bug fix #104 hardware mac addresses not saving on MacOSX enrol
This commit is contained in:
Gary Sharp
@@ -6,6 +6,8 @@ using PListNet;
|
||||
using PListNet.Nodes;
|
||||
using Renci.SshNet;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Data.Entity;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Text;
|
||||
@@ -201,15 +203,20 @@ namespace Disco.Services.Devices.Enrolment
|
||||
throw new EnrolmentSafeException(@"The serial number cannot contain '/' or '\' characters.");
|
||||
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 10, "Querying Database");
|
||||
Device RepoDevice = Database.Devices.Include("AssignedUser").Include("DeviceProfile").Include("DeviceProfile").Where(d => d.SerialNumber == Request.DeviceSerialNumber).FirstOrDefault();
|
||||
Device device = Database.Devices
|
||||
.Include(d => d.AssignedUser)
|
||||
.Include(d => d.DeviceProfile)
|
||||
.Include(d => d.DeviceModel)
|
||||
.Include(d => d.DeviceDetails)
|
||||
.Where(d => d.SerialNumber == Request.DeviceSerialNumber).FirstOrDefault();
|
||||
if (!Trusted)
|
||||
{
|
||||
if (RepoDevice == null)
|
||||
throw new EnrolmentSafeException(string.Format("Unknown Device Serial Number (SN: '{0}')", Request.DeviceSerialNumber));
|
||||
if (!RepoDevice.AllowUnauthenticatedEnrol)
|
||||
throw new EnrolmentSafeException(string.Format("Device isn't allowed an Unauthenticated Enrolment (SN: '{0}')", Request.DeviceSerialNumber));
|
||||
if (device == null)
|
||||
throw new EnrolmentSafeException($"Unknown Device Serial Number (SN: '{Request.DeviceSerialNumber}')");
|
||||
if (!device.AllowUnauthenticatedEnrol)
|
||||
throw new EnrolmentSafeException($"Device isn't allowed an Unauthenticated Enrolment (SN: '{Request.DeviceSerialNumber}')");
|
||||
}
|
||||
if (RepoDevice == null)
|
||||
if (device == null)
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 50, "New Device, Building Disco Instance");
|
||||
EnrolmentLog.LogSessionTaskAddedDevice(sessionId, Request.DeviceSerialNumber);
|
||||
@@ -222,7 +229,7 @@ namespace Disco.Services.Devices.Enrolment
|
||||
else
|
||||
EnrolmentLog.LogSessionDevice(sessionId, Request.DeviceSerialNumber, deviceModel.Id);
|
||||
|
||||
RepoDevice = new Device
|
||||
device = new Device
|
||||
{
|
||||
SerialNumber = Request.DeviceSerialNumber,
|
||||
DeviceDomainId = Request.DeviceComputerName,
|
||||
@@ -230,9 +237,10 @@ namespace Disco.Services.Devices.Enrolment
|
||||
DeviceModel = deviceModel,
|
||||
AllowUnauthenticatedEnrol = false,
|
||||
CreatedDate = DateTime.Now,
|
||||
EnrolledDate = DateTime.Now
|
||||
EnrolledDate = DateTime.Now,
|
||||
DeviceDetails = new List<DeviceDetail>(),
|
||||
};
|
||||
Database.Devices.Add(RepoDevice);
|
||||
Database.Devices.Add(device);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -246,30 +254,36 @@ namespace Disco.Services.Devices.Enrolment
|
||||
else
|
||||
EnrolmentLog.LogSessionDevice(sessionId, Request.DeviceSerialNumber, deviceModel.Id);
|
||||
|
||||
RepoDevice.DeviceModel = deviceModel;
|
||||
device.DeviceModel = deviceModel;
|
||||
|
||||
RepoDevice.DeviceDomainId = Request.DeviceComputerName;
|
||||
if (!RepoDevice.EnrolledDate.HasValue)
|
||||
device.DeviceDomainId = Request.DeviceComputerName;
|
||||
if (!device.EnrolledDate.HasValue)
|
||||
{
|
||||
RepoDevice.EnrolledDate = DateTime.Now;
|
||||
device.EnrolledDate = DateTime.Now;
|
||||
}
|
||||
}
|
||||
RepoDevice.LastEnrolDate = DateTime.Now;
|
||||
RepoDevice.AllowUnauthenticatedEnrol = false;
|
||||
|
||||
if (!string.IsNullOrEmpty(Request.DeviceLanMacAddress))
|
||||
device.DeviceDetails.LanMacAddress(device, Request.DeviceLanMacAddress);
|
||||
if (!string.IsNullOrEmpty(Request.DeviceWlanMacAddress))
|
||||
device.DeviceDetails.WLanMacAddress(device, Request.DeviceWlanMacAddress);
|
||||
|
||||
device.LastEnrolDate = DateTime.Now;
|
||||
device.AllowUnauthenticatedEnrol = false;
|
||||
// Removed 2012-06-14 G# - Properties moved to DeviceProfile model & DB Migrated in DBv3.
