Given the name of a user in OS X, it is possible to query its Active Directory SID using the BSD membership functions.
However, when a local user name is provided on a machine that is not a member of a directory, an SID is also returned.
A solution for checking if the local logged-in user is a domain account is provided here, but this assumes that the user in question is that of the current session, which may not be the case. In addition, if the user is a mobile account (roaming), then a home directory is found and it returns incorrectly.
So, how would one check if a given username is a local or domain user where the username can be any name, including names used for local processes?
Using OpenDirectory API I've managed to achieve a similar task, here is the modified solution that would fit your query:
bool isDomainUser(std::string currentUser)
{
NSString *queryVal = [NSString stringWithUTF8String:currentUser.c_str()];
ODSession *session = [ODSession defaultSession];
ODNode *node = [ODNode nodeWithSession:session
type:kODNodeTypeAuthentication error:NULL];
ODQuery *query = [ODQuery queryWithNode:node forRecordTypes:kODRecordTypeUsers
attribute:kODAttributeTypeRecordName
matchType:kODMatchEqualTo
queryValues:queryVal
returnAttributes:kODAttributeTypeStandardOnly
maximumResults:0 error:NULL];
NSArray *records = [query resultsAllowingPartial:NO error:NULL];
for (ODRecord *record in records)
{
ODAttributeType type = #"dsAttrTypeStandard:OriginalAuthenticationAuthority";
NSArray *lines = [record valuesForAttribute:type error:nil];
if (lines)
{
for(NSString *line in lines)
{
if ([line hasPrefix:#"NetLogon"])
{
return true;
}
}
}
}
return false;
}
Related
Dear smart developers out there,
I encounter a problem when I want to create a contact belonging to an organization in Microsoft Dynamics CRM 2013 via web services
client = new OrganizationServiceClient("CustomBinding_IOrganizationService");
var newContactProperties = new Dictionary<string, object> {
{ "lastname", "TestContact"},
{ "firstname", "A"},
{ "fullname", "A TestContact"}
};
/* organizationType is a CRM.CRMWebServices.OptionSetValue
* with ExtensionData null, PropertyChanged null and a valid Value
*
* orgReference is a CRM.CRMWebServices.EntityReference
* with a valid Id
*/
newContactProperties.Add("parentcustomeridtype", organizationType);
newContactProperties.Add("parentcustomerid", orgReference);
var entity = new Entity();
entity.LogicalName = "contact";
entity.Attributes = new AttributeCollection();
entity.Attributes.AddRange(newContactProperties);
client.Create(entity);
This gives me error 'Attribute parentcustomeridtype must not be NULL if attribute parentcustomerid is not NULL'
I am puzzled why this happens and how I can solve this problem. Please help me if you can.
Thank you,
AllWorkNoPlay
You don't need to set "parentcustomeridtype" attribute separately. It's a system field, will be set by platform and in parentcustomerid exists for legacy reason, when it was Customer type in earlier versions of Dynamics CRM.
You need to specify only EntityReference in lookup field.
newContactProperties.Add("parentcustomerid", new EntityReference("account", new Guid("{accountid guid}")));
Also it's not clear what type you use in "orgReference" field. For contact valid entity types should be "account" or "contact".
thank you for the answers, I did not manage to get it right using web services this way.
