internal GenericMember(string name, IAzManSid sid, WhereDefined whereDefined)
{
this.Name = name;
this.sid = sid;
this.WhereDefined = whereDefined;
this.Description = String.Empty;
}
private void raiseStoreGroupMemberDeleted(IAzManStoreGroup ownerStoreGroup, IAzManSid sid)
{
if (this.StoreGroupMemberDeleted != null)
{
this.StoreGroupMemberDeleted(ownerStoreGroup, sid);
}
}
/// <summary>
/// Creates the store group member.
/// </summary>
/// <param name="sid">The object owner.</param>
/// <param name="whereDefined">Where member is defined.</param>
/// <param name="isMember">if set to <c>true</c> [is member].</param>
/// <returns></returns>
public IAzManStoreGroupMember CreateStoreGroupMember(IAzManSid sid, WhereDefined whereDefined, bool isMember)
{
if (this.groupType != GroupType.Basic)
{
throw new InvalidOperationException("Method not supported for LDAP Groups");
}
if (this.store.Storage.Mode == NetSqlAzManMode.Administrator && whereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create Store Group members defined on local in Administrator Mode");
}
//Loop detection
if (whereDefined == WhereDefined.Store)
{
IAzManStoreGroup storeGroupToAdd = this.store.GetStoreGroup(sid);
if (this.detectLoop(storeGroupToAdd))
{
throw new SqlAzManException(String.Format("Cannot add '{0}'. A loop has been detected.", storeGroupToAdd.Name));
}
}
int retV = this.db.StoreGroupMemberInsert(this.store.StoreId, this.storeGroupId, sid.BinaryValue, (byte)whereDefined, isMember);
IAzManStoreGroupMember result = new SqlAzManStoreGroupMember(this.db, this, retV, sid, whereDefined, isMember, this.ens);
this.raiseStoreGroupMemberCreated(this, result);
if (this.ens != null)
{
this.ens.AddPublisher(result);
}
return(result);
}
private void raiseAuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime?oldValidFrom, DateTime?oldValidTo)
{
if (this.AuthorizationUpdated != null)
{
this.AuthorizationUpdated(authorization, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo);
}
}
/// <summary>
/// Updates the specified authorization type.
/// </summary>
/// <param name="owner">The owner Sid.</param>
/// <param name="sid">The member Sid.</param>
/// <param name="sidWhereDefined">The object owner where defined.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
public void Update(IAzManSid owner, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo)
{
if (this.owner.StringValue != owner.StringValue || this.sid.StringValue != sid.StringValue || this.sidWhereDefined != sidWhereDefined || this.authorizationType != authorizationType || this.validFrom != validFrom || this.validTo != validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
{
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
}
SqlAzManSID oldOwner = new SqlAzManSID(this.owner.StringValue, this.ownerSidWhereDefined == WhereDefined.Database);
SqlAzManSID oldSid = new SqlAzManSID(this.sid.StringValue, this.sidWhereDefined == WhereDefined.Database);
WhereDefined oldOwnerSidWhereDefined = this.ownerSidWhereDefined;
WhereDefined oldSidWhereDefined = this.SidWhereDefined;
AuthorizationType oldAuthorizationType = this.AuthorizationType;
DateTime? oldValidFrom = this.validFrom;
DateTime? oldValidTo = this.validTo;
string memberName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(owner.StringValue, out memberName, out isLocal);
WhereDefined ownerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.db.AuthorizationUpdate(this.item.ItemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.authorizationId, this.item.Application.ApplicationId);
this.owner = new SqlAzManSID(owner.BinaryValue);
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = sidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.raiseAuthorizationUpdated(this, oldOwner, oldOwnerSidWhereDefined, oldSid, oldSidWhereDefined, oldAuthorizationType, oldValidFrom, oldValidTo);
}
}
internal GenericMember(string name, IAzManSid sid, WhereDefined whereDefined)
{
this.Name = name;
this.sid = sid;
this.WhereDefined = whereDefined;
this.Description = String.Empty;
}
/// <summary>
/// Creates the store group.
