internal GenericMember(string name, IAzManSid sid, WhereDefined whereDefined) { this.Name = name; this.sid = sid; this.WhereDefined = whereDefined; this.Description = String.Empty; }
private void raiseStoreGroupMemberDeleted(IAzManStoreGroup ownerStoreGroup, IAzManSid sid) { if (this.StoreGroupMemberDeleted != null) { this.StoreGroupMemberDeleted(ownerStoreGroup, sid); } }
/// <summary> /// Creates the store group member. /// </summary> /// <param name="sid">The object owner.</param> /// <param name="whereDefined">Where member is defined.</param> /// <param name="isMember">if set to <c>true</c> [is member].</param> /// <returns></returns> public IAzManStoreGroupMember CreateStoreGroupMember(IAzManSid sid, WhereDefined whereDefined, bool isMember) { if (this.groupType != GroupType.Basic) { throw new InvalidOperationException("Method not supported for LDAP Groups"); } if (this.store.Storage.Mode == NetSqlAzManMode.Administrator && whereDefined == WhereDefined.Local) { throw new SqlAzManException("Cannot create Store Group members defined on local in Administrator Mode"); } //Loop detection if (whereDefined == WhereDefined.Store) { IAzManStoreGroup storeGroupToAdd = this.store.GetStoreGroup(sid); if (this.detectLoop(storeGroupToAdd)) { throw new SqlAzManException(String.Format("Cannot add '{0}'. A loop has been detected.", storeGroupToAdd.Name)); } } int retV = this.db.StoreGroupMemberInsert(this.store.StoreId, this.storeGroupId, sid.BinaryValue, (byte)whereDefined, isMember); IAzManStoreGroupMember result = new SqlAzManStoreGroupMember(this.db, this, retV, sid, whereDefined, isMember, this.ens); this.raiseStoreGroupMemberCreated(this, result); if (this.ens != null) { this.ens.AddPublisher(result); } return(result); }
private void raiseAuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime?oldValidFrom, DateTime?oldValidTo) { if (this.AuthorizationUpdated != null) { this.AuthorizationUpdated(authorization, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo); } }
/// <summary> /// Updates the specified authorization type. /// </summary> /// <param name="owner">The owner Sid.</param> /// <param name="sid">The member Sid.</param> /// <param name="sidWhereDefined">The object owner where defined.</param> /// <param name="authorizationType">Type of the authorization.</param> /// <param name="validFrom">The valid from.</param> /// <param name="validTo">The valid to.</param> public void Update(IAzManSid owner, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo) { if (this.owner.StringValue != owner.StringValue || this.sid.StringValue != sid.StringValue || this.sidWhereDefined != sidWhereDefined || this.authorizationType != authorizationType || this.validFrom != validFrom || this.validTo != validTo) { //DateTime range check if (validFrom.HasValue && validTo.HasValue) { if (validFrom.Value > validTo.Value) { throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied."); } } SqlAzManSID oldOwner = new SqlAzManSID(this.owner.StringValue, this.ownerSidWhereDefined == WhereDefined.Database); SqlAzManSID oldSid = new SqlAzManSID(this.sid.StringValue, this.sidWhereDefined == WhereDefined.Database); WhereDefined oldOwnerSidWhereDefined = this.ownerSidWhereDefined; WhereDefined oldSidWhereDefined = this.SidWhereDefined; AuthorizationType oldAuthorizationType = this.AuthorizationType; DateTime? oldValidFrom = this.validFrom; DateTime? oldValidTo = this.validTo; string memberName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(owner.StringValue, out memberName, out isLocal); WhereDefined ownerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP; this.db.AuthorizationUpdate(this.item.ItemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.authorizationId, this.item.Application.ApplicationId); this.owner = new SqlAzManSID(owner.BinaryValue); this.ownerSidWhereDefined = ownerSidWhereDefined; this.sid = sid; this.sidWhereDefined = sidWhereDefined; this.authorizationType = authorizationType; this.validFrom = validFrom; this.validTo = validTo; this.raiseAuthorizationUpdated(this, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo); } }
/// <summary> /// Creates the store group. /// </summary> /// <param name="storeGroupSid">The store group sid.</param> /// <param name="name">The name.</param> /// <param name="description">The description.</param> /// <param name="lDapQuery">The ldap query.</param> /// <param name="groupType">Type of the group.</param> /// <returns></returns> public IAzManStoreGroup CreateStoreGroup(IAzManSid storeGroupSid, string name, string description, string lDapQuery, GroupType groupType) { try { if (DirectoryServices.DirectoryServicesUtils.TestLDAPQuery(lDapQuery)) { this.db.StoreGroupInsert(this.storeId, storeGroupSid.BinaryValue, name, description, lDapQuery, (byte)groupType); IAzManStoreGroup result = this.GetStoreGroup(name); this.raiseStoreGroupCreated(this, result); if (this.ens != null) { this.ens.AddPublisher(result); } this.storeGroups = null; //Force cache refresh return(result); } else { throw new ArgumentException("LDAP Query syntax error or unavailable Domain.", "lDapQuery"); } } catch (System.Data.SqlClient.SqlException sqlex) { if (sqlex.Number == 2601) //Index Duplicate Error { throw SqlAzManException.StoreGroupDuplicateException(name, this, sqlex); } else { throw SqlAzManException.GenericException(sqlex); } } }
/// <summary> /// Gets the store group member. /// </summary> /// <param name="sid">The object owner.</param> /// <returns></returns> public IAzManStoreGroupMember GetStoreGroupMember(IAzManSid sid) { if (this.groupType != GroupType.Basic) { throw new InvalidOperationException("Method not supported for LDAP Groups"); } StoreGroupMembersResult sgm; if ((sgm = (from t in this.db.StoreGroupMembers() where t.StoreGroupId == this.storeGroupId && t.ObjectSid == sid.BinaryValue select t).FirstOrDefault()) != null) { if (this.store.Storage.Mode == NetSqlAzManMode.Administrator && sgm.WhereDefined == (byte)WhereDefined.Local) { throw SqlAzManException.StoreGroupMemberNotFoundException(sid.StringValue, this, null); } else { IAzManStoreGroupMember result = new SqlAzManStoreGroupMember(this.db, this, sgm.StoreGroupMemberId.Value, new SqlAzManSID(sgm.ObjectSid.ToArray(), sgm.WhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)(sgm.WhereDefined), sgm.IsMember.Value, this.ens); if (this.ens != null) { this.ens.AddPublisher(result); } return(result); } } else { throw SqlAzManException.StoreGroupMemberNotFoundException(sid.StringValue, this, null); } }
