Ejemplo n.º 1
0
        protected override void BeginProcessing()
        {
            base.BeginProcessing();
            r         = new Regex(Name, RegexOptions.IgnoreCase);
            overrides = _mg.Overrides.GetOverrides();
            sdHash    = new Hashtable();
            foreach (SecureDataHealthServiceReference sr in _mg.Security.GetSecureDataHealthServiceReferences())
            {
                aasd = _mg.Security.GetSecureData(sr.SecureDataId) as ActionAccountSecureData;
                if (aasd != null)
                {
                    break;
                }
            }

            foreach (ManagementPackOverride mpOverride in overrides)
            {
                ManagementPackSecureReferenceOverride secRefOverride = mpOverride as ManagementPackSecureReferenceOverride;
                if (secRefOverride != null)
                {
                    Guid   secrefid = secRefOverride.SecureReference.Id;
                    int    i = 0, x = 0;
                    byte[] bytes = new byte[(secRefOverride.Value.Length) / 2];
                    while (secRefOverride.Value.Length > i + 1)
                    {
                        long lngDecimal = Convert.ToInt32(secRefOverride.Value.Substring(i, 2), 16);
                        bytes[x] = Convert.ToByte(lngDecimal);
                        i        = i + 2;
                        ++x;
                    }
                    SecureData secureData = _mg.Security.GetSecureData(bytes);
                    WindowsCredentialSecureData credential = secureData as WindowsCredentialSecureData;
                    if (credential != null)
                    {
                        if (!sdHash.ContainsKey(secrefid))
                        {
                            sdHash.Add(secrefid, String.Format(CultureInfo.InvariantCulture, "{0}\\{1}", credential.Domain, credential.UserName));
                        }
                    }
                    else
                    {
                        ActionAccountSecureData actionAccount = secureData as ActionAccountSecureData;
                        if (actionAccount != null)
                        {
                            if (!sdHash.ContainsKey(secrefid))
                            {
                                sdHash.Add(secrefid, String.Format(CultureInfo.InvariantCulture, "{0}\\{1}", actionAccount.Domain, actionAccount.UserName));
                            }
                        }
                    }
                }
            }
        }
Ejemplo n.º 2
0
        private async Task RenewServiceCredential(GraphClient cl, ManagementPack configMp, AdApplication app, TimeSpan credValidity)
        {
            if (app == null)
                throw new ArgumentNullException(nameof(app));

            if (app.PasswordCredentials != null)
            {
                var passCred = app.PasswordCredentials.FirstOrDefault(x => x.CustomKeyIdentifier == Convert.ToBase64String(_emg.Id.ToByteArray()));
                if (passCred != null)
                    app.PasswordCredentials.Remove(passCred);
                await cl.UpdateApplicationAsync(app);
            }

            var pass = RandomString();
            var securePass = new System.Security.SecureString();
            foreach (char c in pass)
                securePass.AppendChar(c);

            var endDate = DateTime.UtcNow + credValidity;

            app.PasswordCredentials.Add(new PasswordCredential()
            {
                EndDate = endDate,
                StartDate = DateTime.UtcNow,
                KeyId = Guid.NewGuid(),
                Value = pass,
                CustomKeyIdentifier = Convert.ToBase64String(_emg.Id.ToByteArray())
            });
            await cl.UpdateApplicationAsync(app);

            bool isNew = false;
            var secData = (BasicCredentialSecureData)_emg.Security.GetSecureData(new SecureDataCriteria($"Name = '{Parameters.SECURE_REFERENCE_NAME}'")).FirstOrDefault();

            if (secData == null)
            {
                secData = new BasicCredentialSecureData();
                isNew = true;                
            }

            secData.UserName = app.AppId.ToString();
            secData.Data = securePass;
            secData.Name = Parameters.SECURE_REFERENCE_NAME;

            if (isNew)
                _emg.Security.InsertSecureData(secData);
            secData.Update();

            var secRefOverride = (ManagementPackSecureReferenceOverride)_emg.Overrides.GetOverrides(new ManagementPackOverrideCriteria($"Name = '{Parameters.SECURE_REFERENCE_OVERRIDE_NAME}'")).FirstOrDefault();
            if (secRefOverride == null)
                secRefOverride = new ManagementPackSecureReferenceOverride(configMp, Parameters.SECURE_REFERENCE_OVERRIDE_NAME);

            secRefOverride.DisplayName = Parameters.SECURE_REFERENCE_OVERRIDE_NAME;
            secRefOverride.Context = EntityClass;
            secRefOverride.SecureReference = ConnectorSecureReference;
            secRefOverride.Value = BitConverter.ToString(secData.SecureStorageId, 0, secData.SecureStorageId.Length).Replace("-", "");

            secRefOverride.GetManagementPack().AcceptChanges();