/// </summary>
/// <param name="storeGroupSid">The store group sid.</param>
/// <param name="name">The name.</param>
/// <param name="description">The description.</param>
/// <param name="lDapQuery">The ldap query.</param>
/// <param name="groupType">Type of the group.</param>
/// <returns></returns>
public IAzManStoreGroup CreateStoreGroup(IAzManSid storeGroupSid, string name, string description, string lDapQuery, GroupType groupType)
{
try
{
if (DirectoryServices.DirectoryServicesUtils.TestLDAPQuery(lDapQuery))
{
this.db.StoreGroupInsert(this.storeId, storeGroupSid.BinaryValue, name, description, lDapQuery, (byte)groupType);
IAzManStoreGroup result = this.GetStoreGroup(name);
this.raiseStoreGroupCreated(this, result);
if (this.ens != null)
{
this.ens.AddPublisher(result);
}
this.storeGroups = null; //Force cache refresh
return(result);
}
else
{
throw new ArgumentException("LDAP Query syntax error or unavailable Domain.", "lDapQuery");
}
}
catch (System.Data.SqlClient.SqlException sqlex)
{
if (sqlex.Number == 2601) //Index Duplicate Error
{
throw SqlAzManException.StoreGroupDuplicateException(name, this, sqlex);
}
else
{
throw SqlAzManException.GenericException(sqlex);
}
}
}
/// <summary>
/// Gets the store group member.
/// </summary>
/// <param name="sid">The object owner.</param>
/// <returns></returns>
public IAzManStoreGroupMember GetStoreGroupMember(IAzManSid sid)
{
if (this.groupType != GroupType.Basic)
{
throw new InvalidOperationException("Method not supported for LDAP Groups");
}
StoreGroupMembersResult sgm;
if ((sgm = (from t in this.db.StoreGroupMembers() where t.StoreGroupId == this.storeGroupId && t.ObjectSid == sid.BinaryValue select t).FirstOrDefault()) != null)
{
if (this.store.Storage.Mode == NetSqlAzManMode.Administrator && sgm.WhereDefined == (byte)WhereDefined.Local)
{
throw SqlAzManException.StoreGroupMemberNotFoundException(sid.StringValue, this, null);
}
else
{
IAzManStoreGroupMember result = new SqlAzManStoreGroupMember(this.db, this, sgm.StoreGroupMemberId.Value, new SqlAzManSID(sgm.ObjectSid.ToArray(), sgm.WhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)(sgm.WhereDefined), sgm.IsMember.Value, this.ens);
if (this.ens != null)
{
this.ens.AddPublisher(result);
}
return(result);
}
}
else
{
throw SqlAzManException.StoreGroupMemberNotFoundException(sid.StringValue, this, null);
}
}
private void raiseStoreGroupUpdated(IAzManStoreGroup storeGroup, IAzManSid oldSid, string oldDescription, GroupType oldGroupType)
{
if (this.StoreGroupUpdated != null)
{
this.StoreGroupUpdated(storeGroup, oldSid, oldDescription, oldGroupType);
}
}
private void raiseAuthorizationDeleted(IAzManItem ownerItem, IAzManSid owner, IAzManSid sid)
{
if (this.AuthorizationDeleted != null)
{
this.AuthorizationDeleted(ownerItem, owner, sid);
}
}
/// <summary>
/// Adds the specified user names to the specified roles for the configured applicationName.