private void raiseStoreGroupUpdated(IAzManStoreGroup storeGroup, IAzManSid oldSid, string oldDescription, GroupType oldGroupType) { if (this.StoreGroupUpdated != null) { this.StoreGroupUpdated(storeGroup, oldSid, oldDescription, oldGroupType); } }
private void raiseAuthorizationDeleted(IAzManItem ownerItem, IAzManSid owner, IAzManSid sid) { if (this.AuthorizationDeleted != null) { this.AuthorizationDeleted(ownerItem, owner, sid); } }
/// <summary> /// Adds the specified user names to the specified roles for the configured applicationName. /// </summary> /// <param name="usernames">A string array of user names to be added to the specified roles.</param> /// <param name="roleNames">A string array of the role names to add the specified user names to.</param> public override void AddUsersToRoles(string[] usernames, string[] roleNames) { using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString)) { try { storage.OpenConnection(); storage.BeginTransaction(); IAzManApplication application = storage[this.storeName][this.applicationName]; foreach (string roleName in roleNames) { IAzManItem role = application.GetItem(roleName); if (role.ItemType != ItemType.Role) { throw new ArgumentException(String.Format("{0} must be a Role.", roleName)); } foreach (string username in usernames) { IAzManSid owner = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User); WhereDefined whereDefined = WhereDefined.LDAP; if (this.userLookupType == "LDAP") { string fqun = this.getFQUN(username); NTAccount ntaccount = new NTAccount(fqun); if (ntaccount == null) { throw SqlAzManException.UserNotFoundException(username, null); } IAzManSid sid = new SqlAzManSID(((SecurityIdentifier)(ntaccount.Translate(typeof(SecurityIdentifier))))); if (sid == null) { throw SqlAzManException.UserNotFoundException(username, null); } role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.LDAP, AuthorizationType.Allow, null, null); } else { var dbuser = application.GetDBUser(username); IAzManSid sid = dbuser.CustomSid; role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.Database, AuthorizationType.Allow, null, null); } } } storage.CommitTransaction(); //Rebuild StorageCache this.InvalidateCache(false); } catch { storage.RollBackTransaction(); throw; } finally { storage.CloseConnection(); } } }
internal GenericMember(IAzManSid sid, WhereDefined whereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo) { this.sid = sid; this.WhereDefined = whereDefined; this.authorizationType = authorizationType; this.validFrom = validFrom; this.validTo = validTo; }
internal GenericMember(IAzManSid sid, WhereDefined whereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo) { this.sid = sid; this.WhereDefined = whereDefined; this.authorizationType = authorizationType; this.validFrom = validFrom; this.validTo = validTo; }
internal SqlAzManStoreGroupMember(NetSqlAzManStorageDataContext db, IAzManStoreGroup storeGroup, int storeGroupMemberId, IAzManSid sid, WhereDefined whereDefined, bool isMember, SqlAzManENS ens) { this.db = db; this.storeGroup = storeGroup; this.storeGroupMemberId = storeGroupMemberId; this.sid = sid; this.whereDefined = whereDefined; this.isMember = isMember; this.ens = ens; }
private bool FindMember(IAzManApplicationGroupMember[] members, IAzManSid sid) { foreach (IAzManApplicationGroupMember m in members) { if (m.SID.StringValue == sid.StringValue) { return(true); } } return(false); }
private bool FindMember(GenericMemberCollection members, IAzManSid sid) { foreach (GenericMember m in members) { if (m.sid.StringValue == sid.StringValue) { return(true); } } return(false); }
internal SqlAzManAuthorization(NetSqlAzManStorageDataContext db, IAzManItem item, int authorizationId, IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined objectSidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo, SqlAzManENS ens) { this.db = db; this.authorizationId = authorizationId; this.item = item; this.owner = owner; this.ownerSidWhereDefined = ownerSidWhereDefined; this.sid = sid; this.sidWhereDefined = objectSidWhereDefined; this.authorizationType = authorizationType; this.validFrom = validFrom; this.validTo = validTo; this.ens = ens; }
internal SqlAzManAuthorization(NetSqlAzManStorageDataContext db, IAzManItem item, int authorizationId, IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined objectSidWhereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo, SqlAzManENS ens) { this.db = db; this.authorizationId = authorizationId; this.item = item; this.owner = owner; this.ownerSidWhereDefined = ownerSidWhereDefined; this.sid = sid; this.sidWhereDefined = objectSidWhereDefined; this.authorizationType = authorizationType; this.validFrom = validFrom; this.validTo = validTo; this.ens = ens; }
/// <summary> /// Finds the DB user. /// </summary> /// <param name="customSid">The custom sid.</param> /// <returns></returns> public IAzManDBUser GetDBUser(IAzManSid customSid) { var dtDBUsers = this.db.GetDBUsersEx(this.name, null, customSid.BinaryValue, null); IAzManDBUser result; if (dtDBUsers.Rows.Count == 0) { throw SqlAzManException.DBUserNotFoundException(customSid.StringValue, null); } else { result = new SqlAzManDBUser(dtDBUsers.Rows[0]); } return(result); }
internal SqlAzManDBUser(DataRow DBUserDataRow) { this.customSid = new SqlAzManSID((byte[])DBUserDataRow["DBUserSid"], true); this.userName = (string)DBUserDataRow["DBUserName"]; this.customColumns = new Dictionary<string, object>(); foreach (DataColumn dc in DBUserDataRow.Table.Columns) { if (String.Compare(dc.ColumnName, "DBUserSid", true) != 0 && String.Compare(dc.ColumnName, "DBUserName", true) != 0) { this.customColumns.Add(dc.ColumnName, DBUserDataRow[dc]); } } }
