Beispiel #1
0
        /// <summary>
        /// Adds a user to the local Administrators group.
        /// </summary>
        /// <param name="userIdentity">
        /// The identity of the user to be added to the Administrators group.
        /// </param>
        /// <param name="expirationTime">
        /// The date and time at which the user's administrator rights should expire.
        /// </param>
        /// <param name="remoteAddress">
        /// The address of the remote host from which a request for administrator rights came, if applicable.
        /// </param>
        public static void AddUser(WindowsIdentity userIdentity, DateTime?expirationTime, string remoteAddress)
        {
            // TODO: Only do this if the user is not a member of the group?

            AdminGroupManipulator adminGroupManipulator = new AdminGroupManipulator();
            bool userIsAuthorized = adminGroupManipulator.UserIsAuthorized(Settings.LocalAllowedEntities, Settings.LocalDeniedEntities);

            if (!string.IsNullOrEmpty(remoteAddress))
            { // Request is from a remote computer. Check the remote authorization list.
                userIsAuthorized &= adminGroupManipulator.UserIsAuthorized(Settings.RemoteAllowedEntities, Settings.RemoteDeniedEntities);
            }

            if (
                (LocalAdminGroup != null) &&
                (userIdentity.User != null) &&
                (userIdentity.Groups != null) &&
                (userIsAuthorized)
                )
            {
                // Save the user's information to the list of users.
                EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath);
                encryptedSettings.AddUser(userIdentity, expirationTime, remoteAddress);

                AddUserToAdministrators(userIdentity.User);
            }
        }
Beispiel #2
0
        /// <summary>
        /// Gets an object representing the local Administrators group.
        /// </summary>

        /*private static GroupPrincipal LocalAdminGroup
         * {
         *  get
         *  {
         *      if (LocalMachineContext == null)
         *      {
         *          ApplicationLog.WriteEvent(Properties.Resources.LocalMachineContextIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error);
         *      }
         *      else
         *      {
         *          if (LocalAdminsGroupSid == null)
         *          {
         *              ApplicationLog.WriteEvent(Properties.Resources.LocalAdminsGroupSIDIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error);
         *          }
         *          else
         *          {
         *              if (localAdminGroup == null)
         *              {
         *                  try
         *                  {
         *                      localAdminGroup = GroupPrincipal.FindByIdentity(LocalMachineContext, IdentityType.Sid, LocalAdminsGroupSid.Value);
         *                  }
         *                  catch (Exception exception)
         *                  {
         *                      ApplicationLog.WriteEvent(string.Format("{0}: {1}", Properties.Resources.Exception, exception.Message), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Error);
         *                      throw;
         *                  }
         *              }
         *          }
         *      }
         *      return localAdminGroup;
         *  }
         * }*/

        /// <summary>
        /// Adds a user to the local Administrators group.
        /// </summary>
        /// <param name="userIdentity">
        /// The identity of the user to be added to the Administrators group.
        /// </param>
        /// <param name="expirationTime">
        /// The date and time at which the user's administrator rights should expire.
        /// </param>
        /// <param name="remoteAddress">
        /// The address of the remote host from which a request for administrator rights came, if applicable.
        /// </param>
        public static void AddUser(WindowsIdentity userIdentity, DateTime?expirationTime, string remoteAddress)
        {
            // TODO: Only do this if the user is not a member of the group?

#if DEBUG
            ApplicationLog.WriteEvent(string.Format("Calling UserIsAuthorized(3) from AddUser() beginning of function."), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif

            //AdminGroupManipulator adminGroupManipulator = new AdminGroupManipulator();
            bool userIsAuthorized = AdminGroupManipulator.UserIsAuthorized(userIdentity, Settings.LocalAllowedEntities, Settings.LocalDeniedEntities);

            if (!string.IsNullOrEmpty(remoteAddress))
            { // Request is from a remote computer. Check the remote authorization list.
#if DEBUG
                ApplicationLog.WriteEvent(string.Format("Calling UserIsAuthorized(3) from AddUser() where remote address is not null or empty."), EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Information);
#endif

                userIsAuthorized &= AdminGroupManipulator.UserIsAuthorized(userIdentity, Settings.RemoteAllowedEntities, Settings.RemoteDeniedEntities);
            }

            if (
                (LocalAdminGroupName != null) &&
                (userIdentity.User != null) &&
                (userIdentity.Groups != null) &&
                (userIsAuthorized)
                )
            {
                // Save the user's information to the list of users.
                EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath);
                encryptedSettings.AddUser(userIdentity, expirationTime, remoteAddress);

                AddUserToAdministrators(userIdentity.User);
            }
        }