/// </summary>
/// <param name="usernames">A string array of user names to be added to the specified roles.</param>
/// <param name="roleNames">A string array of the role names to add the specified user names to.</param>
public override void AddUsersToRoles(string[] usernames, string[] roleNames)
{
using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
{
try
{
storage.OpenConnection();
storage.BeginTransaction();
IAzManApplication application = storage[this.storeName][this.applicationName];
foreach (string roleName in roleNames)
{
IAzManItem role = application.GetItem(roleName);
if (role.ItemType != ItemType.Role)
{
throw new ArgumentException(String.Format("{0} must be a Role.", roleName));
}
foreach (string username in usernames)
{
IAzManSid owner = new SqlAzManSID(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).User);
WhereDefined whereDefined = WhereDefined.LDAP;
if (this.userLookupType == "LDAP")
{
string fqun = this.getFQUN(username);
NTAccount ntaccount = new NTAccount(fqun);
if (ntaccount == null)
{
throw SqlAzManException.UserNotFoundException(username, null);
}
IAzManSid sid = new SqlAzManSID(((SecurityIdentifier)(ntaccount.Translate(typeof(SecurityIdentifier)))));
if (sid == null)
{
throw SqlAzManException.UserNotFoundException(username, null);
}
role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.LDAP, AuthorizationType.Allow, null, null);
}
else
{
var dbuser = application.GetDBUser(username);
IAzManSid sid = dbuser.CustomSid;
role.CreateAuthorization(owner, whereDefined, sid, WhereDefined.Database, AuthorizationType.Allow, null, null);
}
}
}
storage.CommitTransaction();
//Rebuild StorageCache
this.InvalidateCache(false);
}
catch
{
storage.RollBackTransaction();
throw;
}
finally
{
storage.CloseConnection();
}
}
}
internal GenericMember(IAzManSid sid, WhereDefined whereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
this.sid = sid;
this.WhereDefined = whereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
}
internal GenericMember(IAzManSid sid, WhereDefined whereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo)
{
this.sid = sid;
this.WhereDefined = whereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
}
internal SqlAzManStoreGroupMember(NetSqlAzManStorageDataContext db, IAzManStoreGroup storeGroup, int storeGroupMemberId, IAzManSid sid, WhereDefined whereDefined, bool isMember, SqlAzManENS ens)
{
this.db = db;
this.storeGroup = storeGroup;
this.storeGroupMemberId = storeGroupMemberId;
this.sid = sid;
this.whereDefined = whereDefined;
this.isMember = isMember;
this.ens = ens;
}
internal SqlAzManStoreGroupMember(NetSqlAzManStorageDataContext db, IAzManStoreGroup storeGroup, int storeGroupMemberId, IAzManSid sid, WhereDefined whereDefined, bool isMember, SqlAzManENS ens)
{
this.db = db;
this.storeGroup = storeGroup;
this.storeGroupMemberId = storeGroupMemberId;
this.sid = sid;
this.whereDefined = whereDefined;
this.isMember = isMember;
this.ens = ens;
}
private bool FindMember(IAzManApplicationGroupMember[] members, IAzManSid sid)
{
foreach (IAzManApplicationGroupMember m in members)
{
if (m.SID.StringValue == sid.StringValue)
{
return(true);
}
}
return(false);
}
private bool FindMember(GenericMemberCollection members, IAzManSid sid)
{
foreach (GenericMember m in members)
{
if (m.sid.StringValue == sid.StringValue)
{
return(true);
}
}
return(false);
}
internal SqlAzManAuthorization(NetSqlAzManStorageDataContext db, IAzManItem item, int authorizationId, IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined objectSidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo, SqlAzManENS ens)
{
this.db = db;
this.authorizationId = authorizationId;
this.item = item;
this.owner = owner;
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = objectSidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.ens = ens;
}
internal SqlAzManAuthorization(NetSqlAzManStorageDataContext db, IAzManItem item, int authorizationId, IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined objectSidWhereDefined, AuthorizationType authorizationType, DateTime?validFrom, DateTime?validTo, SqlAzManENS ens)
{
this.db = db;
this.authorizationId = authorizationId;
this.item = item;
this.owner = owner;
this.ownerSidWhereDefined = ownerSidWhereDefined;
this.sid = sid;
this.sidWhereDefined = objectSidWhereDefined;
this.authorizationType = authorizationType;
this.validFrom = validFrom;
this.validTo = validTo;
this.ens = ens;
}
/// <summary>
/// Finds the DB user.
