public static MaintainUsersTDS LoadUsersAndModulePermissions()
{
TDBTransaction ReadTransaction = null;
MaintainUsersTDS ReturnValue = new MaintainUsersTDS();
DBAccess.GDBAccessObj.GetNewOrExistingAutoReadTransaction(IsolationLevel.ReadCommitted,
TEnforceIsolationLevel.eilMinimum,
ref ReadTransaction,
delegate
{
SUserAccess.LoadAll(ReturnValue, ReadTransaction);
SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, ReadTransaction);
SModuleAccess.LoadAll(ReturnValue, ReadTransaction);
});
// Remove Password Hash and Password 'Salt' before passing it out to the caller - these aren't needed
// and it is better to not hand them out needlessly to prevent possible 'eavesdropping' by an attacker
// (who could otherwise gather the Password Hashes and Password 'Salts' of all users in one go if the
// attacker manages to listen to network traffic). (#5502)!
foreach (var UserRow in ReturnValue.SUser.Rows)
{
((SUserRow)UserRow).PasswordHash = "****************";
((SUserRow)UserRow).PasswordSalt = "****************";
}
ReturnValue.AcceptChanges();
return(ReturnValue);
}
private TSubmitChangesResult StoreManualCode(ref MaintainUsersTDS ASubmitDS, out TVerificationResultCollection AVerificationResult)
{
AVerificationResult = new TVerificationResultCollection();
TSubmitChangesResult Result = TRemote.MSysMan.Maintenance.WebConnectors.SaveSUser(ref ASubmitDS);
if (Result == TSubmitChangesResult.scrOK)
{
MessageBox.Show(Catalog.GetString("Changes to users will take effect at next login."),
Catalog.GetString("Maintain Users"));
// Reload the grid after every successful save. (This will add new password's hash and salt to the table.)
Int32 rowIdx = GetSelectedRowIndex();
FPreviouslySelectedDetailRow = null;
LoadUsers();
grdDetails.SelectRowWithoutFocus(rowIdx);
ASubmitDS = FMainDS;
btnChangePassword.Enabled = true;
txtDetailPasswordHash.Enabled = false;
}
return(Result);
}
private TSubmitChangesResult StoreManualCode(ref MaintainUsersTDS ASubmitDS, out TVerificationResultCollection AVerificationResult)
{
AVerificationResult = new TVerificationResultCollection();
TSubmitChangesResult Result = TRemote.MSysMan.Maintenance.WebConnectors.SaveSUser(ref ASubmitDS,
TClientInfo.ClientComputerName, TClientInfo.ClientIPAddress);
if (Result == TSubmitChangesResult.scrOK)
{
if (FChangesForCurrentUser)
{
MessageBox.Show(Catalog.GetString("If you made any changes to your user they will only take effect at the next login!"),
Catalog.GetString("Maintain Users: Saving of Data Successful"),
MessageBoxButtons.OK, MessageBoxIcon.Information);
}
// Reload the grid after every successful save. (This will add new password's hash and salt to the table.)
Int32 rowIdx = GetSelectedRowIndex();
FPreviouslySelectedDetailRow = null;
LoadUsers();
grdDetails.SelectRowWithoutFocus(rowIdx);
ASubmitDS = FMainDS;
btnResetPassword.Enabled = true;
txtDetailPasswordHash.Enabled = false;
}
return(Result);
}
public static MaintainUsersTDS LoadUsersAndModulePermissions()
{
MaintainUsersTDS ReturnValue = null;
Boolean NewTransaction;
TDBTransaction Transaction = DBAccess.GDBAccessObj.GetNewOrExistingTransaction(IsolationLevel.ReadCommitted,
TEnforceIsolationLevel.eilMinimum, out NewTransaction);
try
{
ReturnValue = new MaintainUsersTDS();
SUserAccess.LoadAll(ReturnValue, Transaction);
SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, Transaction);
SModuleAccess.LoadAll(ReturnValue, Transaction);
}
catch (Exception e)
{
TLogging.Log(e.Message);
TLogging.Log(e.StackTrace);
ReturnValue = null;
}
if (NewTransaction)
{
DBAccess.GDBAccessObj.RollbackTransaction();
}
return(ReturnValue);
}
