289 lines
8.2 KiB
C#
289 lines
8.2 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Text;
|
|
using System.Management.Automation;
|
|
using System.Management.Automation.Provider;
|
|
using System.Management.Automation.Runspaces;
|
|
using System.Security.Principal;
|
|
using System.DirectoryServices;
|
|
|
|
|
|
namespace Intel.Management.PSModule.Amt
|
|
{
|
|
|
|
[Cmdlet(VerbsData.ConvertTo, "Sid",
|
|
SupportsShouldProcess = true)]
|
|
public class ConvertToSid : PSCmdlet
|
|
{
|
|
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "Domain User Name")]
|
|
public string User
|
|
{
|
|
get { return _userName; }
|
|
set { _userName = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
if (_userName.ToUpper().StartsWith("LDAP://"))
|
|
{
|
|
DirectoryEntry entry = new DirectoryEntry(_userName);
|
|
byte[] sidData = (byte[])entry.Properties["objectSid"].Value;
|
|
SecurityIdentifier sec = new SecurityIdentifier(sidData.ToArray(), 0);
|
|
WriteObject(sec);
|
|
}
|
|
else
|
|
{
|
|
NTAccount account = new NTAccount(_userName);
|
|
SecurityIdentifier sec = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
|
|
WriteObject(sec);
|
|
}
|
|
}
|
|
|
|
private string _userName;
|
|
}
|
|
|
|
public enum UserDisplayFormat
|
|
{
|
|
Domain,
|
|
Ldap,
|
|
}
|
|
|
|
[Cmdlet(VerbsData.ConvertFrom, "Sid",
|
|
SupportsShouldProcess = true)]
|
|
public class ConvertFromSid : PSCmdlet
|
|
{
|
|
|
|
public ConvertFromSid()
|
|
{
|
|
_format = UserDisplayFormat.Domain;
|
|
}
|
|
|
|
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "Security Identifier in SDDL form")]
|
|
public string Sid
|
|
{
|
|
get { return _sddl; }
|
|
set { _sddl = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "User Display Format")]
|
|
public UserDisplayFormat Format
|
|
{
|
|
get { return _format; }
|
|
set { _format = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
SecurityIdentifier sec = new SecurityIdentifier(_sddl);
|
|
switch (_format)
|
|
{
|
|
case UserDisplayFormat.Domain:
|
|
NTAccount account = (NTAccount)sec.Translate(typeof(NTAccount));
|
|
WriteObject(account);
|
|
break;
|
|
case UserDisplayFormat.Ldap:
|
|
DirectorySearcher s = new DirectorySearcher("(objectSid=" + sec.Value + ")");
|
|
SearchResult sc = s.FindOne();
|
|
WriteObject(sc.Path);
|
|
break;
|
|
default:
|
|
throw new PSArgumentException();
|
|
}
|
|
|
|
}
|
|
|
|
private string _sddl;//Security descriptor definition form
|
|
private UserDisplayFormat _format;
|
|
}
|
|
|
|
|
|
public class AmtObject
|
|
{
|
|
|
|
DirectoryEntry _entry;
|
|
|
|
|
|
public AmtObject(DirectoryEntry entry)
|
|
{
|
|
}
|
|
|
|
public string Realm
|
|
{
|
|
get
|
|
{
|
|
char[] splits ={'\\'};
|
|
string[] names = _entry.Properties["canonicalName"].ToString().Split(splits,StringSplitOptions.RemoveEmptyEntries);
|
|
return names[0];
|
|
}
|
|
}
|
|
|
|
public string[] ServicePrinciple
|
|
{
|
|
get
|
|
{
|
|
return new string[0];
|
|
}
|
|
}
|
|
|
|
public string MasterKey
|
|
{
|
|
get
|
|
{
|
|
return "";
|
|
}
|
|
}
|
|
}
|
|
|
|
[Cmdlet(VerbsCommon.Remove, "MeObject",
|
|
SupportsShouldProcess = true)]
|
|
public class RemoveObjectCmd : PSCmdlet
|
|
{
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "Service Principal Name")]
|
|
public string SPN
|
|
{
|
|
get { return _spn; }
|
|
set { _spn = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 1, ValueFromPipeline = true,