/// </summary>
/// <param name="customSid">The custom sid.</param>
/// <returns></returns>
public IAzManDBUser GetDBUser(IAzManSid customSid)
{
var dtDBUsers = this.db.GetDBUsersEx(this.name, null, customSid.BinaryValue, null);
IAzManDBUser result;
if (dtDBUsers.Rows.Count == 0)
{
throw SqlAzManException.DBUserNotFoundException(customSid.StringValue, null);
}
else
{
result = new SqlAzManDBUser(dtDBUsers.Rows[0]);
}
return(result);
}
internal SqlAzManDBUser(DataRow DBUserDataRow)
{
this.customSid = new SqlAzManSID((byte[])DBUserDataRow["DBUserSid"], true);
this.userName = (string)DBUserDataRow["DBUserName"];
this.customColumns = new Dictionary<string, object>();
foreach (DataColumn dc in DBUserDataRow.Table.Columns)
{
if (String.Compare(dc.ColumnName, "DBUserSid", true) != 0
&&
String.Compare(dc.ColumnName, "DBUserName", true) != 0)
{
this.customColumns.Add(dc.ColumnName, DBUserDataRow[dc]);
}
}
}
internal SqlAzManDBUser(DataRow DBUserDataRow)
{
this.customSid = new SqlAzManSID((byte[])DBUserDataRow["DBUserSid"], true);
this.userName = (string)DBUserDataRow["DBUserName"];
this.customColumns = new Dictionary <string, object>();
foreach (DataColumn dc in DBUserDataRow.Table.Columns)
{
if (String.Compare(dc.ColumnName, "DBUserSid", true) != 0
&&
String.Compare(dc.ColumnName, "DBUserName", true) != 0)
{
this.customColumns.Add(dc.ColumnName, DBUserDataRow[dc]);
}
}
}
internal SqlAzManApplicationGroup(NetSqlAzManStorageDataContext db, IAzManApplication application, int applicationGroupId, IAzManSid sid, string name, string description, string lDapQuery, GroupType groupType, SqlAzManENS ens)
{
this.db = db;
this.application = application;
this.applicationGroupId = applicationGroupId;
this.sid = sid;
this.name = name;
this.description = description;
this.lDapQuery = String.IsNullOrEmpty(lDapQuery) ? String.Empty : lDapQuery;
this.groupType = groupType;
this.ens = ens;
if (groupType != GroupType.Basic)
{
this.members = new Dictionary<IAzManSid, IAzManApplicationGroupMember>();
}
}
private void loadSessionVariables()
{
if (this.Session["modified"] != null)
{
this.modified = (bool)this.Session["modified"];
}
else
{
this.modified = false;
}
this.item = this.Session["selectedObject"] as IAzManItem;
this.dtAuthorizations = this.Session["dtAuthorizations"] as DataTable;
this.currentOwnerName = (string)this.Session["currentOwnerName"];
this.currentOwnerSid = this.Session["currentOwnerSid"] as IAzManSid;
this.currentOwnerSidWhereDefined = (WhereDefined)this.Session["currentOwnerSidWhereDefined"];
}
internal SqlAzManStoreGroup(NetSqlAzManStorageDataContext db, IAzManStore store, int storeGroupId, IAzManSid sid, string name, string description, string lDapQuery, GroupType groupType, SqlAzManENS ens)
{
this.db = db;
this.store = store;
this.storeGroupId = storeGroupId;
this.sid = sid;
this.name = name;
this.description = description;
this.lDapQuery = String.IsNullOrEmpty(lDapQuery) ? String.Empty : lDapQuery;
this.groupType = groupType;
this.ens = ens;
if (groupType != GroupType.Basic)
{
this.members = new Dictionary <IAzManSid, IAzManStoreGroupMember>();
}
}
/// <summary>
/// Equalses the specified sid.
/// </summary>
/// <param name="sid">The sid.</param>
/// <returns></returns>
public bool Equals(IAzManSid sid)
{
if (Object.ReferenceEquals(sid, null))
{
return(false);
}
SqlAzManSID sqlazmansid = sid as SqlAzManSID;
if (!object.ReferenceEquals(sqlazmansid, null))
{
return(this.Equals(sqlazmansid));
}
else
{
return(this.GetHashCode() == sid.GetHashCode());
}
}
/// <summary>
/// Gets the store group.