|
||||
//DeviceProfileConfiguration RepoDeviceProfileContext = RepoDevice.DeviceProfile.Configuration(Context);
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 90, "Building Response");
|
||||
//if (RepoDeviceProfileContext.DistributionType == DeviceProfileConfiguration.DeviceProfileDistributionTypes.OneToOne && RepoDevice.AssignedUser != null)
|
||||
if (RepoDevice.DeviceProfile.DistributionType == DeviceProfile.DistributionTypes.OneToOne && RepoDevice.AssignedUser != null)
|
||||
if (device.DeviceProfile.DistributionType == DeviceProfile.DistributionTypes.OneToOne && device.AssignedUser != null)
|
||||
{
|
||||
ADUserAccount AssignedUserInfo = ActiveDirectory.RetrieveADUserAccount(RepoDevice.AssignedUser.UserId);
|
||||
EnrolmentLog.LogSessionTaskAssigningUser(sessionId, RepoDevice.SerialNumber, AssignedUserInfo.DisplayName, AssignedUserInfo.SamAccountName, AssignedUserInfo.Domain.NetBiosName, AssignedUserInfo.SecurityIdentifier.ToString());
|
||||
ADUserAccount AssignedUserInfo = ActiveDirectory.RetrieveADUserAccount(device.AssignedUser.UserId);
|
||||
EnrolmentLog.LogSessionTaskAssigningUser(sessionId, device.SerialNumber, AssignedUserInfo.DisplayName, AssignedUserInfo.SamAccountName, AssignedUserInfo.Domain.NetBiosName, AssignedUserInfo.SecurityIdentifier.ToString());
|
||||
response.DeviceAssignedUserUsername = AssignedUserInfo.SamAccountName;
|
||||
response.DeviceAssignedUserDomain = AssignedUserInfo.Domain.NetBiosName;
|
||||
response.DeviceAssignedUserName = AssignedUserInfo.DisplayName;
|
||||
response.DeviceAssignedUserSID = AssignedUserInfo.SecurityIdentifier.ToString();
|
||||
}
|
||||
response.DeviceComputerName = RepoDevice.DeviceDomainId;
|
||||
response.DeviceComputerName = device.DeviceDomainId;
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 100, "Completed Successfully");
|
||||
}
|
||||
catch (EnrolmentSafeException ex)
|
||||
|
||||
@@ -7,6 +7,7 @@ using Disco.Services.Users;
|
||||
using System;
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
using System.Data.Entity;
|
||||
using System.Linq;
|
||||
using System.Security.Cryptography;
|
||||
|
||||
@@ -102,7 +103,6 @@ namespace Disco.Services.Devices.Enrolment
|
||||
return domain.GetAvailableDomainController(RequireWritable: true);
|
||||
});
|
||||
|
||||
|
||||
try
|
||||
{
|
||||
string sessionId;
|
||||
@@ -156,7 +156,12 @@ namespace Disco.Services.Devices.Enrolment
|
||||
}
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 13, "Loading Device Data");
|
||||
|
||||
Device RepoDevice = Database.Devices.Include("AssignedUser").Include("DeviceModel").Include("DeviceProfile").Where(d => d.SerialNumber == Request.SerialNumber).FirstOrDefault();
|
||||
Device device = Database.Devices
|
||||
.Include(d => d.AssignedUser)
|
||||
.Include(d => d.DeviceModel)
|
||||
.Include(d => d.DeviceProfile)
|
||||
.Include(d => d.DeviceDetails)
|
||||
.Where(d => d.SerialNumber == Request.SerialNumber).FirstOrDefault();
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 15, "Discovering User/Device Disco ICT Permissions");
|
||||
if (!sessionApproved)
|
||||
{
|
||||
@@ -167,33 +172,33 @@ namespace Disco.Services.Devices.Enrolment
|
||||
if (!authenticatedToken.Has(Claims.Device.Actions.EnrolDevices))
|
||||
{
|
||||
if (!authenticatedToken.Has(Claims.ComputerAccount))
|
||||
throw new EnrolmentSafeException(string.Format("Connection not correctly authenticated (SN: {0}; Auth User: {1})", Request.SerialNumber, authenticatedToken.User.UserId));
|
||||
throw new EnrolmentSafeException($"Connection not correctly authenticated (SN: {Request.SerialNumber}; Auth User: {authenticatedToken.User.UserId})");
|
||||
|
||||
if (domain == null)
|
||||