internal SqlAzManDBUser(DataRow DBUserDataRow) { this.customSid = new SqlAzManSID((byte[])DBUserDataRow["DBUserSid"], true); this.userName = (string)DBUserDataRow["DBUserName"]; this.customColumns = new Dictionary <string, object>(); foreach (DataColumn dc in DBUserDataRow.Table.Columns) { if (String.Compare(dc.ColumnName, "DBUserSid", true) != 0 && String.Compare(dc.ColumnName, "DBUserName", true) != 0) { this.customColumns.Add(dc.ColumnName, DBUserDataRow[dc]); } } }
internal SqlAzManApplicationGroup(NetSqlAzManStorageDataContext db, IAzManApplication application, int applicationGroupId, IAzManSid sid, string name, string description, string lDapQuery, GroupType groupType, SqlAzManENS ens) { this.db = db; this.application = application; this.applicationGroupId = applicationGroupId; this.sid = sid; this.name = name; this.description = description; this.lDapQuery = String.IsNullOrEmpty(lDapQuery) ? String.Empty : lDapQuery; this.groupType = groupType; this.ens = ens; if (groupType != GroupType.Basic) { this.members = new Dictionary<IAzManSid, IAzManApplicationGroupMember>(); } }
private void loadSessionVariables() { if (this.Session["modified"] != null) { this.modified = (bool)this.Session["modified"]; } else { this.modified = false; } this.item = this.Session["selectedObject"] as IAzManItem; this.dtAuthorizations = this.Session["dtAuthorizations"] as DataTable; this.currentOwnerName = (string)this.Session["currentOwnerName"]; this.currentOwnerSid = this.Session["currentOwnerSid"] as IAzManSid; this.currentOwnerSidWhereDefined = (WhereDefined)this.Session["currentOwnerSidWhereDefined"]; }
internal SqlAzManStoreGroup(NetSqlAzManStorageDataContext db, IAzManStore store, int storeGroupId, IAzManSid sid, string name, string description, string lDapQuery, GroupType groupType, SqlAzManENS ens) { this.db = db; this.store = store; this.storeGroupId = storeGroupId; this.sid = sid; this.name = name; this.description = description; this.lDapQuery = String.IsNullOrEmpty(lDapQuery) ? String.Empty : lDapQuery; this.groupType = groupType; this.ens = ens; if (groupType != GroupType.Basic) { this.members = new Dictionary <IAzManSid, IAzManStoreGroupMember>(); } }
/// <summary> /// Equalses the specified sid. /// </summary> /// <param name="sid">The sid.</param> /// <returns></returns> public bool Equals(IAzManSid sid) { if (Object.ReferenceEquals(sid, null)) { return(false); } SqlAzManSID sqlazmansid = sid as SqlAzManSID; if (!object.ReferenceEquals(sqlazmansid, null)) { return(this.Equals(sqlazmansid)); } else { return(this.GetHashCode() == sid.GetHashCode()); } }
/// <summary> /// Gets the store group. /// </summary> /// <param name="sid">The object owner.</param> /// <returns></returns> public IAzManStoreGroup GetStoreGroup(IAzManSid sid) { StoreGroupsResult sgr; if ((sgr = (from t in this.db.StoreGroups() where t.ObjectSid == sid.BinaryValue && t.StoreId == this.storeId select t).FirstOrDefault()) != null) { IAzManStoreGroup result = this.GetStoreGroup(sgr.Name); if (this.ens != null) { this.ens.AddPublisher(result); } return(result); } else { throw SqlAzManException.StoreGroupNotFoundException(sid.StringValue, this, null); } }
private string RenderMemberType(MemberType memberType, IAzManSid sid) { switch (memberType) { case MemberType.StoreGroup: if (this.item.Application.Store.GetStoreGroup(sid).GroupType == GroupType.Basic) { return(this.getImageUrl("StoreApplicationGroup_16x16.gif")); } else { return(this.getImageUrl("WindowsQueryLDAPGroup_16x16.gif")); } case MemberType.ApplicationGroup: if (this.item.Application.GetApplicationGroup(sid).GroupType == GroupType.Basic) { return(this.getImageUrl("StoreApplicationGroup_16x16.gif")); } else { return(this.getImageUrl("WindowsQueryLDAPGroup_16x16.gif")); } case MemberType.WindowsNTUser: return(this.getImageUrl("WindowsUser_16x16.gif")); case MemberType.WindowsNTGroup: return(this.getImageUrl("WindowsBasicGroup_16x16.gif")); case MemberType.DatabaseUser: return(this.getImageUrl("DBUser_16x16.gif")); default: case MemberType.AnonymousSID: return(this.getImageUrl("SIDNotFound_16x16.gif")); } }
public static String GetMemberTypeName(MemberType memberType, IAzManSid sid, IAzManItem item) { switch (memberType) { case MemberType.StoreGroup: if (item.Application.Store.GetStoreGroup(sid).GroupType == GroupType.Basic) { return("Store Group"); } else { return("LDAP Group"); } case MemberType.ApplicationGroup: if (item.Application.GetApplicationGroup(sid).GroupType == GroupType.Basic) { return("Application Group"); } else { return("LDAP Group"); } case MemberType.WindowsNTUser: return("Windows User"); case MemberType.WindowsNTGroup: return("Windows Basic Group"); case MemberType.DatabaseUser: return("DB User"); default: case MemberType.AnonymousSID: return("SID Not Found"); } }
private Bitmap RenderMemberType(MemberType memberType, IAzManSid sid) { switch (memberType) { case MemberType.StoreGroup: if (this.item.Application.Store.GetStoreGroup(sid).GroupType == GroupType.Basic) { return(Properties.Resources.StoreApplicationGroup_16x16.ToBitmap()); } else { return(Properties.Resources.WindowsQueryLDAPGroup_16x16.ToBitmap()); } case MemberType.ApplicationGroup: if (this.item.Application.GetApplicationGroup(sid).GroupType == GroupType.Basic) { return(Properties.Resources.StoreApplicationGroup_16x16.ToBitmap()); } else { return(Properties.Resources.WindowsQueryLDAPGroup_16x16.ToBitmap()); } case MemberType.WindowsNTUser: return(Properties.Resources.WindowsUser_16x16.ToBitmap()); case MemberType.WindowsNTGroup: return(Properties.Resources.WindowsBasicGroup_16x16.ToBitmap()); case MemberType.DatabaseUser: return(Properties.Resources.DBUser_16x16.ToBitmap()); default: case MemberType.AnonymousSID: return(Properties.Resources.SIDNotFound_16x16.ToBitmap()); } }
protected void Page_Init(object sender, EventArgs e) { this.setImage("NetSqlAzMan_32x32.gif"); this.setOkHandler(new EventHandler(this.btnOk_Click)); this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User); try { string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal); if (!isLocal) { this.currentOwnerSidWhereDefined = WhereDefined.LDAP; } else { this.currentOwnerSidWhereDefined = WhereDefined.Local; } } catch { this.currentOwnerSidWhereDefined = WhereDefined.LDAP; } }