/// </summary>
/// <param name="sid">The object owner.</param>
/// <returns></returns>
public IAzManStoreGroup GetStoreGroup(IAzManSid sid)
{
StoreGroupsResult sgr;
if ((sgr = (from t in this.db.StoreGroups() where t.ObjectSid == sid.BinaryValue && t.StoreId == this.storeId select t).FirstOrDefault()) != null)
{
IAzManStoreGroup result = this.GetStoreGroup(sgr.Name);
if (this.ens != null)
{
this.ens.AddPublisher(result);
}
return(result);
}
else
{
throw SqlAzManException.StoreGroupNotFoundException(sid.StringValue, this, null);
}
}
private string RenderMemberType(MemberType memberType, IAzManSid sid)
{
switch (memberType)
{
case MemberType.StoreGroup:
if (this.item.Application.Store.GetStoreGroup(sid).GroupType == GroupType.Basic)
{
return(this.getImageUrl("StoreApplicationGroup_16x16.gif"));
}
else
{
return(this.getImageUrl("WindowsQueryLDAPGroup_16x16.gif"));
}
case MemberType.ApplicationGroup:
if (this.item.Application.GetApplicationGroup(sid).GroupType == GroupType.Basic)
{
return(this.getImageUrl("StoreApplicationGroup_16x16.gif"));
}
else
{
return(this.getImageUrl("WindowsQueryLDAPGroup_16x16.gif"));
}
case MemberType.WindowsNTUser:
return(this.getImageUrl("WindowsUser_16x16.gif"));
case MemberType.WindowsNTGroup:
return(this.getImageUrl("WindowsBasicGroup_16x16.gif"));
case MemberType.DatabaseUser:
return(this.getImageUrl("DBUser_16x16.gif"));
default:
case MemberType.AnonymousSID:
return(this.getImageUrl("SIDNotFound_16x16.gif"));
}
}
public static String GetMemberTypeName(MemberType memberType, IAzManSid sid, IAzManItem item)
{
switch (memberType)
{
case MemberType.StoreGroup:
if (item.Application.Store.GetStoreGroup(sid).GroupType == GroupType.Basic)
{
return("Store Group");
}
else
{
return("LDAP Group");
}
case MemberType.ApplicationGroup:
if (item.Application.GetApplicationGroup(sid).GroupType == GroupType.Basic)
{
return("Application Group");
}
else
{
return("LDAP Group");
}
case MemberType.WindowsNTUser:
return("Windows User");
case MemberType.WindowsNTGroup:
return("Windows Basic Group");
case MemberType.DatabaseUser:
return("DB User");
default:
case MemberType.AnonymousSID:
return("SID Not Found");
}
}
private Bitmap RenderMemberType(MemberType memberType, IAzManSid sid)
{
switch (memberType)
{
case MemberType.StoreGroup:
if (this.item.Application.Store.GetStoreGroup(sid).GroupType == GroupType.Basic)
{
return(Properties.Resources.StoreApplicationGroup_16x16.ToBitmap());
}
else
{
return(Properties.Resources.WindowsQueryLDAPGroup_16x16.ToBitmap());
}
case MemberType.ApplicationGroup:
if (this.item.Application.GetApplicationGroup(sid).GroupType == GroupType.Basic)
{
return(Properties.Resources.StoreApplicationGroup_16x16.ToBitmap());
}
else
{
return(Properties.Resources.WindowsQueryLDAPGroup_16x16.ToBitmap());
}
case MemberType.WindowsNTUser:
return(Properties.Resources.WindowsUser_16x16.ToBitmap());
case MemberType.WindowsNTGroup:
return(Properties.Resources.WindowsBasicGroup_16x16.ToBitmap());
case MemberType.DatabaseUser:
return(Properties.Resources.DBUser_16x16.ToBitmap());
default:
case MemberType.AnonymousSID:
return(Properties.Resources.SIDNotFound_16x16.ToBitmap());
}
}
protected void Page_Init(object sender, EventArgs e)
{
this.setImage("NetSqlAzMan_32x32.gif");
this.setOkHandler(new EventHandler(this.btnOk_Click));
this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User);
try
{
string memberName;
bool isLocal;
DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
if (!isLocal)
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
else
{
this.currentOwnerSidWhereDefined = WhereDefined.Local;
}
}
catch
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
}
protected void Page_Init(object sender, EventArgs e)
{
this.setImage("NetSqlAzMan_32x32.gif");
this.setOkHandler(new EventHandler(this.btnOk_Click));
this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User);
try
{
string memberName;
bool isLocal;
DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
if (!isLocal)
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
else
{
this.currentOwnerSidWhereDefined = WhereDefined.Local;
}
}
catch
{
this.currentOwnerSidWhereDefined = WhereDefined.LDAP;
}
}
void SqlAzManENS_StoreGroupUpdated(IAzManStoreGroup storeGroup, IAzManSid oldSid, string oldDescription, GroupType oldGroupType)
{
logging.WriteInfo(this, String.Format("ENS Event: {0}\r\n\r\nStore Group: {1}\r\nOld SID: {2}\r\nOld Description: {3}\r\nOld Group Type: {4}\r\n", "StoreGroupUpdated", storeGroup.ToString(), oldSid, oldDescription, oldGroupType));
}
/// <summary>
/// Gets the authorizations by Owner SID.