            Settings.CredentialExpirationDate = endDate;
        }
Ejemplo n.º 3
0
        protected override void ProcessRecord()
        {
            foreach (ManagementPackSecureReference secureReference in _secureReferences)
            {
                //First get the MP that the Secure Reference that was passed in is stored in so that we can create some SecureReferenceOverrides in it.
                ManagementPack mpSecureReferenceMP = secureReference.GetManagementPack();

                //Before we create a new SecureReferenceOverride we need to check to see if one already exists.
                bool boolSecureRefOverrideAlreadyExists = false;

                //Loop through each Override in the MP...
                ManagementPackElementCollection <ManagementPackOverride> listOverrides = mpSecureReferenceMP.GetOverrides();
                foreach (ManagementPackOverride mpOverride in listOverrides)
                {
                    //...if it is a ManagementPackSecureReferenceOverride...
                    if (mpOverride is ManagementPackSecureReferenceOverride)
                    {
                        //...then cast it to a ManagementPackSecureReferenceOverride...
                        ManagementPackSecureReferenceOverride mpSecRefOverride = mpOverride as ManagementPackSecureReferenceOverride;
                        //...and then compare it to the SecureReference that was passed in...
                        if (mpSecRefOverride.SecureReference.Id == secureReference.Id)
                        {
                            //...if it is the same one then get a list of all the SecureData objects so we can compare with those...
                            IList <SecureData> secureDataList = _mg.Security.GetSecureData();
                            foreach (SecureData secureData in secureDataList)
                            {
                                //...by comparing the SecureStorageID of each of the existing and the .Value of the SecureData we just created...
                                if (String.Compare
                                        (BitConverter.ToString(secureData.SecureStorageId, 0, secureData.SecureStorageId.Length).Replace("-", ""),
                                        mpSecRefOverride.Value,
                                        StringComparison.Ordinal
                                        ) == 0
                                    )
                                {
                                    //...and if you find a match...
                                    WindowsCredentialSecureData windowsCred = secureData as WindowsCredentialSecureData;
                                    if (windowsCred != null)
                                    {
                                        //...then set the bool to true so we know that there is already a SecureReferenceOverride with this same exact SecureData
                                        // so we dont need to create a new SecureReferenceOverride in this case.
                                        boolSecureRefOverrideAlreadyExists = true;
                                    }
                                }
                            }
                        }
                    }
                }

                //Do we need to create a new SecureReferenceOverride?
                if (!boolSecureRefOverrideAlreadyExists)
                {
                    //Yes, we need to create a new SecureReferenceOverride...

                    //First create the SecureReferenceOverride object by setting its ID
                    ManagementPackSecureReferenceOverride secureOverride = new ManagementPackSecureReferenceOverride(mpSecureReferenceMP, String.Format("SecureReferenceOverride.{0}", Guid.NewGuid().ToString("N")));

                    //Then tell it that it's scope is for all objects by setting the class context to System.Entity
                    secureOverride.Context = _mg.EntityTypes.GetClass(SystemClass.Entity);

                    //Set the SecureReference equal to the SecureReference that was passed in.
                    secureOverride.SecureReference = secureReference;

                    //Give it a display name - doesnt need to be anything fancy since it doesnt show anywhere in the UI.
                    secureOverride.DisplayName = "SecureReferenceOverride_" + Guid.NewGuid().ToString();

                    //Convert to a byte array
                    secureOverride.Value = BitConverter.ToString(_credentialSecureData.SecureStorageId, 0, _credentialSecureData.SecureStorageId.Length).Replace("-", "");

                    //Now allow this SecureData to be downloaded to all the management servers
                    ApprovedHealthServicesForDistribution <EnterpriseManagementObject> approved = new ApprovedHealthServicesForDistribution <EnterpriseManagementObject>();
                    approved.Result = ApprovedHealthServicesResults.All;

                    //Tell SCSM that we are going to update (or submit new) this SecureReferenceOverride
                    secureReference.Status = ManagementPackElementStatus.PendingUpdate;

                    //Post it to the database.  This will show up on the SecureReferenceOverride table in the database and in the <Overrides> section of the MP XML
                    string secureReferenceInfo = secureReference.Name;
                    if (secureReference.DisplayName != null)
                    {
                        secureReferenceInfo = secureReference.DisplayName;
                    }

                    if (ShouldProcess(secureReferenceInfo))
                    {
                        _mg.Security.SetApprovedHealthServicesForDistribution <EnterpriseManagementObject>(_credentialSecureData, approved);
                        mpSecureReferenceMP.AcceptChanges();
                    }
                }
            }
        }