void SqlAzManENS_StoreGroupUpdated(IAzManStoreGroup storeGroup, IAzManSid oldSid, string oldDescription, GroupType oldGroupType) { logging.WriteInfo(this, String.Format("ENS Event: {0}\r\n\r\nStore Group: {1}\r\nOld SID: {2}\r\nOld Description: {3}\r\nOld Group Type: {4}\r\n", "StoreGroupUpdated", storeGroup.ToString(), oldSid, oldDescription, oldGroupType)); }
/// <summary> /// Gets the authorizations by Owner SID. /// </summary> /// <param name="owner">The owner Sid.</param> /// <returns></returns> public IAzManAuthorization[] GetAuthorizationsOfOwner(IAzManSid owner) { var auths = (from tf in this.db.Authorizations() where (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && tf.ObjectSidWhereDefined != (byte)WhereDefined.Local || this.application.Store.Storage.Mode != NetSqlAzManMode.Administrator) && tf.ItemId == this.itemId && tf.OwnerSid == owner.BinaryValue select tf).ToList(); int index = 0; IAzManAuthorization[] authorizations = new SqlAzManAuthorization[auths.Count]; foreach (var row in auths) { authorizations[index] = new SqlAzManAuthorization(this.db, this, row.AuthorizationId.Value, new SqlAzManSID(row.OwnerSid.ToArray(), row.OwnerSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.OwnerSidWhereDefined, new SqlAzManSID(row.ObjectSid.ToArray(), row.ObjectSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.ObjectSidWhereDefined, (AuthorizationType)row.AuthorizationType, row.ValidFrom, row.ValidTo, this.ens); if (this.ens != null) this.ens.AddPublisher(authorizations[index]); index++; } return authorizations; }
void SqlAzManENS_AuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime? oldValidFrom, DateTime? oldValidTo) { logging.WriteInfo(this, String.Format("ENS Event: {0}\r\n\r\nAuthorization: {1}\r\nOld Owner SID: {2}\r\nOld Owner SID Where Defined: {3}\r\nOld SID: {4}\r\nOld SID Where Defined: {5}\r\nOld Authorization Type: {6}\r\nOld Valid From: {7}\r\nOld Valid To: {8}\r\n", "AuthorizationUpdated", authorization.ToString(), oldOwner.ToString(), oldOwnerSidWhereDefined, oldSid.ToString(), oldSidWhereDefined, oldAuthorizationType, (oldValidFrom.HasValue ? oldValidFrom.Value.ToString() : ""), (oldValidTo.HasValue ? oldValidTo.Value.ToString() : ""))); }
/// <summary> /// Finds the DB user. /// </summary> /// <param name="customSid">The custom sid.</param> /// <returns></returns> public IAzManDBUser GetDBUser(IAzManSid customSid) { var dtDBUsers = this.db.GetDBUsers(this.store.Name, this.name, customSid.BinaryValue, null); IAzManDBUser result; if (dtDBUsers.Count() == 0) { throw SqlAzManException.DBUserNotFoundException(customSid.StringValue, null); } else { result = new SqlAzManDBUser(new SqlAzManSID(dtDBUsers.First().DBUserSid.ToArray(), true), dtDBUsers.First().DBUserName); } return result; }
/// <summary> /// Creates the application group. /// </summary> /// <param name="applicationGroupSid">The application group sid.</param> /// <param name="name">The name.</param> /// <param name="description">The description.</param> /// <param name="lDapQuery">The ldap query.</param> /// <param name="groupType">Type of the group.</param> /// <returns></returns> public IAzManApplicationGroup CreateApplicationGroup(IAzManSid applicationGroupSid, string name, string description, string lDapQuery, GroupType groupType) { try { if (DirectoryServices.DirectoryServicesUtils.TestLDAPQuery(lDapQuery)) { this.db.ApplicationGroupInsert(this.applicationId, applicationGroupSid.BinaryValue, name, description, lDapQuery, (byte)groupType); IAzManApplicationGroup applicationGroupCreated = this.GetApplicationGroup(name); this.raiseApplicationGroupCreated(this, applicationGroupCreated); if (this.ens != null) this.ens.AddPublisher(applicationGroupCreated); this.applicationGroups = null; //Force cache refresh return applicationGroupCreated; } else { throw new ArgumentException("LDAP Query syntax error or unavailable Domain.", "lDapQuery"); } } catch (System.Data.SqlClient.SqlException sqlex) { if (sqlex.Number == 2601) //Index Duplicate Error throw SqlAzManException.ApplicationGroupDuplicateException(name, this, sqlex); else throw SqlAzManException.GenericException(sqlex); } }
private bool FindMember(IAzManStoreGroupMember[] members, IAzManSid sid) { foreach (IAzManStoreGroupMember m in members) { if (m.SID.StringValue == sid.StringValue) return true; } return false; }
/// <summary> /// Creates the delegation [DB Users]. /// </summary> /// <param name="delegatingUser">The delegating user.</param> /// <param name="delegateUser">The delegate user.</param> /// <param name="authorizationType">Type of the authorization.</param> /// <param name="validFrom">The valid from.</param> /// <param name="validTo">The valid to.</param> /// <returns>IAzManAuthorization</returns> public IAzManAuthorization CreateDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo) { //DateTime range check if (validFrom.HasValue && validTo.HasValue) { if (validFrom.Value > validTo.Value) throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied."); } string delegatedName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal); //Check if user has AllowWithDelegation permission on this Item. if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation) { string msg = String.Format("Create Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue); throw new SqlAzManException(msg); } WhereDefined sidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP; if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local) { throw new SqlAzManException("Cannot create a Delegate defined on local in Administrator Mode"); } IAzManSid owner = delegatingUser.CustomSid; string ownerName = delegatingUser.UserName; WhereDefined ownerSidWhereDefined = WhereDefined.Database; int? authorizationId = 0; this.db.CreateDelegate(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, delegateUser.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), ref authorizationId); IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, authorizationId.Value, owner, ownerSidWhereDefined, delegateUser, sidWhereDefined, (AuthorizationType)authorizationType, validFrom, validTo, this.ens); this.raiseDelegateCreated(this, result); if (this.ens != null) this.ens.AddPublisher(result); return result; }