domain = ActiveDirectory.Context.GetDomainByName(Request.DNSDomainName);
|
||||
|
||||
if (!authenticatedToken.User.UserId.Equals(string.Format(@"{0}\{1}$", domain.NetBiosName, Request.ComputerName), StringComparison.OrdinalIgnoreCase))
|
||||
throw new EnrolmentSafeException(string.Format("Connection not correctly authenticated (SN: {0}; Auth User: {1})", Request.SerialNumber, authenticatedToken.User.UserId));
|
||||
if (!authenticatedToken.User.UserId.Equals($@"{domain.NetBiosName}\{Request.ComputerName}$", StringComparison.OrdinalIgnoreCase))
|
||||
throw new EnrolmentSafeException($"Connection not correctly authenticated (SN: {Request.SerialNumber}; Auth User: {authenticatedToken.User.UserId})");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (RepoDevice == null)
|
||||
if (device == null)
|
||||
{
|
||||
throw new EnrolmentSafeException(string.Format("Unknown Device Serial Number (SN: '{0}')", Request.SerialNumber));
|
||||
throw new EnrolmentSafeException($"Unknown Device Serial Number (SN: '{Request.SerialNumber}')");
|
||||
}
|
||||
if (!RepoDevice.AllowUnauthenticatedEnrol)
|
||||
if (!device.AllowUnauthenticatedEnrol)
|
||||
{
|
||||
if (RepoDevice.DeviceProfile.AllowUntrustedReimageJobEnrolment)
|
||||
if (device.DeviceProfile.AllowUntrustedReimageJobEnrolment)
|
||||
{
|
||||
if (Database.Jobs.Count(j => j.DeviceSerialNumber == RepoDevice.SerialNumber && j.JobTypeId == JobType.JobTypeIds.SImg && !j.ClosedDate.HasValue) == 0)
|
||||
if (Database.Jobs.Count(j => j.DeviceSerialNumber == device.SerialNumber && j.JobTypeId == JobType.JobTypeIds.SImg && !j.ClosedDate.HasValue) == 0)
|
||||
{
|
||||
throw new EnrolmentSafeException(string.Format("Device has no open 'Software - Reimage' job (SN: '{0}')", Request.SerialNumber));
|
||||
throw new EnrolmentSafeException($"Device has no open 'Software - Reimage' job (SN: '{Request.SerialNumber}')");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new EnrolmentSafeException(string.Format("Device isn't allowed an Unauthenticated Enrolment (SN: '{0}')", Request.SerialNumber));
|
||||
throw new EnrolmentSafeException($"Device isn't allowed an Unauthenticated Enrolment (SN: '{Request.SerialNumber}')");
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -235,11 +240,11 @@ namespace Disco.Services.Devices.Enrolment
|
||||
if (domain == null)
|
||||
domain = ActiveDirectory.Context.GetDomainByName(Request.DNSDomainName);
|
||||
|
||||
var requestDeviceId = string.Format(@"{0}\{1}", domain.NetBiosName, Request.ComputerName);
|
||||
var requestDeviceId = $@"{domain.NetBiosName}\{Request.ComputerName}";
|
||||
|
||||
adMachineAccount = domainController.Value.RetrieveADMachineAccount(requestDeviceId, uuidGuid, macAddressGuid);
|
||||
}
|
||||
if (RepoDevice == null)
|
||||
if (device == null)
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 30, "New Device, Creating Disco Instance");
|
||||
EnrolmentLog.LogSessionTaskAddedDevice(sessionId, Request.SerialNumber);
|
||||
@@ -252,7 +257,7 @@ namespace Disco.Services.Devices.Enrolment
|
||||
else
|
||||
EnrolmentLog.LogSessionDevice(sessionId, Request.SerialNumber, deviceModel.Id);
|
||||
|
||||
RepoDevice = new Device
|
||||
device = new Device
|
||||
{
|
||||
SerialNumber = Request.SerialNumber,
|
||||
DeviceDomainId = domain == null ? Request.ComputerName : $@"{domain.NetBiosName}\{Request.ComputerName}",
|
||||
@@ -264,14 +269,7 @@ namespace Disco.Services.Devices.Enrolment
|
||||
LastEnrolDate = DateTime.Now,
|
||||
DeviceDetails = new List<DeviceDetail>()
|
||||
};
|
||||
Database.Devices.Add(RepoDevice);
|
||||
|
||||
var lanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => !na.IsWlanAdapter).Select(na => na.MACAddress));
|
||||
var wlanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => na.IsWlanAdapter).Select(na => na.MACAddress));
|
||||
if (!string.IsNullOrEmpty(lanMacAddresses))
|
||||
RepoDevice.DeviceDetails.LanMacAddress(RepoDevice, lanMacAddresses);
|
||||
if (!string.IsNullOrEmpty(wlanMacAddresses))
|
||||
RepoDevice.DeviceDetails.WLanMacAddress(RepoDevice, wlanMacAddresses);
|
||||
Database.Devices.Add(device);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -285,66 +283,65 @@ namespace Disco.Services.Devices.Enrolment
|
||||
else
|
||||
EnrolmentLog.LogSessionDevice(sessionId, Request.SerialNumber, deviceModel.Id);
|
||||
|
||||
RepoDevice.DeviceModel = deviceModel;
|
||||
device.DeviceModel = deviceModel;
|
||||
|
||||
var deviceDomainId = domain == null ? Request.ComputerName : $@"{domain.NetBiosName}\{Request.ComputerName}";
|
||||
if (!string.Equals(RepoDevice.DeviceDomainId, deviceDomainId, StringComparison.Ordinal))
|
||||
RepoDevice.DeviceDomainId = deviceDomainId;
|
||||
if (!string.Equals(device.DeviceDomainId, deviceDomainId, StringComparison.Ordinal))
|
||||
device.DeviceDomainId = deviceDomainId;
|
||||
|
||||
var lanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => !na.IsWlanAdapter).Select(na => na.MACAddress));
|
||||
var wlanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => na.IsWlanAdapter).Select(na => na.MACAddress));
|
||||
if (!string.IsNullOrEmpty(lanMacAddresses))
|
||||
RepoDevice.DeviceDetails.LanMacAddress(RepoDevice, lanMacAddresses);
|
||||
if (!string.IsNullOrEmpty(wlanMacAddresses))
|
||||
RepoDevice.DeviceDetails.WLanMacAddress(RepoDevice, wlanMacAddresses);
|
||||
|
||||
if (!RepoDevice.EnrolledDate.HasValue)
|
||||
RepoDevice.EnrolledDate = DateTime.Now;
|
||||
RepoDevice.LastEnrolDate = DateTime.Now;
|
||||
if (!device.EnrolledDate.HasValue)
|
||||
device.EnrolledDate = DateTime.Now;
|
||||
device.LastEnrolDate = DateTime.Now;
|
||||
}
|
||||
|
||||
// store hardware audit information
|
||||
var lanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => !na.IsWlanAdapter).Select(na => na.MACAddress));
|
||||
var wlanMacAddresses = string.Join("; ", Request.Hardware.NetworkAdapters?.Where(na => na.IsWlanAdapter).Select(na => na.MACAddress));
|
||||
if (!string.IsNullOrEmpty(lanMacAddresses))
|
||||
device.DeviceDetails.LanMacAddress(device, lanMacAddresses);
|
||||
if (!string.IsNullOrEmpty(wlanMacAddresses))
|
||||
device.DeviceDetails.WLanMacAddress(device, wlanMacAddresses);
|
||||
if (Request.Hardware.Bios?.Count > 0)
|
||||
RepoDevice.DeviceDetails.Bios(RepoDevice, Request.Hardware.Bios);
|
||||
device.DeviceDetails.Bios(device, Request.Hardware.Bios);
|
||||
if (Request.Hardware.BasebBoard?.Count > 0)
|
||||
RepoDevice.DeviceDetails.BaseBoard(RepoDevice, Request.Hardware.BasebBoard);
|
||||
device.DeviceDetails.BaseBoard(device, Request.Hardware.BasebBoard);
|
||||
if (Request.Hardware.ComputerSystem?.Count > 0)
|
||||
RepoDevice.DeviceDetails.ComputerSystem(RepoDevice, Request.Hardware.ComputerSystem);
|
||||
device.DeviceDetails.ComputerSystem(device, Request.Hardware.ComputerSystem);
|
||||
if (Request.Hardware.Processors?.Count > 0)
|
||||
RepoDevice.DeviceDetails.Processors(RepoDevice, Request.Hardware.Processors);
|
||||
device.DeviceDetails.Processors(device, Request.Hardware.Processors);
|
||||
if (Request.Hardware.PhysicalMemory?.Count > 0)
|
||||
RepoDevice.DeviceDetails.PhysicalMemory(RepoDevice, Request.Hardware.PhysicalMemory);
|
||||
device.DeviceDetails.PhysicalMemory(device, Request.Hardware.PhysicalMemory);
|
||||
if (Request.Hardware.DiskDrives?.Count > 0)
|
||||
RepoDevice.DeviceDetails.DiskDrives(RepoDevice, Request.Hardware.DiskDrives);
|
||||
device.DeviceDetails.DiskDrives(device, Request.Hardware.DiskDrives);
|