|
|
HelpMessage = "Directory Container")]
|
|
public string Container
|
|
{
|
|
get { return _container; }
|
|
set { _container = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
DirectorySearcher searcher =null;
|
|
DirectoryEntry ouEntry =null;
|
|
if (_container !=null)
|
|
{
|
|
ouEntry = new DirectoryEntry(_container);
|
|
}
|
|
if (ouEntry != null)
|
|
{
|
|
searcher = new DirectorySearcher(ouEntry,"(servicePrincipalName=" + _spn + ")");
|
|
}
|
|
else
|
|
{
|
|
searcher = new DirectorySearcher("(servicePrincipalName=" + _spn +")");
|
|
}
|
|
foreach (SearchResult result in searcher.FindAll())
|
|
{
|
|
DirectoryEntry entry = new DirectoryEntry(result.Path);
|
|
DirectoryEntry parentEntry = entry.Parent;
|
|
parentEntry.Children.Remove(entry);
|
|
parentEntry.CommitChanges();
|
|
}
|
|
}
|
|
string _spn;
|
|
string _container;
|
|
}
|
|
|
|
|
|
|
|
|
|
[Cmdlet(VerbsCommon.New, "MeObject",
|
|
SupportsShouldProcess = true)]
|
|
public class CreateObjectCmd : PSCmdlet
|
|
{
|
|
|
|
[Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true,
|
|
HelpMessage = "hostName")]
|
|
public string ComputerName
|
|
{
|
|
get { return _host; }
|
|
set { _host = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true,
|
|
HelpMessage = "Directory Container")]
|
|
public string Container
|
|
{
|
|
get { return _container; }
|
|
set { _container = value; }
|
|
}
|
|
|
|
[Parameter(Mandatory = false, Position = 2, ValueFromPipeline = true,
|
|
HelpMessage = "Password")]
|
|
public string Passw0rd
|
|
{
|
|
get { return _password; }
|
|
set { _password = value; }
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
|
|
if (_container.IndexOf("=") < 0)
|
|
_container = "OU=" + _container;
|
|
|
|
if (!_container.ToUpper().StartsWith("LDAP://"))
|
|
_container = "LDAP://" + _container;
|
|
|
|
|
|
DirectoryEntry ouEntry = new DirectoryEntry(_container);
|
|
|
|
char[] splits = { '.' };
|
|
string[] hosts = _host.Split(splits,StringSplitOptions.RemoveEmptyEntries);
|
|
if (hosts.Length == 1)
|
|
{
|
|
int pos = ouEntry.Path.IndexOf(",DC=");
|
|
if (pos >= 0)
|
|
{
|
|
string domain = ouEntry.Path.Substring(pos);
|
|
domain = domain.Replace(",DC=", ".");
|
|
_host = _host + domain;
|
|
hosts = _host.Split(splits, StringSplitOptions.RemoveEmptyEntries);
|
|
}
|
|
}
|
|
|
|
|
|
DirectoryEntry newEntry = ouEntry.Children.Add("CN="+hosts[0], "Computer");
|
|
|
|
//makesure the object exsists
|
|
ouEntry.CommitChanges();
|
|
newEntry.CommitChanges();
|
|
|
|
|
|
object[] param = new object[1];
|
|
|
|
newEntry.AuthenticationType = AuthenticationTypes.Secure;
|
|
|
|
param[0] = _password;
|
|
newEntry.Invoke("SetPassword", param);
|
|
param[0] = 66172; //512
|
|
newEntry.InvokeSet("userAccountControl", param);
|
|
|
|
param[0] = hosts[0]+"$iME";
|
|
newEntry.InvokeSet("samAccountName", param);
|
|
|
|
object[] spns = new object[4];
|
|
spns[0] = "HTTP/" + _host + ":16992";
|
|
spns[1] = "HTTP/" + _host + ":16993";
|
|
spns[2] = "HTTP/" + _host + ":16994";
|
|
spns[3] = "HTTP/" + _host + ":16995";
|
|
param[0] = spns;
|
|
newEntry.InvokeSet("servicePrincipalName", param);
|
|
|
|
param[0] = false;
|
|
newEntry.InvokeSet("AccountDisabled", param);
|
|
newEntry.CommitChanges();
|
|
|
|
}
|
|
|
|
private string _container;
|
|
private string _host;
|
|
private string _password;
|
|
}
|
|
|
|
}
|