/// <summary> /// Equalses the specified sid. /// </summary> /// <param name="sid">The sid.</param> /// <returns></returns> public bool Equals(IAzManSid sid) { if (Object.ReferenceEquals(sid, null)) return false; SqlAzManSID sqlazmansid = sid as SqlAzManSID; if (!object.ReferenceEquals(sqlazmansid, null)) return this.Equals(sqlazmansid); else return this.GetHashCode() == sid.GetHashCode(); }
private void raiseApplicationGroupMemberDeleted(IAzManApplicationGroup ownerApplicationGroup, IAzManSid sid) { if (this.ApplicationGroupMemberDeleted != null) this.ApplicationGroupMemberDeleted(ownerApplicationGroup, sid); }
internal SqlAzManDBUser(IAzManSid customSid, string userName) { this.customSid = customSid; this.userName = userName; this.customColumns = new Dictionary<string, object>(); }
protected void Page_Load(object sender, EventArgs e) { this.item = this.Session["selectedObject"] as IAzManItem; this.menuItem = Request["MenuItem"]; this.Text = "Item Authorizations"; this.Description = this.Text; this.Title = this.Text; this.currentOwnerName = this.Request.LogonUserIdentity.Name; this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User.Value); //this.showWaitPanelOnSubmit(this.pnlWait, this.pnlXXX); if (!this.Page.IsPostBack) { string memberName; bool isLocal; DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal); this.currentOwnerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP; this.saveSessionVariables(); this.loadSessionVariables(); this.dtAuthorizations = new DataTable(); DataColumn dcAuthorizationId = new DataColumn("AuthorizationID", typeof(int)); dcAuthorizationId.AutoIncrement = true; dcAuthorizationId.AutoIncrementSeed = -1; dcAuthorizationId.AutoIncrementStep = -1; dcAuthorizationId.AllowDBNull = false; dcAuthorizationId.Unique = true; DataColumn dcAttributesLink = new DataColumn("AttributesLink", typeof(string)); DataColumn dcMemberTypeEnum = new DataColumn("MemberTypeEnum", typeof(MemberType)); DataColumn dcMemberType = new DataColumn("MemberType", typeof(string)); DataColumn dcOwner = new DataColumn("Owner", typeof(string)); DataColumn dcOwnerSid = new DataColumn("OwnerSID", typeof(string)); DataColumn dcName = new DataColumn("Name", typeof(string)); DataColumn dcObjectSid = new DataColumn("ObjectSID", typeof(string)); DataColumn dcWhereDefined = new DataColumn("WhereDefined", typeof(string)); DataColumn dcWhereDefinedEnum = new DataColumn("WhereDefinedEnum", typeof(WhereDefined)); DataColumn dcAuthorizationType = new DataColumn("AuthorizationType", typeof(string)); DataColumn dcAuthorizationTypeEnum = new DataColumn("AuthorizationTypeEnum", typeof(AuthorizationType)); DataColumn dcValidFrom = new DataColumn("ValidFrom", typeof(DateTime)); dcValidFrom.AllowDBNull = true; DataColumn dcValidTo = new DataColumn("ValidTo", typeof(DateTime)); dcValidTo.AllowDBNull = true; dcMemberType.Caption = "Member Type"; dcOwner.Caption = "Owner"; dcOwnerSid.Caption = "Owner SID"; dcName.Caption = "Name"; dcObjectSid.Caption = "Object SID"; dcWhereDefined.Caption = "Where Defined"; dcAuthorizationType.Caption = "Authorization Type"; dcValidFrom.Caption = "Valid From"; dcValidTo.Caption = "Valid To"; this.dtAuthorizations.Columns.AddRange( new DataColumn[] { dcAuthorizationId, dcMemberType, dcName, dcAuthorizationType, dcWhereDefined, dcOwner, dcOwnerSid, dcValidFrom, dcValidTo, dcObjectSid, dcAuthorizationTypeEnum, dcWhereDefinedEnum, dcMemberTypeEnum, dcAttributesLink }); foreach (DataColumn dc in this.dtAuthorizations.Columns) { dc.AllowDBNull = true; } dcMemberType.AllowDBNull = false; dcAuthorizationType.AllowDBNull = false; this.modified = false; this.btnAddStoreGroups.Enabled = this.item.Application.Store.HasStoreGroups(); this.btnAddApplicationGroups.Enabled = this.item.Application.HasApplicationGroups(); //Prepare DataGridView this.dgAuthorizations.DataSource = this.dtAuthorizations; this.dgAuthorizations.DataBind(); this.RenderItemAuthorizations(); this.Text += " - " + this.item.Name; this.saveSessionVariables(); this.bindGridView(); } else { this.loadSessionVariables(); if (this.Session["selectedStoreGroups"] != null) { this.btnAddStoreGroups_Click(this, EventArgs.Empty); } if (this.Session["selectedApplicationGroups"] != null) { this.btnAddApplicationGroups_Click(this, EventArgs.Empty); } if (this.Session["selectedDBUsers"] != null) { this.btnAddDBUsers_Click(this, EventArgs.Empty); } if (this.Session["selectedADObjects"] != null) { this.btnAddWindowsUsersAndGroups_Click(this, EventArgs.Empty); } } }
private void raiseApplicationGroupMemberDeleted(IAzManApplicationGroup ownerApplicationGroup, IAzManSid sid) { if (this.ApplicationGroupMemberDeleted != null) { this.ApplicationGroupMemberDeleted(ownerApplicationGroup, sid); } }
/// <summary> /// Removes the delegate [DB Users]. /// </summary> /// <param name="delegatingUser">The delegating user.</param> /// <param name="delegateUser">The delegate user.</param> /// <param name="authorizationType">Type of the authorization.</param> public void DeleteDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType) { string delegatedName; bool isLocal; DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal); //Check if user has AllowWithDelegation permission on this Item. if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation) { string msg = String.Format("Remove Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue); throw new SqlAzManException(msg); } WhereDefined memberWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP; if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && memberWhereDefined == WhereDefined.Local) { throw new SqlAzManException("Cannot remove Delegates defined on local in Administrator Mode"); } IAzManSid owner = delegatingUser.CustomSid; string ownerName = delegatingUser.UserName; foreach (IAzManAuthorization auth in this.GetAuthorizations(owner, delegateUser)) { if ((byte)auth.AuthorizationType == (byte)authorizationType) { int affectedRecords = db.DeleteDelegate(auth.AuthorizationId, owner.BinaryValue); if (affectedRecords != 0) this.raiseDelegateDeleted(this, delegatingUser.CustomSid, delegateUser, authorizationType); } } }