||||
if (Request.Hardware.NetworkAdapters?.Count > 0)
|
||||
RepoDevice.DeviceDetails.NetworkAdapters(RepoDevice, Request.Hardware.NetworkAdapters);
|
||||
device.DeviceDetails.NetworkAdapters(device, Request.Hardware.NetworkAdapters);
|
||||
if (Request.Hardware.Batteries?.Count > 0)
|
||||
RepoDevice.DeviceDetails.Batteries(RepoDevice, Request.Hardware.Batteries);
|
||||
device.DeviceDetails.Batteries(device, Request.Hardware.Batteries);
|
||||
|
||||
if (adMachineAccount == null)
|
||||
{
|
||||
if (RepoDevice.DeviceProfile.ProvisionADAccount)
|
||||
if (device.DeviceProfile.ProvisionADAccount)
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 50, "Provisioning an Active Directory Computer Account");
|
||||
|
||||
if (string.IsNullOrWhiteSpace(RepoDevice.DeviceProfile.OrganisationalUnit))
|
||||
if (string.IsNullOrWhiteSpace(device.DeviceProfile.OrganisationalUnit))
|
||||
throw new InvalidOperationException("No Organisational Unit has been set in the device profile");
|
||||
if (domain == null)
|
||||
domain = ActiveDirectory.Context.GetDomainFromDistinguishedName(RepoDevice.DeviceProfile.OrganisationalUnit);
|
||||
domain = ActiveDirectory.Context.GetDomainFromDistinguishedName(device.DeviceProfile.OrganisationalUnit);
|
||||
|
||||
if (string.IsNullOrEmpty(RepoDevice.DeviceDomainId) || RepoDevice.DeviceProfile.EnforceComputerNameConvention)
|
||||
RepoDevice.DeviceDomainId = RepoDevice.ComputerNameRender(Database, domain);
|
||||
else if (!ActiveDirectory.IsValidDomainAccountId(RepoDevice.DeviceDomainId))
|
||||
if (RepoDevice.DeviceProfile.EnforceComputerNameConvention)
|
||||
RepoDevice.DeviceDomainId = RepoDevice.ComputerNameRender(Database, domain);
|
||||
if (string.IsNullOrEmpty(device.DeviceDomainId) || device.DeviceProfile.EnforceComputerNameConvention)
|
||||
device.DeviceDomainId = device.ComputerNameRender(Database, domain);
|
||||
else if (!ActiveDirectory.IsValidDomainAccountId(device.DeviceDomainId))
|
||||
if (device.DeviceProfile.EnforceComputerNameConvention)
|
||||
device.DeviceDomainId = device.ComputerNameRender(Database, domain);
|
||||
else
|
||||
RepoDevice.DeviceDomainId = $@"{domain.NetBiosName}\{Request.ComputerName}";
|
||||
device.DeviceDomainId = $@"{domain.NetBiosName}\{Request.ComputerName}";
|
||||
|
||||
string offlineProvisionDiagnosicInfo;
|
||||
EnrolmentLog.LogSessionTaskProvisioningADAccount(sessionId, RepoDevice.SerialNumber, RepoDevice.DeviceDomainId);
|
||||
adMachineAccount = domainController.Value.RetrieveADMachineAccount(RepoDevice.DeviceDomainId);
|
||||
EnrolmentLog.LogSessionTaskProvisioningADAccount(sessionId, device.SerialNumber, device.DeviceDomainId);
|
||||
adMachineAccount = domainController.Value.RetrieveADMachineAccount(device.DeviceDomainId);
|
||||
|
||||
response.OfflineDomainJoinManifest = domainController.Value.OfflineDomainJoinProvision(RepoDevice.DeviceDomainId, RepoDevice.DeviceProfile.OrganisationalUnit, ref adMachineAccount, out offlineProvisionDiagnosicInfo);
|
||||
response.OfflineDomainJoinManifest = domainController.Value.OfflineDomainJoinProvision(device.DeviceDomainId, device.DeviceProfile.OrganisationalUnit, ref adMachineAccount, out offlineProvisionDiagnosicInfo);
|
||||
|
||||
EnrolmentLog.LogSessionDiagnosticInformation(sessionId, offlineProvisionDiagnosicInfo);
|
||||
|
||||
@@ -355,7 +352,7 @@ namespace Disco.Services.Devices.Enrolment
|
||||
response.ComputerName = adMachineAccount.Name;
|
||||
response.DomainName = adMachineAccount.Domain.NetBiosName;
|
||||
}
|
||||
else if (ActiveDirectory.IsValidDomainAccountId(RepoDevice.DeviceDomainId, out var accountUsername, out var accountDomain))
|
||||
else if (ActiveDirectory.IsValidDomainAccountId(device.DeviceDomainId, out var accountUsername, out var accountDomain))