/// </summary>
/// <param name="owner">The owner Sid.</param>
/// <returns></returns>
public IAzManAuthorization[] GetAuthorizationsOfOwner(IAzManSid owner)
{
var auths = (from tf in this.db.Authorizations()
where
(this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && tf.ObjectSidWhereDefined != (byte)WhereDefined.Local
||
this.application.Store.Storage.Mode != NetSqlAzManMode.Administrator)
&&
tf.ItemId == this.itemId && tf.OwnerSid == owner.BinaryValue
select tf).ToList();
int index = 0;
IAzManAuthorization[] authorizations = new SqlAzManAuthorization[auths.Count];
foreach (var row in auths)
{
authorizations[index] = new SqlAzManAuthorization(this.db, this, row.AuthorizationId.Value, new SqlAzManSID(row.OwnerSid.ToArray(), row.OwnerSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.OwnerSidWhereDefined, new SqlAzManSID(row.ObjectSid.ToArray(), row.ObjectSidWhereDefined == (byte)(WhereDefined.Database)), (WhereDefined)row.ObjectSidWhereDefined, (AuthorizationType)row.AuthorizationType, row.ValidFrom, row.ValidTo, this.ens);
if (this.ens != null)
this.ens.AddPublisher(authorizations[index]);
index++;
}
return authorizations;
}
void SqlAzManENS_AuthorizationUpdated(IAzManAuthorization authorization, IAzManSid oldOwner, WhereDefined oldOwnerSidWhereDefined, IAzManSid oldSid, WhereDefined oldSidWhereDefined, AuthorizationType oldAuthorizationType, DateTime? oldValidFrom, DateTime? oldValidTo)
{
logging.WriteInfo(this, String.Format("ENS Event: {0}\r\n\r\nAuthorization: {1}\r\nOld Owner SID: {2}\r\nOld Owner SID Where Defined: {3}\r\nOld SID: {4}\r\nOld SID Where Defined: {5}\r\nOld Authorization Type: {6}\r\nOld Valid From: {7}\r\nOld Valid To: {8}\r\n",
"AuthorizationUpdated", authorization.ToString(), oldOwner.ToString(), oldOwnerSidWhereDefined, oldSid.ToString(), oldSidWhereDefined, oldAuthorizationType, (oldValidFrom.HasValue ? oldValidFrom.Value.ToString() : ""), (oldValidTo.HasValue ? oldValidTo.Value.ToString() : "")));
}
/// <summary>
/// Finds the DB user.
/// </summary>
/// <param name="customSid">The custom sid.</param>
/// <returns></returns>
public IAzManDBUser GetDBUser(IAzManSid customSid)
{
var dtDBUsers = this.db.GetDBUsers(this.store.Name, this.name, customSid.BinaryValue, null);
IAzManDBUser result;
if (dtDBUsers.Count() == 0)
{
throw SqlAzManException.DBUserNotFoundException(customSid.StringValue, null);
}
else
{
result = new SqlAzManDBUser(new SqlAzManSID(dtDBUsers.First().DBUserSid.ToArray(), true), dtDBUsers.First().DBUserName);
}
return result;
}
/// <summary>
/// Creates the application group.