void SqlAzManENS_StoreGroupMemberDeleted(IAzManStoreGroup ownerStoreGroup, IAzManSid sid) { logging.WriteInfo(this, String.Format("ENS Event: {0}\r\n\r\nStore Group: {1}\r\nSID: {2}\r\n", "StoreGroupMemberDeleted", ownerStoreGroup.ToString(), sid)); }
private IEnumerable<IAzManSid> getApplicationGroupSidMembers(IAzManApplication application, bool isMember, IAzManSid groupObjectSid) { var applicationGroup = (from ag in application.ApplicationGroups.Values where ag.SID.StringValue == groupObjectSid.StringValue select ag).First(); IEnumerable<IAzManSid> result = new IAzManSid[0]; //Store Group members var membersResult = from agm in applicationGroup.Members.Values where agm.ApplicationGroup.ApplicationGroupId == applicationGroup.ApplicationGroupId && agm.IsMember == isMember && ((this.storage.Mode == NetSqlAzManMode.Administrator && (agm.WhereDefined == WhereDefined.LDAP || agm.WhereDefined == WhereDefined.Database)) || (this.storage.Mode == NetSqlAzManMode.Developer && agm.WhereDefined >= WhereDefined.LDAP && agm.WhereDefined <= WhereDefined.Database)) select agm.SID; result = result.Union(membersResult); //BASIC GROUP if (applicationGroup.GroupType == GroupType.Basic) { //Sub Store Groups var subMembers = from agm in applicationGroup.Members.Values where agm.ApplicationGroup.ApplicationGroupId == applicationGroup.ApplicationGroupId && agm.IsMember == isMember && agm.WhereDefined == WhereDefined.Store select agm; foreach (var subMember in subMembers) { //recursive call bool nonMemberType; if (isMember) { if (subMember.IsMember == false) nonMemberType = false; else nonMemberType = true; } else { if (subMember.IsMember == false) nonMemberType = true; else nonMemberType = false; } var subMembersResult = this.getStoreGroupSidMembers(application.Store, nonMemberType, subMember.SID); result = result.Union(subMembersResult); } //Sub Application Groups var subMembers2 = from agm in applicationGroup.Members.Values where agm.ApplicationGroup.ApplicationGroupId == applicationGroup.ApplicationGroupId && agm.IsMember == isMember && agm.WhereDefined == WhereDefined.Application select agm; foreach (var subMember in subMembers2) { //recursive call bool nonMemberType; if (isMember) { if (subMember.IsMember == false) nonMemberType = false; else nonMemberType = true; } else { if (subMember.IsMember == false) nonMemberType = true; else nonMemberType = false; } var subMembersResult = this.getApplicationGroupSidMembers(application, nonMemberType, subMember.SID); result = result.Union(subMembersResult); } return result; } else if (applicationGroup.GroupType == GroupType.LDapQuery && isMember == true) { //LDAP Group return this.getCachedLDAPQueryResults(applicationGroup); } else { //Empty result return new IAzManSid[0]; } }
/// <summary> /// Creates the authorization. /// </summary> /// <param name="owner">The owner owner.</param> /// <param name="ownerSidWhereDefined">The owner sid where defined.</param> /// <param name="sid">The object owner.</param> /// <param name="sidWhereDefined">The object owner where defined.</param> /// <param name="authorizationType">Type of the authorization.</param> /// <param name="validFrom">The valid from.</param> /// <param name="validTo">The valid to.</param> /// <returns></returns> public IAzManAuthorization CreateAuthorization(IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo) { //DateTime range check if (validFrom.HasValue && validTo.HasValue) { if (validFrom.Value > validTo.Value) throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied."); } if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local) { throw new SqlAzManException("Cannot create an Authorization on members defined on local in Administrator Mode"); } var existing = (from aut in this.db.Authorizations() where aut.ItemId == this.itemId && aut.OwnerSid == owner.BinaryValue && aut.OwnerSidWhereDefined == (byte)ownerSidWhereDefined && aut.ObjectSid == sid.BinaryValue && aut.AuthorizationType == (byte)authorizationType && aut.ValidFrom == validFrom && aut.ValidTo == validTo select aut).FirstOrDefault(); if (existing == null) { int id = this.db.AuthorizationInsert(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.application.ApplicationId); IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, id, owner, ownerSidWhereDefined, sid, sidWhereDefined, authorizationType, validFrom, validTo, this.ens); this.raiseAuthorizationCreated(this, result); if (this.ens != null) this.ens.AddPublisher(result); this.authorizations = null; //Force cache refresh return result; } else { IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, existing.ItemId.Value, new SqlAzManSID(existing.OwnerSid.ToArray()), (WhereDefined)existing.OwnerSidWhereDefined, new SqlAzManSID(existing.ObjectSid.ToArray()), (WhereDefined)existing.ObjectSidWhereDefined, (AuthorizationType)existing.AuthorizationType.Value, existing.ValidFrom, existing.ValidTo, this.ens); return result; } }
private IEnumerable<IAzManSid> getStoreGroupSidMembers(IAzManStore store, bool isMember, IAzManSid groupObjectSid) { IEnumerable<IAzManSid> result = new IAzManSid[0]; var storeGroup = (from sg in store.StoreGroups.Values where sg.SID.StringValue == groupObjectSid.StringValue select sg).First(); //BASIC GROUP if (storeGroup.GroupType == GroupType.Basic) { //Windows SIDs var membersResult = from sgm in storeGroup.Members.Values where sgm.StoreGroup.StoreGroupId == storeGroup.StoreGroupId && sgm.IsMember == isMember && ((this.storage.Mode == NetSqlAzManMode.Administrator && (sgm.WhereDefined == WhereDefined.LDAP || sgm.WhereDefined == WhereDefined.Database)) || (this.storage.Mode == NetSqlAzManMode.Developer && sgm.WhereDefined >= WhereDefined.LDAP && sgm.WhereDefined <= WhereDefined.Database)) select sgm.SID; result = result.Union(membersResult); //Sub Store Groups var subMembers = from sgm in storeGroup.Members.Values where sgm.StoreGroup.StoreGroupId == storeGroup.StoreGroupId && sgm.IsMember == isMember && sgm.WhereDefined == WhereDefined.Store select sgm; foreach (var subMember in subMembers) { //recursive call bool nonMemberType; if (isMember) { if (subMember.IsMember == false) nonMemberType = false; else nonMemberType = true; } else { if (subMember.IsMember == false) nonMemberType = true; else nonMemberType = false; } var subMembersResult = this.getStoreGroupSidMembers(store, nonMemberType, subMember.SID); result = result.Union(subMembersResult); } return result; } else if (storeGroup.GroupType == GroupType.LDapQuery && isMember == true) { return this.getCachedLDAPQueryResults(storeGroup); } else { //Empty result return result; } }