public static MaintainUsersTDS LoadUsersAndModulePermissions()
{
TDBTransaction ReadTransaction = null;
MaintainUsersTDS ReturnValue = new MaintainUsersTDS();
DBAccess.GDBAccessObj.GetNewOrExistingAutoReadTransaction(IsolationLevel.ReadCommitted,
TEnforceIsolationLevel.eilMinimum,
ref ReadTransaction,
delegate
{
SUserAccess.LoadAll(ReturnValue, ReadTransaction);
SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, ReadTransaction);
SModuleAccess.LoadAll(ReturnValue, ReadTransaction);
});
return(ReturnValue);
}
public static TSubmitChangesResult SaveSUser(ref MaintainUsersTDS ASubmitDS)
{
TSubmitChangesResult ReturnValue = TSubmitChangesResult.scrError;
bool CanCreateUser;
bool CanChangePassword;
bool CanChangePermissions;
GetAuthenticationFunctionality(out CanCreateUser, out CanChangePassword, out CanChangePermissions);
// make sure users are not deleted or added if this is not possible
if (!CanCreateUser && (ASubmitDS.SUser != null))
{
Int32 Counter = 0;
while (Counter < ASubmitDS.SUser.Rows.Count)
{
if (ASubmitDS.SUser.Rows[Counter].RowState != DataRowState.Modified)
{
ASubmitDS.SUser.Rows.RemoveAt(Counter);
}
else
{
Counter++;
}
}
}
if (!CanChangePermissions && (ASubmitDS.SUserModuleAccessPermission != null))
{
ASubmitDS.SUserModuleAccessPermission.Clear();
}
// TODO: if user module access permissions have changed, automatically update the table access permissions?
if (ASubmitDS.SUser != null)
{
foreach (SUserRow user in ASubmitDS.SUser.Rows)
{
// for new users: create users on the alternative authentication method
if (user.RowState == DataRowState.Added)
{
CreateUser(user.UserId, user.PasswordHash, user.FirstName, user.LastName, string.Empty);
user.AcceptChanges();
}
// If a password has been added for the first time there will be a (unecrypted) password and no salt.
// Create salt and hash.
else if ((user.PasswordHash.Length > 0) && user.IsPasswordSaltNull())
{
user.PasswordSalt = PasswordHelper.GetNewPasswordSalt();
user.PasswordHash = PasswordHelper.GetPasswordHash(user.PasswordHash, user.PasswordSalt);
user.PasswordNeedsChange = true;
}
}
}
try
{
MaintainUsersTDSAccess.SubmitChanges(ASubmitDS);
ReturnValue = TSubmitChangesResult.scrOK;
}
catch (Exception e)
{
TLogging.Log(e.Message);
TLogging.Log(e.StackTrace);
ReturnValue = TSubmitChangesResult.scrError;
}
return(ReturnValue);
}
public static TSubmitChangesResult SaveSUser(ref MaintainUsersTDS ASubmitDS)
{
TSubmitChangesResult ReturnValue = TSubmitChangesResult.scrError;
bool CanCreateUser;
bool CanChangePassword;
bool CanChangePermissions;
GetAuthenticationFunctionality(out CanCreateUser, out CanChangePassword, out CanChangePermissions);
// make sure users are not deleted or added if this is not possible
if (!CanCreateUser && (ASubmitDS.SUser != null))
{
Int32 Counter = 0;
while (Counter < ASubmitDS.SUser.Rows.Count)
{
if (ASubmitDS.SUser.Rows[Counter].RowState != DataRowState.Modified)
{
ASubmitDS.SUser.Rows.RemoveAt(Counter);
}
else
{
Counter++;
}
}
}
if (!CanChangePermissions && (ASubmitDS.SUserModuleAccessPermission != null))
{
ASubmitDS.SUserModuleAccessPermission.Clear();
}
// TODO: if user module access permissions have changed, automatically update the table access permissions?
if (ASubmitDS.SUser != null)
{
foreach (SUserRow user in ASubmitDS.SUser.Rows)
{
// for new users: create users on the alternative authentication method
if (user.RowState == DataRowState.Added)
{
CreateUser(user.UserId, user.PasswordHash, user.FirstName, user.LastName, string.Empty);
user.AcceptChanges();
}
// If a password has been added for the first time there will be a (unecrypted) password and no salt.