|
||||
{
|
||||
response.DomainName = accountDomain == null ? null : accountDomain.NetBiosName;
|
||||
response.ComputerName = accountUsername;
|
||||
@@ -368,35 +365,35 @@ namespace Disco.Services.Devices.Enrolment
|
||||
}
|
||||
else
|
||||
{
|
||||
RepoDevice.DeviceDomainId = adMachineAccount.Id.Trim('$');
|
||||
device.DeviceDomainId = adMachineAccount.Id.Trim('$');
|
||||
response.ComputerName = adMachineAccount.Name;
|
||||
response.DomainName = adMachineAccount.Domain.NetBiosName;
|
||||
|
||||
// Enforce Computer Name Convention
|
||||
if (!adMachineAccount.IsCriticalSystemObject && RepoDevice.DeviceProfile.EnforceComputerNameConvention)
|
||||
if (!adMachineAccount.IsCriticalSystemObject && device.DeviceProfile.EnforceComputerNameConvention)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(RepoDevice.DeviceProfile.OrganisationalUnit))
|
||||
if (string.IsNullOrWhiteSpace(device.DeviceProfile.OrganisationalUnit))
|
||||
throw new InvalidOperationException("No Organisational Unit has been set in the device profile");
|
||||
if (domain == null)
|
||||
domain = ActiveDirectory.Context.GetDomainFromDistinguishedName(RepoDevice.DeviceProfile.OrganisationalUnit);
|
||||
domain = ActiveDirectory.Context.GetDomainFromDistinguishedName(device.DeviceProfile.OrganisationalUnit);
|
||||
|
||||
var calculatedComputerName = RepoDevice.ComputerNameRender(Database, domain);
|
||||
var calculatedComputerName = device.ComputerNameRender(Database, domain);
|
||||
string calculatedAccountUsername;
|
||||
ActiveDirectory.ParseDomainAccountId(calculatedComputerName, out calculatedAccountUsername);
|
||||
|
||||
if (!Request.ComputerName.Equals(calculatedAccountUsername, StringComparison.OrdinalIgnoreCase))
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 50, string.Format("Renaming Device: {0} -> {1}", Request.ComputerName, calculatedComputerName));
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 50, $"Renaming Device: {Request.ComputerName} -> {calculatedComputerName}");
|
||||
EnrolmentLog.LogSessionTaskRenamingDevice(sessionId, Request.ComputerName, calculatedComputerName);
|
||||
|
||||
RepoDevice.DeviceDomainId = calculatedComputerName;
|
||||
device.DeviceDomainId = calculatedComputerName;
|
||||
response.DomainName = domain.NetBiosName;
|
||||
response.ComputerName = calculatedAccountUsername;
|
||||
|
||||
// Create New Account
|
||||
string offlineProvisionDiagnosicInfo;
|
||||
|
||||
response.OfflineDomainJoinManifest = domainController.Value.OfflineDomainJoinProvision(RepoDevice.DeviceDomainId, RepoDevice.DeviceProfile.OrganisationalUnit, ref adMachineAccount, out offlineProvisionDiagnosicInfo);
|
||||
response.OfflineDomainJoinManifest = domainController.Value.OfflineDomainJoinProvision(device.DeviceDomainId, device.DeviceProfile.OrganisationalUnit, ref adMachineAccount, out offlineProvisionDiagnosicInfo);
|
||||
|
||||
EnrolmentLog.LogSessionDiagnosticInformation(sessionId, offlineProvisionDiagnosicInfo);
|
||||
|
||||
@@ -405,15 +402,15 @@ namespace Disco.Services.Devices.Enrolment
|
||||
}
|
||||
|
||||
// Enforce Organisational Unit
|
||||
if (!adMachineAccount.IsCriticalSystemObject && response.OfflineDomainJoinManifest == null && RepoDevice.DeviceProfile.EnforceOrganisationalUnit)
|
||||
if (!adMachineAccount.IsCriticalSystemObject && response.OfflineDomainJoinManifest == null && device.DeviceProfile.EnforceOrganisationalUnit)
|
||||
{
|
||||
var parentDistinguishedName = adMachineAccount.ParentDistinguishedName;
|
||||
if (string.IsNullOrWhiteSpace(RepoDevice.DeviceProfile.OrganisationalUnit))
|
||||