private void buildApplicationCacheMultiThread() { try { DateTime globalNow = DateTime.Now; this.storage.OpenConnection(); this.collectPermissionData(); List <ItemCheckAccessResult> results = new List <ItemCheckAccessResult>(); IAzManSid sid = this.windowsIdentity != null ? new SqlAzManSID(this.windowsIdentity.User) : this.dbUser.CustomSid; List <ManualResetEvent> waitHandles = new List <ManualResetEvent>(); Hashtable allResult = new Hashtable(); int index = 0; Exception lastException = null; foreach (String itemname in this.items) { var drAuthorization = this.dtAuthorizations.Where(t => t.ItemName == itemname).FirstOrDefault(); if (drAuthorization == null) { drAuthorization = new BuildUserPermissionCacheResult2() { ItemName = itemname, ValidFrom = null, ValidTo = null } } ; //string itemName = drAuthorization.ItemName; ManualResetEvent waitHandle = new ManualResetEvent(false); waitHandles.Add(waitHandle); //New Thread Pool ThreadPool.QueueUserWorkItem(new WaitCallback( delegate(object o) { IAzManStorage clonedStorage = new SqlAzManStorage(((SqlAzManStorage)this.storage).db.Connection.ConnectionString); int localIndex = (int)((object[])o)[0]; ManualResetEvent localWaitHandle = (ManualResetEvent)((object[])o)[1]; BuildUserPermissionCacheResult2 localAuth = (BuildUserPermissionCacheResult2)((object[])o)[2]; DateTime now = (DateTime)((object[])o)[3]; string itemName = localAuth.ItemName; try { clonedStorage.OpenConnection(); ItemCheckAccessResult result = new ItemCheckAccessResult(itemName); result.ValidFrom = localAuth.ValidFrom.HasValue ? localAuth.ValidFrom.Value : DateTime.MinValue; result.ValidTo = localAuth.ValidTo.HasValue ? localAuth.ValidTo.Value : DateTime.MaxValue; List <KeyValuePair <string, string> > attributes = null; DateTime validFor = localAuth.ValidFrom.HasValue ? localAuth.ValidFrom.Value : now; if (this.windowsIdentity != null) { if (this.retrieveAttributes) { result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, out attributes, this.contextParameters); } else { result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, this.contextParameters); } } else if (this.dbUser != null) { if (this.retrieveAttributes) { result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, out attributes, this.contextParameters); } else { result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, this.contextParameters); } } result.Attributes = attributes; //Thread safety lock (allResult.SyncRoot) { allResult.Add(localIndex, new object[] { itemName, result }); } } catch (Exception ex) { lastException = ex; } finally { clonedStorage.CloseConnection(); localWaitHandle.Set(); } }), new object[] { index, waitHandle, drAuthorization, globalNow }); index++; } if (lastException != null) { throw lastException; } int count = index; //Wait for all threads: http://www.devnewsgroups.net/group/microsoft.public.dotnet.framework/topic28609.aspx if (Thread.CurrentThread.GetApartmentState() == ApartmentState.STA) { // WaitAll for multiple handles on an STA thread is not supported. // ...so wait on each handle individually. foreach (ManualResetEvent myWaitHandle in waitHandles) { myWaitHandle.WaitOne(); } } else { WaitHandle.WaitAll(waitHandles.ToArray()); } //Extends all results index = 0; for (int i = 0; i < count; i++) { object[] values = (object[])allResult[index++]; string itemName = (string)((object[])values)[0]; ItemCheckAccessResult result = (ItemCheckAccessResult)((object[])values)[1]; results.Add(result); this.extendResultToMembers(itemName, result, results); } this.checkAccessTimeSlice = results.ToArray(); } finally { this.storage.CloseConnection(); } }
private Bitmap RenderMemberType(MemberType memberType, IAzManSid sid) { switch (memberType) { case MemberType.StoreGroup: if (this.item.Application.Store.GetStoreGroup(sid).GroupType==GroupType.Basic) return Properties.Resources.StoreApplicationGroup_16x16.ToBitmap(); else return Properties.Resources.WindowsQueryLDAPGroup_16x16.ToBitmap(); case MemberType.ApplicationGroup: if (this.item.Application.GetApplicationGroup(sid).GroupType == GroupType.Basic) return Properties.Resources.StoreApplicationGroup_16x16.ToBitmap(); else return Properties.Resources.WindowsQueryLDAPGroup_16x16.ToBitmap(); case MemberType.WindowsNTUser: return Properties.Resources.WindowsUser_16x16.ToBitmap(); case MemberType.WindowsNTGroup: return Properties.Resources.WindowsBasicGroup_16x16.ToBitmap(); case MemberType.DatabaseUser: return Properties.Resources.DBUser_16x16.ToBitmap(); default: case MemberType.AnonymousSID: return Properties.Resources.SIDNotFound_16x16.ToBitmap(); } }
private void buildApplicationCache() { try { DateTime now = DateTime.Now; this.storage.OpenConnection(); this.collectPermissionData(); List <ItemCheckAccessResult> results = new List <ItemCheckAccessResult>(); IAzManSid sid = this.windowsIdentity != null ? new SqlAzManSID(this.windowsIdentity.User) : this.dbUser.CustomSid; int index = 0; //foreach (var drAuthorization in this.dtAuthorizations) foreach (String itemName in this.items) { var drAuthorization = this.dtAuthorizations.Where(t => t.ItemName == itemName).FirstOrDefault(); if (drAuthorization == null) { drAuthorization = new BuildUserPermissionCacheResult2() { ItemName = itemName, ValidFrom = null, ValidTo = null } } ; //string itemName = drAuthorization.ItemName; ItemCheckAccessResult result = new ItemCheckAccessResult(itemName); result.ValidFrom = drAuthorization.ValidFrom.HasValue ? drAuthorization.ValidFrom.Value : DateTime.MinValue; result.ValidTo = drAuthorization.ValidTo.HasValue ? drAuthorization.ValidTo.Value : DateTime.MaxValue; List <KeyValuePair <string, string> > attributes = null; DateTime validFor = DateTime.Now; if (drAuthorization.ValidFrom.HasValue) { validFor = drAuthorization.ValidFrom.Value; } else if (drAuthorization.ValidTo.HasValue) { validFor = drAuthorization.ValidTo.Value; } else { var mindt = (from t in