// Create salt and hash.
else if ((user.PasswordHash.Length > 0) && user.IsPasswordSaltNull())
{
user.PasswordSalt = PasswordHelper.GetNewPasswordSalt();
user.PasswordHash = PasswordHelper.GetPasswordHash(user.PasswordHash, user.PasswordSalt);
user.PasswordNeedsChange = true;
}
}
}
try
{
MaintainUsersTDSAccess.SubmitChanges(ASubmitDS);
ReturnValue = TSubmitChangesResult.scrOK;
}
catch (Exception e)
{
TLogging.Log(e.Message);
TLogging.Log(e.StackTrace);
ReturnValue = TSubmitChangesResult.scrError;
}
return ReturnValue;
}
public static MaintainUsersTDS LoadUsersAndModulePermissions()
{
TDBTransaction ReadTransaction = null;
MaintainUsersTDS ReturnValue = new MaintainUsersTDS();
DBAccess.GDBAccessObj.GetNewOrExistingAutoReadTransaction(IsolationLevel.ReadCommitted,
TEnforceIsolationLevel.eilMinimum,
ref ReadTransaction,
delegate
{
SUserAccess.LoadAll(ReturnValue, ReadTransaction);
SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, ReadTransaction);
SModuleAccess.LoadAll(ReturnValue, ReadTransaction);
});
return ReturnValue;
}
private TSubmitChangesResult StoreManualCode(ref MaintainUsersTDS ASubmitDS, out TVerificationResultCollection AVerificationResult)
{
AVerificationResult = null;
TSubmitChangesResult Result = TRemote.MSysMan.Maintenance.WebConnectors.SaveSUser(ref ASubmitDS);
if (Result == TSubmitChangesResult.scrOK)
{
MessageBox.Show(Catalog.GetString("Changes to users will take effect at next login."),
Catalog.GetString("Maintain Users"));
// Reload the grid after every successful save. (This will add new password's hash and salt to the table.)
LoadUsers();
btnChangePassword.Enabled = true;
txtDetailPasswordHash.Enabled = false;
}
return Result;
}
public static TSubmitChangesResult SaveSUser(ref MaintainUsersTDS ASubmitDS,
string AClientComputerName, string AClientIPAddress)
{
TSubmitChangesResult ReturnValue = TSubmitChangesResult.scrError;
TDBTransaction SubmitChangesTransaction = null;
bool CanCreateUser;
bool CanChangePassword;
bool CanChangePermissions;
int PwdSchemeVersionUpTillNow;
int CurrentPwdSchemeVersion = TPasswordHelper.CurrentPasswordSchemeNumber;
MaintainUsersTDS SubmitDS;
SubmitDS = ASubmitDS;
GetAuthenticationFunctionality(out CanCreateUser, out CanChangePassword, out CanChangePermissions);
// make sure users are not deleted or added if this is not possible
if (!CanCreateUser && (ASubmitDS.SUser != null))
{
Int32 Counter = 0;
while (Counter < ASubmitDS.SUser.Rows.Count)
{
if (ASubmitDS.SUser.Rows[Counter].RowState != DataRowState.Modified)
{
ASubmitDS.SUser.Rows.RemoveAt(Counter);
}
else
{
Counter++;
}
}
}
if (!CanChangePermissions && (ASubmitDS.SUserModuleAccessPermission != null))
{
ASubmitDS.SUserModuleAccessPermission.Clear();
}
// TODO: if user module access permissions have changed, automatically update the table access permissions?
DBAccess.SimpleAutoTransactionWrapper(IsolationLevel.Serializable, "SaveSUser", out SubmitChangesTransaction,
ref ReturnValue, delegate
{
if (SubmitDS.SUser != null)
{
foreach (SUserRow user in SubmitDS.SUser.Rows)
{
// for new users: create users on the alternative authentication method
if (user.RowState == DataRowState.Added)
{
CreateUser(user.UserId, user.PasswordHash, user.FirstName, user.LastName, string.Empty,
AClientComputerName, AClientIPAddress, SubmitChangesTransaction);
user.AcceptChanges();
}
else
{
PwdSchemeVersionUpTillNow = user.PwdSchemeVersion;
// Has the 'Account Locked' state changed?