I tried using Early Bound access with success:
Generated proxy objects using https://xrmearlyboundgenerator.codeplex.com/
Added line [assembly: Microsoft.Xrm.Sdk.Client.ProxyTypesAssemblyAttribute()] to assemblyInfo to have Intellisense available (even for customized fields)
Now I manage to create a contact and assign it to an organization (something like this):
var contact = new Contact()
{
FirstName = "Bob",
LastName = "Dobalina",
Address1_Line1 = "123 Strasse",
Address1_City = "Berlin",
Address1_PostalCode = "32254",
Telephone1 = "425-555-5678",
EMailAddress1 = "bob.dobalina#germany.de"
};
var account = new Account()
{
Name = "Siemens Germany",
};
context.AddObject(contact);
context.AddObject(account);
context.AddLink(account, "contact_customer_accounts", contact);
context.SaveChanges();
}
I am trying to update a record in one of my Azure Mobile tables using the “update” function in the azure mobile C++ header. But I get an exception. Below is what my code looks like:
void DBUtils::DBQuestion::UpdateQuestionInTable(std::shared_ptr<azure::mobile::table> table)
{
auto obj = json::value::object();
obj[U("id")] = json::value::string(ID);
obj[U("QuestionText")] = json::value::string(QuestionText);
obj[U("AnswerLatitude")] = json::value::number(AnswerLatitude);
obj[U("AnswerLongitude")] = json::value::number(AnswerLongitude);
table->update(obj);
}
I have verified that the ID above is a valid one actually present in the table. A similar insert operation (which doesn’t specify the ID field) actually succeeds:
void DBUtils::DBQuestion::InsertIntoTable(std::shared_ptr<azure::mobile::table> table)
{
auto obj = json::value::object();
obj[U("QuestionText")] = json::value::string(QuestionText);
obj[U("AnswerLatitude")] = json::value::number(AnswerLatitude);
obj[U("AnswerLongitude")] = json::value::number(AnswerLongitude);
table->insert(obj);
}
What am I doing wrong?
Azure Mobile recently updated its table schema so that the Id field is now a string, which gets filled in by the server with a Guid value if the client doesn’t set it.
This change has introduced a bug in the C++ library. As a workaround, you can try calling the other overload for update, the one that takes the ID string and the object.
void DBUtils::DBQuestion::UpdateQuestionInTable(utility::string_t id, std::shared_ptr<azure::mobile::table> table)
{
auto obj = json::value::object();
obj[U("QuestionText")] = json::value::string(QuestionText);
obj[U("AnswerLatitude")] = json::value::number(AnswerLatitude);
obj[U("AnswerLongitude")] = json::value::number(AnswerLongitude);
ID = id;
table->update(ID, obj);
}
I am creating a query inside a function. Everything works fine until this line:
ulist = new query();
Then I get the error:
Could not find the ColdFusion component or interface query.
Code:
//GET USERS LISTS
remote query function getUserLists(userid) {
//CONFIGURE twitter4j
init();
//DEFINE USER LIST QUERY
var userLists = querynew("id, name, member_count", "Integer, VarChar, Integer");
//GET THE USER LISTS
getLists = t4j.getUserLists(#arguments.userid#);
//BUILD THE USER LIST QUERY
for (i=1;i LTE ArrayLen(getLists);i=i+1) {
newRecord = queryAddRow(userLists);
newRecord = querySetCell(userLists, "id", getLists[i].getId());
newRecord = querySetCell(userLists, "name", getLists[i].getName());
newRecord = querySetCell(userLists, "member_count", getLists[i].getMemberCount());
}
//SORT THE USER LIST BY NAME
ulist = new query();
ulist.setDBType("query");
ulist.setAttributes(sourceQuery=userLists);
ulist.setSQL("select * from sourceQuery order by name");
userListsSorted = ulist.execute().getresult();
//RETURN THE SORTED USER LIST QUERY
return userListsSorted;
}
As per Twitter, make sure you have a custom tag path pointing to [instance]/customtags - which should be there by default. You could use a mapping, pointing to one of the subdirectories within that [instance]/customtags directory, eg: /coldfusion pointing to [instance]\CustomTags\com\adobe\coldfusion, then use:
ulist = new coldfusion.query();
// etc
I'd just use the custom tag directory approach though.
Try using the full path:
ulist = new com.adobe.coldfusion.query()
I must be doing something wrong. I can't seem to find the answer to my problem anywhere on the Web, and this generally means that the solution is so simple that no one needs an answer on it.
I am using a database to store my session. I set it up in my bootstrap like this:
protected function _initDBSessions(){
$resource = $this->getPluginResource('db'); //from config.ini?
