@ -368,35 +365,35 @@ namespace Disco.Services.Devices.Enrolment } else { - RepoDevice.DeviceDomainId = adMachineAccount.Id.Trim('$'); + device.DeviceDomainId = adMachineAccount.Id.Trim('$'); response.ComputerName = adMachineAccount.Name; response.DomainName = adMachineAccount.Domain.NetBiosName; // Enforce Computer Name Convention - if (!adMachineAccount.IsCriticalSystemObject && RepoDevice.DeviceProfile.EnforceComputerNameConvention) + if (!adMachineAccount.IsCriticalSystemObject && device.DeviceProfile.EnforceComputerNameConvention) { - if (string.IsNullOrWhiteSpace(RepoDevice.DeviceProfile.OrganisationalUnit)) + if (string.IsNullOrWhiteSpace(device.DeviceProfile.OrganisationalUnit)) throw new InvalidOperationException("No Organisational Unit has been set in the device profile"); if (domain == null) - domain = ActiveDirectory.Context.GetDomainFromDistinguishedName(RepoDevice.DeviceProfile.OrganisationalUnit); + domain = ActiveDirectory.Context.GetDomainFromDistinguishedName(device.DeviceProfile.OrganisationalUnit); - var calculatedComputerName = RepoDevice.ComputerNameRender(Database, domain); + var calculatedComputerName = device.ComputerNameRender(Database, domain); string calculatedAccountUsername; ActiveDirectory.ParseDomainAccountId(calculatedComputerName, out calculatedAccountUsername); if (!Request.ComputerName.Equals(calculatedAccountUsername, StringComparison.OrdinalIgnoreCase)) { - EnrolmentLog.LogSessionProgress(sessionId, 50, string.Format("Renaming Device: {0} -> {1}", Request.ComputerName, calculatedComputerName)); + EnrolmentLog.LogSessionProgress(sessionId, 50, $"Renaming Device: {Request.ComputerName} -> {calculatedComputerName}"); EnrolmentLog.LogSessionTaskRenamingDevice(sessionId, Request.ComputerName, calculatedComputerName); - RepoDevice.DeviceDomainId = calculatedComputerName; + device.DeviceDomainId = calculatedComputerName; response.DomainName = domain.NetBiosName; response.ComputerName = calculatedAccountUsername; // Create New Account string offlineProvisionDiagnosicInfo; - response.OfflineDomainJoinManifest = domainController.Value.OfflineDomainJoinProvision(RepoDevice.DeviceDomainId, RepoDevice.DeviceProfile.OrganisationalUnit, ref adMachineAccount, out offlineProvisionDiagnosicInfo); + response.OfflineDomainJoinManifest = domainController.Value.OfflineDomainJoinProvision(device.DeviceDomainId, device.DeviceProfile.OrganisationalUnit, ref adMachineAccount, out offlineProvisionDiagnosicInfo); EnrolmentLog.LogSessionDiagnosticInformation(sessionId, offlineProvisionDiagnosicInfo); @@ -405,15 +402,15 @@ namespace Disco.Services.Devices.Enrolment } // Enforce Organisational Unit - if (!adMachineAccount.IsCriticalSystemObject && response.OfflineDomainJoinManifest == null && RepoDevice.DeviceProfile.EnforceOrganisationalUnit) + if (!adMachineAccount.IsCriticalSystemObject && response.OfflineDomainJoinManifest == null && device.DeviceProfile.EnforceOrganisationalUnit) { var parentDistinguishedName = adMachineAccount.ParentDistinguishedName; - if (string.IsNullOrWhiteSpace(RepoDevice.DeviceProfile.OrganisationalUnit)) - throw new InvalidOperationException(string.Format("The Organisational Unit for the Device Profile '{0}' [{1}] is not set.", RepoDevice.DeviceProfile.Name, RepoDevice.DeviceProfile.Id)); + if (string.IsNullOrWhiteSpace(device.DeviceProfile.OrganisationalUnit)) + throw new InvalidOperationException($"The Organisational Unit for the Device Profile '{device.DeviceProfile.Name}' [{device.DeviceProfile.Id}] is not set."); - if (!parentDistinguishedName.Equals(RepoDevice.DeviceProfile.OrganisationalUnit, StringComparison.OrdinalIgnoreCase)) // Custom OU + if (!parentDistinguishedName.Equals(device.DeviceProfile.OrganisationalUnit, StringComparison.OrdinalIgnoreCase)) // Custom OU { - var proposedDomain = ActiveDirectory.Context.GetDomainFromDistinguishedName(RepoDevice.DeviceProfile.OrganisationalUnit); + var proposedDomain = ActiveDirectory.Context.GetDomainFromDistinguishedName(device.DeviceProfile.OrganisationalUnit); var currentDomain = ActiveDirectory.Context.GetDomainFromDistinguishedName(parentDistinguishedName); if (currentDomain != proposedDomain) throw new NotSupportedException("Unable to move the devices organisational unit when the source and destination domains are different."); @@ -422,9 +419,9 @@ namespace Disco.Services.Devices.Enrolment else if (domain != proposedDomain) throw new NotSupportedException("To many domains involved in this enrolment, contact support regarding your scenario."); - EnrolmentLog.LogSessionProgress(sessionId, 65, string.Format("Moving Device Organisational Unit: {0} -> {1}", parentDistinguishedName, RepoDevice.DeviceProfile.OrganisationalUnit)); - EnrolmentLog.LogSessionTaskMovingDeviceOrganisationUnit(sessionId, parentDistinguishedName, RepoDevice.DeviceProfile.OrganisationalUnit); - adMachineAccount.MoveOrganisationalUnit(domainController.Value, RepoDevice.DeviceProfile.OrganisationalUnit); + EnrolmentLog.LogSessionProgress(sessionId, 65, $"Moving Device Organisational Unit: {parentDistinguishedName} -> {device.DeviceProfile.OrganisationalUnit}"); + EnrolmentLog.LogSessionTaskMovingDeviceOrganisationUnit(sessionId, parentDistinguishedName, device.DeviceProfile.OrganisationalUnit); + adMachineAccount.MoveOrganisationalUnit(domainController.Value, device.DeviceProfile.OrganisationalUnit); response.RequireReboot = true; } } @@ -438,27 +435,27 @@ namespace Disco.Services.Devices.Enrolment // Use non-Wlan Adapter with fastest speed var macAddress = Request.Hardware?.NetworkAdapters?.Where(na => !na.IsWlanAdapter).OrderByDescending(na => na.Speed).Select(na => na.MACAddress).FirstOrDefault(); adMachineAccount.UpdateNetbootGUID(Request.Hardware.UUID, macAddress); - if (RepoDevice.AssignedUser != null) - adMachineAccount.SetDescription(RepoDevice); + if (device.AssignedUser != null) + adMachineAccount.SetDescription(device); } catch (Exception ex) { EnrolmentLog.LogSessionWarning(sessionId, $"Unable to update AD Machine Account attributes: {ex.Message}"); } } - if (RepoDevice.DeviceProfile.DistributionType == DeviceProfile.DistributionTypes.OneToOne) + if (device.DeviceProfile.DistributionType == DeviceProfile.DistributionTypes.OneToOne) { - if (RepoDevice.AssignedUser == null) + if (device.AssignedUser == null) { response.AllowBootstrapperUninstall = false; } else { EnrolmentLog.LogSessionProgress(sessionId, 80, "Retrieving Active Directory Assigned User Account"); - ADUserAccount AssignedUserInfo = ActiveDirectory.RetrieveADUserAccount(RepoDevice.AssignedUser.UserId); - EnrolmentLog.LogSessionTaskAssigningUser(sessionId, RepoDevice.SerialNumber, AssignedUserInfo.DisplayName, AssignedUserInfo.SamAccountName, AssignedUserInfo.Domain.NetBiosName, AssignedUserInfo.SecurityIdentifier.ToString()); + ADUserAccount AssignedUserInfo = ActiveDirectory.RetrieveADUserAccount(device.AssignedUser.UserId); + EnrolmentLog.LogSessionTaskAssigningUser(sessionId, device.SerialNumber, AssignedUserInfo.DisplayName, AssignedUserInfo.SamAccountName, AssignedUserInfo.Domain.NetBiosName, AssignedUserInfo.SecurityIdentifier.ToString()); response.AllowBootstrapperUninstall = true; - response.AssignedUserIsLocalAdmin = RepoDevice.DeviceProfile.AssignedUserLocalAdmin; + response.AssignedUserIsLocalAdmin = device.DeviceProfile.AssignedUserLocalAdmin; response.AssignedUserUsername = AssignedUserInfo.SamAccountName; response.AssignedUserDomain = AssignedUserInfo.Domain.NetBiosName; response.AssignedUserDescription = AssignedUserInfo.DisplayName; @@ -471,19 +468,19 @@ namespace Disco.Services.Devices.Enrolment } // Provision Certificates - if (!string.IsNullOrEmpty(RepoDevice.DeviceProfile.CertificateProviders) || - !string.IsNullOrEmpty(RepoDevice.DeviceProfile.CertificateAuthorityProviders)) + if (!string.IsNullOrEmpty(device.DeviceProfile.CertificateProviders) || + !string.IsNullOrEmpty(device.DeviceProfile.CertificateAuthorityProviders)) { EnrolmentLog.LogSessionProgress(sessionId, 90, "Provisioning Certificates"); List provisionedCertificates; - var provisionResult = RepoDevice.ProvisionCertificates(Database, Request, out provisionedCertificates); + var provisionResult = device.ProvisionCertificates(Database, Request, out provisionedCertificates); if (provisionedCertificates != null && provisionedCertificates.Count > 0) { foreach (var deviceCertificate in provisionedCertificates) { - EnrolmentLog.LogSessionTaskProvisioningCertificate(sessionId, RepoDevice.SerialNumber, deviceCertificate.Name); + EnrolmentLog.LogSessionTaskProvisioningCertificate(sessionId, device.SerialNumber, deviceCertificate.Name); } } @@ -491,17 +488,17 @@ namespace Disco.Services.Devices.Enrolment } // Provision Wireless Profiles - if (!string.IsNullOrEmpty(RepoDevice.DeviceProfile.WirelessProfileProviders)) + if (!string.IsNullOrEmpty(device.DeviceProfile.WirelessProfileProviders)) { EnrolmentLog.LogSessionProgress(sessionId, 95, "Provisioning Wireless Profiles"); - var provisionResult = RepoDevice.ProvisionWirelessProfiles(Database, Request); + var provisionResult = device.ProvisionWirelessProfiles(Database, Request); if (provisionResult != null && provisionResult.Profiles != null) { foreach (var wirelessProfiles in provisionResult.Profiles) { - EnrolmentLog.LogSessionTaskProvisioningWirelessProfile(sessionId, RepoDevice.SerialNumber, wirelessProfiles.Name); + EnrolmentLog.LogSessionTaskProvisioningWirelessProfile(sessionId, device.SerialNumber, wirelessProfiles.Name); } } @@ -509,8 +506,8 @@ namespace Disco.Services.Devices.Enrolment } // Reset 'AllowUnauthenticatedEnrol' - if (RepoDevice.AllowUnauthenticatedEnrol) - RepoDevice.AllowUnauthenticatedEnrol = false; + if (device.AllowUnauthenticatedEnrol) + device.AllowUnauthenticatedEnrol = false; EnrolmentLog.LogSessionProgress(sessionId, 100, "Completed Successfully"); }