if (Convert.ToBoolean(user[SUserTable.GetAccountLockedDBName(), DataRowVersion.Original]) != user.AccountLocked)
{
if (user.AccountLocked)
{
TUserAccountActivityLog.AddUserAccountActivityLogEntry(user.UserId,
TUserAccountActivityLog.USER_ACTIVITY_USER_ACCOUNT_GOT_LOCKED,
String.Format(
StrUserChangedOtherUsersLockedState, UserInfo.GUserInfo.UserID,
user.UserId, Catalog.GetString("locked")) +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
SubmitChangesTransaction);
}
else
{
TUserAccountActivityLog.AddUserAccountActivityLogEntry(user.UserId,
TUserAccountActivityLog.USER_ACTIVITY_USER_ACCOUNT_GOT_UNLOCKED,
String.Format(
StrUserChangedOtherUsersLockedState, UserInfo.GUserInfo.UserID,
user.UserId, Catalog.GetString("unlocked")) +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
SubmitChangesTransaction);
// If the user account got locked when a Password Hashing Scheme was in place that isn't
// the current one then require the user to change his/her password on next login. This is to
// ensure that the Password Hash and Salt that gets placed in the s_user table record of this
// user at his/her next logon isn't just the new Password Hash and Salt of the password that
// the user had used when the user account got Locked (the Password Hashing Scheme of that user
// will get upgraded to the current one then, but in case the system administrator locked the user
// account because (s)he suspects a security breach then any future attempts to use the previous
// password will be thwarted).
if (PwdSchemeVersionUpTillNow != CurrentPwdSchemeVersion)
{
user.PasswordNeedsChange = true;
}
}
}
// Has the 'Retired' state changed?
if (Convert.ToBoolean(user[SUserTable.GetRetiredDBName(), DataRowVersion.Original]) != user.Retired)
{
if (user.Retired)
{
TUserAccountActivityLog.AddUserAccountActivityLogEntry(user.UserId,
TUserAccountActivityLog.USER_ACTIVITY_USER_GOT_RETIRED,
String.Format(
StrUserChangedOtherUsersRetiredState, UserInfo.GUserInfo.UserID,
user.UserId, Catalog.GetString("retired")) +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
SubmitChangesTransaction);
}
else
{
TUserAccountActivityLog.AddUserAccountActivityLogEntry(user.UserId,
TUserAccountActivityLog.USER_ACTIVITY_USER_GOT_UNRETIRED,
String.Format(
StrUserChangedOtherUsersRetiredState, UserInfo.GUserInfo.UserID,
user.UserId, Catalog.GetString("no longer retired")) +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
SubmitChangesTransaction);
// If the user account got retired when a Password Hashing Scheme was in place that isn't
// the current one then require the user to change his/her password on next login. This is to
// ensure that the Password Hash and Salt that gets placed in the s_user table record of this
// user at his/her next logon isn't just the new Password Hash and Salt of the password that
// the user had used when the user account got Retired (the Password Hashing Scheme of that user
// will get upgraded to the current one then, but in case the system administrator retired the user
// account because (s)he suspects a security breach then any future attempts to use the previous
// password will be thwarted).
if (PwdSchemeVersionUpTillNow != CurrentPwdSchemeVersion)
{
user.PasswordNeedsChange = true;
}
}
}
}
}
}
try
{
MaintainUsersTDSAccess.SubmitChanges(SubmitDS, SubmitChangesTransaction.DataBaseObj);
ReturnValue = TSubmitChangesResult.scrOK;
}
catch (Exception e)
{
TLogging.Log(e.Message);
TLogging.Log(e.StackTrace);
throw;
}
});
ASubmitDS = SubmitDS;
return(ReturnValue);
}
public static MaintainUsersTDS LoadUsersAndModulePermissions()
{
MaintainUsersTDS ReturnValue = null;
Boolean NewTransaction;
TDBTransaction Transaction = DBAccess.GDBAccessObj.GetNewOrExistingTransaction(IsolationLevel.ReadCommitted,
TEnforceIsolationLevel.eilMinimum, out NewTransaction);
try
{
ReturnValue = new MaintainUsersTDS();
SUserAccess.LoadAll(ReturnValue, Transaction);
SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, Transaction);
SModuleAccess.LoadAll(ReturnValue, Transaction);
}
catch (Exception e)
{
TLogging.Log(e.Message);
TLogging.Log(e.StackTrace);
ReturnValue = null;
}
if (NewTransaction)
{
DBAccess.GDBAccessObj.RollbackTransaction();
}
return ReturnValue;
}