$db = $resource->getOptions();
$adapter = new Zend_Db_Adapter_Pdo_Mysql($db["params"]);
Zend_Db_Table_Abstract::setDefaultAdapter($adapter);
$config = array('name'=>'sessions','primary'=>'id','modifiedColumn'=>'modified','dataColumn'=>'data','lifetimeColumn'=>'lifetime');
$options = array(
"strict"=>FALSE,
"name"=>"eCubed",
"use_cookies"=>FALSE
);
Zend_Session::setOptions($options);
Zend_Session::setSaveHandler(new Zend_Session_SaveHandler_DbTable($config));
}
Next in my bootstrap is my plugin setup
protected function _initPlugins(){
Zend_Controller_Front::getInstance()->registerPlugin(new Acl_Acl());
}
My Acl_Acl looks like this:
class Acl_Acl extends Zend_Controller_Plugin_Abstract{
public function preDispatch(Zend_controller_request_abstract $request){
$acl = new Zend_Acl();
//add roles
$acl->addRole(new Zend_Acl_Role(Acl_Levels::$GUEST));
$acl->addRole(new Zend_Acl_Role(Acl_Levels::$BASIC),Acl_Levels::$GUEST);
$acl->addRole(new Zend_Acl_Role(Acl_Levels::$SHOP),Acl_Levels::$BASIC);
$acl->addRole(new Zend_Acl_Role(Acl_Levels::$OFFICE),Acl_Levels::$SHOP);
$acl->addRole(new Zend_Acl_Role(Acl_Levels::$EXECUTIVE),Acl_Levels::$OFFICE);
$acl->addRole(new Zend_Acl_Role(Acl_Levels::$OWNER));
$acl->addRole(new Zend_Acl_Role(Acl_Levels::$ADMIN),Acl_Levels::$OWNER);
//add resources
$acl->addResource("index");
$acl->addResource("authenticate");
$acl->addResource("error");
$acl->addResource("employees");
$acl->addResource("mold");
$acl->addResource("search");
$acl->addResource("shop");
$acl->addResource("user");
//access rules
$acl->allow(null,array('index','error','authenticate')); //default resources
//Guest member access
$acl->allow(Acl_Levels::$GUEST,'mold',array('index','list-molds'));
$acl->allow(Acl_Levels::$GUEST,'user',array('index','login','new-profile','my-profile'));
//SHOP Member Access
$acl->allow(Acl_Levels::$BASIC,'mold',array('get-mold','get-part','get-order','get-orders','get-parts','print-mold-labels','print-part-labels'));
$acl->allow(Acl_Levels::$BASIC,'user',array('my-profile','profile'));
//OFFICE Member Access
//EXECUTIVE Member Access
//OWNER Member Access
//ADMIN Member Access
//current user
if(Zend_Auth::getInstance()->hasIdentity()){
$level = Zend_Auth::getInstance()->getIdentity()->level;
} else {
$level = Acl_Levels::$GUEST;
}
$conroller = $request->controller;
$action = $request->action;
try {
if(!$acl->isAllowed($level,$conroller,$action)){
$request->setControllerName('application-error');
$request->setActionName('not-authorized');
}
} catch (Exception $e){
$request->setControllerName("application-error");
$request->setActionName("error");
$error = new Zend_Controller_Plugin_ErrorHandler();
$error->type = Zend_Controller_Plugin_ErrorHandler::EXCEPTION_OTHER;
$error->request = clone($request);
$error->exception = $e;
$request->setParam('error_handler',$error);
}
}
}
My Authentication Controller has the following action:
public function loginAction(){
$this->_helper->viewRenderer->setNoRender(TRUE);
$loginForm = new Form_Login();
$form = $loginForm->getLoginForm();
$form->setAction("/authenticate/login");
if($this->getRequest()->isPost()){
if($form->isValid($_POST)){
$email = $form->getValue('email');
$pass = $form->getValue('password');
$authAdapter = $this->getAuthAdapter();
$authAdapter ->setIdentity($email)
->setCredential($pass);
$result = Zend_Auth::getInstance()->authenticate($authAdapter);
if($result->isValid()){
$omit = array('password','timestamp','temp_password','active','created');
$identity = $authAdapter->getResultRowObject(NULL,$omit);
$authStorage = Zend_Auth::getInstance()->getStorage();
$authStorage->write($identity);
$nickname = $identity->nickname ? $identity->nickname : $identity->first_name;
$this->_helper->flashMessenger("Welcome back $nickname");
//Zend_Debug::dump($identity); exit;
$this->_redirect("/");
} else {
$this->_helper->flashMessenger("Unable to log you in. Please try again");
$this->_redirect("/");
}
}
}
}
My Database Structure:
id : int
modified: int
lifetime: int
data: text
All is well, right? Well, no...