this.dtAuthorizations where t.ValidFrom.HasValue select t.ValidFrom).Min(); if (mindt.HasValue && mindt.Value != DateTime.MinValue) { validFor = mindt.Value.AddSeconds(-1); } else { var maxdt = (from t in this.dtAuthorizations where t.ValidTo.HasValue select t.ValidTo).Max(); if (maxdt.HasValue && maxdt.Value != DateTime.MaxValue) { validFor = maxdt.Value.AddSeconds(1); } } } if (this.windowsIdentity != null) { if (this.retrieveAttributes) { result.AuthorizationType = this.storage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, out attributes, this.contextParameters); } else { result.AuthorizationType = this.storage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, this.contextParameters); } } else if (this.dbUser != null) { if (this.retrieveAttributes) { result.AuthorizationType = this.storage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, out attributes, this.contextParameters); } else { result.AuthorizationType = this.storage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, this.contextParameters); } } result.Attributes = attributes; results.Add(result); this.extendResultToMembers(itemName, result, results); index++; } this.checkAccessTimeSlice = results.ToArray(); } finally { this.storage.CloseConnection(); } }
private bool FindMember(GenericMemberCollection members, IAzManSid sid) { foreach (GenericMember m in members) { if (m.sid.StringValue == sid.StringValue) return true; } return false; }
private IAzManSid[] getCachedLDAPQueryResults(IAzManApplicationGroup applicationGroup) { string key = "applicationGroup " + applicationGroup.ApplicationGroupId.ToString(); if (!this.ldapQueryResults.ContainsKey(key)) { lock (ldapQueryResults) { if (!this.ldapQueryResults.ContainsKey(key)) { //LDAP Group var ldapQueryResult = applicationGroup.ExecuteLDAPQuery(); if (ldapQueryResult != null) { IAzManSid[] membersResults = new IAzManSid[ldapQueryResult.Count]; for (int i = 0; i < ldapQueryResult.Count; i++) { membersResults[i] = new SqlAzManSID((byte[])ldapQueryResult[i].Properties["objectSid"][0]); } this.ldapQueryResults.Add(key, membersResults); } } } } return (IAzManSid[])this.ldapQueryResults[key]; }
/// <summary> /// Gets the application group. /// </summary> /// <param name="sid">The object owner.</param> /// <returns></returns> public IAzManApplicationGroup GetApplicationGroup(IAzManSid sid) { ApplicationGroupsResult agr = null; if ((agr = (from t in this.db.ApplicationGroups() where t.ObjectSid == sid.BinaryValue && t.ApplicationId == this.applicationId select t).FirstOrDefault()) != null) { IAzManApplicationGroup result = this.GetApplicationGroup(agr.Name); if (this.ens != null) this.ens.AddPublisher(result); return result; } else { throw SqlAzManException.ApplicationGroupNotFoundException(sid.StringValue, this, null); } }
/// <summary> /// Gets a list of the roles that a specified user is in for the configured applicationName. /// </summary> /// <param name="username">The user to return a list of roles for.</param> /// <returns> /// A string array containing the names of all the roles that the specified user is in for the configured applicationName. /// </returns> public override string[] GetRolesForUser(string username) { if (this.userLookupType == "LDAP") { WindowsIdentity wid = null; if (String.Compare(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).Name, this.getFQUN(username), true) == 0) { wid = ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()); } if (wid == null) { wid = new WindowsIdentity(this.getUpn(this.getFQUN(username))); //Kerberos Protocol Transition: Works in W2K3 native domain only } if (!this.useWCFCacheService) { return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now) where t.Type == ItemType.Role && (t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation) select t.Name).ToArray()); } else { using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient()) { try { return((from t in csc.GetAuthorizedItemsForWindowsUsers(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now, null) where t.Type == NetSqlAzManWCFCacheService.ItemType.Role && (t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation) select t.Name).ToArray()); } finally { ((IDisposable)csc).Dispose(); } } } } else { using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString)) { IAzManApplication application = storage[this.storeName][this.applicationName]; IAzManDBUser dbUser = application.GetDBUser(username); if (dbUser == null) { throw SqlAzManException.DBUserNotFoundException(username, null); } IAzManSid sid = dbUser.CustomSid; if (!this.useWCFCacheService) { return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, sid.StringValue, DateTime.Now) where t.Type == ItemType.Role && (t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation) select t.Name).ToArray()); } else { using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient()) { try { return((from t in csc.GetAuthorizedItemsForDatabaseUsers(this.storeName, this.applicationName, sid.StringValue, DateTime.Now, null) where t.Type == NetSqlAzManWCFCacheService.ItemType.Role && (t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation) select t.Name).ToArray()); } finally { ((IDisposable)csc).Dispose(); } } } } } }
private void raiseStoreGroupMemberDeleted(IAzManStoreGroup ownerStoreGroup, IAzManSid sid) { if (this.StoreGroupMemberDeleted != null) this.StoreGroupMemberDeleted(ownerStoreGroup, sid); }
public bool CheckAccess(Operation operation, IAzManSid dbUserName) { NetSqlAzMan.Interfaces.AuthorizationType result = this.GetAuthorizationType(operation, dbUserName); return ((result == AuthorizationType.AllowWithDelegation) || (result == AuthorizationType.Allow)); }
/// <summary> /// Gets the <see cref="T:IAzManAuthorization[]"/> with the specified owner. /// </summary> /// <value></value> public IAzManAuthorization[] this[IAzManSid owner, IAzManSid sid] { get { return this.GetAuthorizations(owner, sid); } }
private void raiseDelegateDeleted(IAzManItem item, IAzManSid delegatingUserSid, IAzManSid delegateUserSid, RestrictedAuthorizationType authorizationType) { if (this.DelegateDeleted != null) this.DelegateDeleted(item, delegatingUserSid, delegateUserSid, authorizationType); }