jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

maintenance: AD integration refactoring

Browse Source
This commit is contained in:
Gary Sharp
2022-12-04 13:26:58 +11:00
parent 261baf669e
commit 99be87ed9c
8 changed files with 272 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Services/Interop/ActiveDirectory/ADGroup.cs
+48 -5
View File
@@ -7,7 +7,7 @@ namespace Disco.Services.Interop.ActiveDirectory
{
public class ADGroup : IADObject
{
internal static readonly string[] LoadProperties = { "name", "distinguishedName", "sAMAccountName", "objectSid", "memberOf" };
internal static readonly string[] LoadProperties = { "name", "distinguishedName", "sAMAccountName", "objectSid", "memberOf", "member" };
internal static string LdapSearchFilterTemplate = "(&(objectCategory=Group)(|(sAMAccountName={0}*)(name={0}*)(cn={0}*)))";
internal const string LdapSamAccountNameFilterTemplate = "(&(objectCategory=Group)(sAMAccountName={0}))";
internal const string LdapSecurityIdentifierFilterTemplate = "(&(objectCategory=Group)(objectSid={0}))";
@@ -23,11 +23,13 @@ namespace Disco.Services.Interop.ActiveDirectory
public string Name { get; private set; }
public string DisplayName { get { return Name; } }
public List<string> MemberOf { get; private set; }
public List<string> MemberOf { get; }
public List<string> Members { get; }
public Dictionary<string, object[]> LoadedProperties { get; private set; }
private ADGroup(ADDomain Domain, string DistinguishedName, SecurityIdentifier SecurityIdentifier, string SamAccountName, string Name, List<string> MemberOf, Dictionary<string, object[]> LoadedProperties)
private ADGroup(ADDomain Domain, string DistinguishedName, SecurityIdentifier SecurityIdentifier, string SamAccountName, string Name, List<string> MemberOf, List<string> Members, Dictionary<string, object[]> LoadedProperties)
{
this.Domain = Domain;
this.DistinguishedName = DistinguishedName;
@@ -35,6 +37,7 @@ namespace Disco.Services.Interop.ActiveDirectory
this.SamAccountName = SamAccountName;
this.Name = Name;
this.MemberOf = MemberOf;
this.Members = Members;
this.LoadedProperties = LoadedProperties;
}
@@ -48,6 +51,7 @@ namespace Disco.Services.Interop.ActiveDirectory
var sAMAccountName = SearchResult.Value<string>("sAMAccountName");
var objectSid = new SecurityIdentifier(SearchResult.Value<byte[]>("objectSid"), 0);
var memberOf = SearchResult.Values<string>("memberOf").ToList();
var members = SearchResult.Values<string>("member").ToList();
// Additional Properties
Dictionary<string, object[]> additionalProperties;
@@ -60,7 +64,7 @@ namespace Disco.Services.Interop.ActiveDirectory
additionalProperties = new Dictionary<string, object[]>();
}
return new ADGroup(SearchResult.Domain, distinguishedName, objectSid, sAMAccountName, name, memberOf, additionalProperties);
return new ADGroup(SearchResult.Domain, distinguishedName, objectSid, sAMAccountName, name, memberOf, members, additionalProperties);
}
public static ADGroup FromDirectoryEntry(ADDirectoryEntry DirectoryEntry, string[] AdditionalProperties)
@@ -75,6 +79,7 @@ namespace Disco.Services.Interop.ActiveDirectory
var sAMAccountName = properties.Value<string>("sAMAccountName");
var objectSid = new SecurityIdentifier(properties.Value<byte[]>("objectSid"), 0);
var memberOf = properties.Values<string>("memberOf").ToList();
var members = properties.Values<string>("member").ToList();
Dictionary<string, object[]> additionalProperties;
if (AdditionalProperties != null)
@@ -86,7 +91,7 @@ namespace Disco.Services.Interop.ActiveDirectory
additionalProperties = new Dictionary<string, object[]>();
}
return new ADGroup(DirectoryEntry.Domain, distinguishedName, objectSid, sAMAccountName, name, memberOf, additionalProperties);
return new ADGroup(DirectoryEntry.Domain, distinguishedName, objectSid, sAMAccountName, name, memberOf, members, additionalProperties);
}
[Obsolete("Use generic equivalents: GetPropertyValue<T>(string PropertyName)")]
@@ -113,6 +118,8 @@ namespace Disco.Services.Interop.ActiveDirectory
return new SecurityIdentifier[] { SecurityIdentifier }.OfType<T>();
case "memberof":
return MemberOf.OfType<T>();
case "member":
return Members.OfType<T>();
default:
object[] adProperty;
if (LoadedProperties.TryGetValue(PropertyName, out adProperty))
@@ -122,6 +129,42 @@ namespace Disco.Services.Interop.ActiveDirectory
}
}
public IEnumerable<ADUserAccount> GetUserMembersRecursive()
{
var foundGroups = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
return GetUserMembersRecursive(foundGroups);
}
private IEnumerable<ADUserAccount> GetUserMembersRecursive(HashSet<string> foundGroups)
{
if (!foundGroups.Add(DistinguishedName))
yield break;
var memberGroups = new List<ADGroup>();
foreach (var memberDn in Members)
{
if (foundGroups.Contains(memberDn))
continue;
var adObject = ActiveDirectory.RetrieveADObjectByDistinguishedName(memberDn, true);
if (adObject == null)
continue;
else if (adObject is ADGroup group)
memberGroups.Add(group);
else if (adObject is ADUserAccount adUser)
yield return adUser;
}
foreach (var group in memberGroups)
{
if (foundGroups.Contains(group.DistinguishedName))
continue;
foreach (var adUser in group.GetUserMembersRecursive(foundGroups))
yield return adUser;
}
}
public override string ToString()
{
return Id;