First of all, a session is created every time someone who is not logged in refreshes or navigates to a page. This is acceptable, I guess...
The problem I have is that when I do finally log in, I can see that the database is storing the Zend_Auth identity and Flashmessenger perfectly, BUT ...
... IT IS ALSO CREATING A PHANTOM ROW IN THE DATABASE AS IF A NON-LOGGED IN USER IS NAVIGATING THE WEBSITE....
This makes authentication impossible because when the user is redirected the "Profile" page, for example, Zend is looking at the phantom session data which contains absolutely no data!
Below is the information stored in the Zend_Session database table as proof that stuff is stored:
Zend_Auth|a:1:{s:7:"storage";O:8:"stdClass":7:{s:2:"id";s:1:"2";s:5:"email";s:17:"wes#****.com";s:10:"first_name";s:6:"Wesley";s:9:"last_name";s:7:"*";s:5:"level";s:5:"basic";s:8:"nickname";s:3:"Wes";s:9:"lastlogin";s:19:"2011-07-14 19:30:36";}}__ZF|a:1:{s:14:"FlashMessenger";a:1:{s:4:"ENNH";i:1;}}FlashMessenger|a:1:{s:7:"default";a:1:{i:0;s:16:"Welcome back Wes";}}
This has been driving me nuts for 2 days now. I am under the impression that Zend_Session automatically uses only 1 session to store data, but these multiple entries are driving me mad!!
I hope I've given someone enough information to work off of.
I figured out this problem...
As expected, the solution was a simple typo...
I don't know how to dramatically write the answer here, but the problem was...
My Database table, called "sessions" had the wrong data type.
The datatype for the id column was set to "int" (11)
instead it should be set to "char" (32)
DUH! I hope the 4 days I spent on this problem helps someone else out!
Using the SQL Server Reporting Services Web Service, how can I determine the permissions of a particular domain user for a particular report? The user in question is not the user that is accessing the Web Service.
I am accessing the Web Service using a domain service account (lets say MYDOMAIN\SSRSAdmin) that has full permissions in SSRS. I would like to programmatically find the permissions of a domain user (lets say MYDOMAIN\JimBob) for a particular report.
The GetPermissions() method on the Web Service will return a list of permissions that the current user has (MYDOMAIN\SSRSAdmin), but that is not what I'm looking for. How can I get this same list of permissions for MYDOMAIN\JimBob? I will not have the user's domain password, so using their credentials to call the GetPermissions() method is not an option. I am however accessing this from an account that has full permissions, so I would think that theoretically the information should be available to it.
SSRS gets the NT groups from the users' NT login token. This is why when you are added to a new group, you are expected to log out and back in. The same applies to most Windows checks (SQL Server, shares, NTFS etc).
If you know the NT group(s)...
You can query the ReportServer database directly. I've lifted this almost directly out of one of our reports which we use to check folder security (C.Type = 1). Filter on U.UserName.
SELECT
R.RoleName,
U.UserName,
C.Path
FROM
ReportServer.dbo.Catalog C WITH (NOLOCK) --Parent
JOIN
ReportServer.dbo.Policies P WITH (NOLOCK) ON C.PolicyID = P.PolicyID
JOIN
ReportServer.dbo.PolicyUserRole PUR WITH (NOLOCK) ON P.PolicyID = PUR.PolicyID
JOIN
ReportServer.dbo.Users U WITH (NOLOCK) ON PUR.UserID = U.UserID
JOIN
ReportServer.dbo.Roles R WITH (NOLOCK) ON PUR.RoleID = R.RoleID
WHERE
C.Type = 1
look into "GetPolicies Method" you can see at the following link.
http://msdn.microsoft.com/en-us/library/reportservice2010.reportingservice2010.getpolicies.aspx
Hopefully this will get you started. I use it when copying Folder structure, and Reports from an old server to a new server when I want to 'migrate' my SSRS items from the Source to the Destination Server. It is a a Method to Get the Security Policies for an item on one server, and then set the Security Policies for an identical item on another server, after I have copied the item from the Source Server to the Destination Server. You have to set your own Source and Destination Server Names.