throw new InvalidOperationException(string.Format("The Organisational Unit for the Device Profile '{0}' [{1}] is not set.", RepoDevice.DeviceProfile.Name, RepoDevice.DeviceProfile.Id));
|
||||
if (string.IsNullOrWhiteSpace(device.DeviceProfile.OrganisationalUnit))
|
||||
throw new InvalidOperationException($"The Organisational Unit for the Device Profile '{device.DeviceProfile.Name}' [{device.DeviceProfile.Id}] is not set.");
|
||||
|
||||
if (!parentDistinguishedName.Equals(RepoDevice.DeviceProfile.OrganisationalUnit, StringComparison.OrdinalIgnoreCase)) // Custom OU
|
||||
if (!parentDistinguishedName.Equals(device.DeviceProfile.OrganisationalUnit, StringComparison.OrdinalIgnoreCase)) // Custom OU
|
||||
{
|
||||
var proposedDomain = ActiveDirectory.Context.GetDomainFromDistinguishedName(RepoDevice.DeviceProfile.OrganisationalUnit);
|
||||
var proposedDomain = ActiveDirectory.Context.GetDomainFromDistinguishedName(device.DeviceProfile.OrganisationalUnit);
|
||||
var currentDomain = ActiveDirectory.Context.GetDomainFromDistinguishedName(parentDistinguishedName);
|
||||
if (currentDomain != proposedDomain)
|
||||
throw new NotSupportedException("Unable to move the devices organisational unit when the source and destination domains are different.");
|
||||
@@ -422,9 +419,9 @@ namespace Disco.Services.Devices.Enrolment
|
||||
else if (domain != proposedDomain)
|
||||
throw new NotSupportedException("To many domains involved in this enrolment, contact support regarding your scenario.");
|
||||
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 65, string.Format("Moving Device Organisational Unit: {0} -> {1}", parentDistinguishedName, RepoDevice.DeviceProfile.OrganisationalUnit));
|
||||
EnrolmentLog.LogSessionTaskMovingDeviceOrganisationUnit(sessionId, parentDistinguishedName, RepoDevice.DeviceProfile.OrganisationalUnit);
|
||||
adMachineAccount.MoveOrganisationalUnit(domainController.Value, RepoDevice.DeviceProfile.OrganisationalUnit);
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 65, $"Moving Device Organisational Unit: {parentDistinguishedName} -> {device.DeviceProfile.OrganisationalUnit}");
|
||||
EnrolmentLog.LogSessionTaskMovingDeviceOrganisationUnit(sessionId, parentDistinguishedName, device.DeviceProfile.OrganisationalUnit);
|
||||
adMachineAccount.MoveOrganisationalUnit(domainController.Value, device.DeviceProfile.OrganisationalUnit);
|
||||
response.RequireReboot = true;
|
||||
}
|
||||
}
|
||||
@@ -438,27 +435,27 @@ namespace Disco.Services.Devices.Enrolment
|
||||
// Use non-Wlan Adapter with fastest speed
|
||||
var macAddress = Request.Hardware?.NetworkAdapters?.Where(na => !na.IsWlanAdapter).OrderByDescending(na => na.Speed).Select(na => na.MACAddress).FirstOrDefault();
|
||||
adMachineAccount.UpdateNetbootGUID(Request.Hardware.UUID, macAddress);
|
||||
if (RepoDevice.AssignedUser != null)
|
||||
adMachineAccount.SetDescription(RepoDevice);
|
||||
if (device.AssignedUser != null)
|
||||
adMachineAccount.SetDescription(device);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
EnrolmentLog.LogSessionWarning(sessionId, $"Unable to update AD Machine Account attributes: {ex.Message}");
|
||||
}
|
||||
}
|
||||
if (RepoDevice.DeviceProfile.DistributionType == DeviceProfile.DistributionTypes.OneToOne)
|
||||
if (device.DeviceProfile.DistributionType == DeviceProfile.DistributionTypes.OneToOne)
|
||||
{
|
||||
if (RepoDevice.AssignedUser == null)
|
||||
if (device.AssignedUser == null)
|
||||
{
|
||||
response.AllowBootstrapperUninstall = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 80, "Retrieving Active Directory Assigned User Account");
|
||||
ADUserAccount AssignedUserInfo = ActiveDirectory.RetrieveADUserAccount(RepoDevice.AssignedUser.UserId);
|
||||