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Web.Services.Protocols; //<=== required for SoapException
namespace SSRS_WebServices_Utility
{
internal static class TEST
{
internal static void GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination(string itemPath)
{
string sSourceServer = "SOURCE-ServerName";
Source_ReportService2010.ReportingService2010 sourceRS = new Source_ReportService2010.ReportingService2010();
sourceRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
sourceRS.Url = #"http://" + sSourceServer + "/reportserver/reportservice2010.asmx";
string sDestinationServer = "DESTINATION-ServerName";
Destination_ReportService2010.ReportingService2010 DestinationRS = new Destination_ReportService2010.ReportingService2010();
DestinationRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
DestinationRS.Url = #"http://" + sDestinationServer + "/reportserver/reportservice2010.asmx";
Boolean val = true;
Source_ReportService2010.Policy[] curPolicy = null;
Destination_ReportService2010.Policy[] newPolicy = null;
try
{
curPolicy = new Source_ReportService2010.Policy[1];
curPolicy = sourceRS.GetPolicies(itemPath, out val); //e.g. of itemPath: "/B2W/001_OLD_PuertoRicoReport"
//DestinationRS.SetPolicies(itemPath, newPolicy);
int iCounter = 0;
//int iMax = curPolicy.Length;
newPolicy = new Destination_ReportService2010.Policy[curPolicy.Length];
foreach (Source_ReportService2010.Policy p in curPolicy)
{
//create the Policy
Destination_ReportService2010.Policy pNew = new Destination_ReportService2010.Policy();
pNew.GroupUserName = p.GroupUserName;
pNew.GroupUserName = p.GroupUserName;
Destination_ReportService2010.Role rNew = new Destination_ReportService2010.Role();
rNew.Description = p.Roles[0].Description;
rNew.Name = p.Roles[0].Name;
//create the Role, which is part of the Policy
pNew.Roles = new Destination_ReportService2010.Role[1];
pNew.Roles[0]=rNew;
newPolicy[iCounter] = pNew;
iCounter += 1;
}
DestinationRS.SetPolicies(itemPath, newPolicy);
Debug.Print("whatever");
}
catch (SoapException ex)
{
Debug.Print("SoapException: " + ex.Message);
}
catch (Exception Ex)
{
Debug.Print("NON-SoapException: " + Ex.Message);
}
finally
{
if (sourceRS != null)
sourceRS.Dispose();
if (DestinationRS != null)
DestinationRS.Dispose();
}
}
}
}
To invoke it use the following:
TEST.GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination("/FolderName/ReportName");
Where you have to put your own SSRS Folder Name and Report Name, i.e. the Path to the item.
In fact I use a method that loops through all the items in the Destination folder that then calls the method like this:
internal static void CopyTheSecurityPolicyFromSourceToDestinationForAllItems_2010()
{
string sDestinationServer = "DESTINATION-ServerName";
Destination_ReportService2010.ReportingService2010 DestinationRS = new Destination_ReportService2010.ReportingService2010();
DestinationRS.Credentials = System.Net.CredentialCache.DefaultCredentials;
DestinationRS.Url = #"http://" + sDestinationServer + "/reportserver/reportservice2010.asmx";
// Return a list of catalog items in the report server database
Destination_ReportService2010.CatalogItem[] items = DestinationRS.ListChildren("/", true);
// For each FOLDER, debug Print some properties
foreach (Destination_ReportService2010.CatalogItem ci in items)
{
{
Debug.Print("START----------------------------------------------------");
Debug.Print("Object Name: " + ci.Name);
Debug.Print("Object Type: " + ci.TypeName);
Debug.Print("Object Path: " + ci.Path);
Debug.Print("Object Description: " + ci.Description);
Debug.Print("Object ID: " + ci.ID);
Debug.Print("END----------------------------------------------------");
try
{
GetPoliciesForAnItem_from_Source_ThenSetThePolicyForTheItem_on_Destination(ci.Path);
}
catch (SoapException e)
{
Debug.Print("SoapException START----------------------------------------------------");
Debug.Print(e.Detail.InnerXml);
Debug.Print("SoapException END----------------------------------------------------");
}
catch (Exception ex)
{
Debug.Print("ERROR START----------------------------------------------------");
Debug.Print(ex.GetType().FullName);
Debug.Print(ex.Message);
Debug.Print("ERROR END----------------------------------------------------");
}
}
}
}