EnrolmentLog.LogSessionTaskAssigningUser(sessionId, RepoDevice.SerialNumber, AssignedUserInfo.DisplayName, AssignedUserInfo.SamAccountName, AssignedUserInfo.Domain.NetBiosName, AssignedUserInfo.SecurityIdentifier.ToString());
|
||||
ADUserAccount AssignedUserInfo = ActiveDirectory.RetrieveADUserAccount(device.AssignedUser.UserId);
|
||||
EnrolmentLog.LogSessionTaskAssigningUser(sessionId, device.SerialNumber, AssignedUserInfo.DisplayName, AssignedUserInfo.SamAccountName, AssignedUserInfo.Domain.NetBiosName, AssignedUserInfo.SecurityIdentifier.ToString());
|
||||
response.AllowBootstrapperUninstall = true;
|
||||
response.AssignedUserIsLocalAdmin = RepoDevice.DeviceProfile.AssignedUserLocalAdmin;
|
||||
response.AssignedUserIsLocalAdmin = device.DeviceProfile.AssignedUserLocalAdmin;
|
||||
response.AssignedUserUsername = AssignedUserInfo.SamAccountName;
|
||||
response.AssignedUserDomain = AssignedUserInfo.Domain.NetBiosName;
|
||||
response.AssignedUserDescription = AssignedUserInfo.DisplayName;
|
||||
@@ -471,19 +468,19 @@ namespace Disco.Services.Devices.Enrolment
|
||||
}
|
||||
|
||||
// Provision Certificates
|
||||
if (!string.IsNullOrEmpty(RepoDevice.DeviceProfile.CertificateProviders) ||
|
||||
!string.IsNullOrEmpty(RepoDevice.DeviceProfile.CertificateAuthorityProviders))
|
||||
if (!string.IsNullOrEmpty(device.DeviceProfile.CertificateProviders) ||
|
||||
!string.IsNullOrEmpty(device.DeviceProfile.CertificateAuthorityProviders))
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 90, "Provisioning Certificates");
|
||||
|
||||
List<DeviceCertificate> provisionedCertificates;
|
||||
var provisionResult = RepoDevice.ProvisionCertificates(Database, Request, out provisionedCertificates);
|
||||
var provisionResult = device.ProvisionCertificates(Database, Request, out provisionedCertificates);
|
||||
|
||||
if (provisionedCertificates != null && provisionedCertificates.Count > 0)
|
||||
{
|
||||
foreach (var deviceCertificate in provisionedCertificates)
|
||||
{
|
||||
EnrolmentLog.LogSessionTaskProvisioningCertificate(sessionId, RepoDevice.SerialNumber, deviceCertificate.Name);
|
||||
EnrolmentLog.LogSessionTaskProvisioningCertificate(sessionId, device.SerialNumber, deviceCertificate.Name);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -491,17 +488,17 @@ namespace Disco.Services.Devices.Enrolment
|
||||
}
|
||||
|
||||
// Provision Wireless Profiles
|
||||
if (!string.IsNullOrEmpty(RepoDevice.DeviceProfile.WirelessProfileProviders))
|
||||
if (!string.IsNullOrEmpty(device.DeviceProfile.WirelessProfileProviders))
|
||||
{
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 95, "Provisioning Wireless Profiles");
|
||||
|
||||
var provisionResult = RepoDevice.ProvisionWirelessProfiles(Database, Request);
|
||||
var provisionResult = device.ProvisionWirelessProfiles(Database, Request);
|
||||
|
||||
if (provisionResult != null && provisionResult.Profiles != null)
|
||||
{
|
||||
foreach (var wirelessProfiles in provisionResult.Profiles)
|
||||
{
|
||||
EnrolmentLog.LogSessionTaskProvisioningWirelessProfile(sessionId, RepoDevice.SerialNumber, wirelessProfiles.Name);
|
||||
EnrolmentLog.LogSessionTaskProvisioningWirelessProfile(sessionId, device.SerialNumber, wirelessProfiles.Name);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -509,8 +506,8 @@ namespace Disco.Services.Devices.Enrolment
|
||||
}
|
||||
|
||||
// Reset 'AllowUnauthenticatedEnrol'
|
||||
if (RepoDevice.AllowUnauthenticatedEnrol)
|
||||
RepoDevice.AllowUnauthenticatedEnrol = false;
|
||||
if (device.AllowUnauthenticatedEnrol)
|
||||
device.AllowUnauthenticatedEnrol = false;
|
||||
|
||||
EnrolmentLog.LogSessionProgress(sessionId, 100, "Completed Successfully");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user