/// </summary>
/// <param name="applicationGroupSid">The application group sid.</param>
/// <param name="name">The name.</param>
/// <param name="description">The description.</param>
/// <param name="lDapQuery">The ldap query.</param>
/// <param name="groupType">Type of the group.</param>
/// <returns></returns>
public IAzManApplicationGroup CreateApplicationGroup(IAzManSid applicationGroupSid, string name, string description, string lDapQuery, GroupType groupType)
{
try
{
if (DirectoryServices.DirectoryServicesUtils.TestLDAPQuery(lDapQuery))
{
this.db.ApplicationGroupInsert(this.applicationId, applicationGroupSid.BinaryValue, name, description, lDapQuery, (byte)groupType);
IAzManApplicationGroup applicationGroupCreated = this.GetApplicationGroup(name);
this.raiseApplicationGroupCreated(this, applicationGroupCreated);
if (this.ens != null)
this.ens.AddPublisher(applicationGroupCreated);
this.applicationGroups = null; //Force cache refresh
return applicationGroupCreated;
}
else
{
throw new ArgumentException("LDAP Query syntax error or unavailable Domain.", "lDapQuery");
}
}
catch (System.Data.SqlClient.SqlException sqlex)
{
if (sqlex.Number == 2601) //Index Duplicate Error
throw SqlAzManException.ApplicationGroupDuplicateException(name, this, sqlex);
else
throw SqlAzManException.GenericException(sqlex);
}
}
private bool FindMember(IAzManStoreGroupMember[] members, IAzManSid sid)
{
foreach (IAzManStoreGroupMember m in members)
{
if (m.SID.StringValue == sid.StringValue)
return true;
}
return false;
}
/// <summary>
/// Creates the delegation [DB Users].
/// </summary>
/// <param name="delegatingUser">The delegating user.</param>
/// <param name="delegateUser">The delegate user.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <returns>IAzManAuthorization</returns>
public IAzManAuthorization CreateDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
string delegatedName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal);
//Check if user has AllowWithDelegation permission on this Item.
if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation)
{
string msg = String.Format("Create Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue);
throw new SqlAzManException(msg);
}
WhereDefined sidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create a Delegate defined on local in Administrator Mode");
}
IAzManSid owner = delegatingUser.CustomSid;
string ownerName = delegatingUser.UserName;
WhereDefined ownerSidWhereDefined = WhereDefined.Database;
int? authorizationId = 0;
this.db.CreateDelegate(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, delegateUser.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), ref authorizationId);
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, authorizationId.Value, owner, ownerSidWhereDefined, delegateUser, sidWhereDefined, (AuthorizationType)authorizationType, validFrom, validTo, this.ens);
this.raiseDelegateCreated(this, result);
if (this.ens != null)
this.ens.AddPublisher(result);
return result;
}
/// <summary>
/// Equalses the specified sid.
/// </summary>
/// <param name="sid">The sid.</param>
/// <returns></returns>
public bool Equals(IAzManSid sid)
{
if (Object.ReferenceEquals(sid, null))
return false;
SqlAzManSID sqlazmansid = sid as SqlAzManSID;
if (!object.ReferenceEquals(sqlazmansid, null))
return this.Equals(sqlazmansid);
else
return this.GetHashCode() == sid.GetHashCode();
}
private void raiseApplicationGroupMemberDeleted(IAzManApplicationGroup ownerApplicationGroup, IAzManSid sid)
{
if (this.ApplicationGroupMemberDeleted != null)
this.ApplicationGroupMemberDeleted(ownerApplicationGroup, sid);
}
internal SqlAzManDBUser(IAzManSid customSid, string userName)
{
this.customSid = customSid;
this.userName = userName;
this.customColumns = new Dictionary<string, object>();
}
protected void Page_Load(object sender, EventArgs e)
{
this.item = this.Session["selectedObject"] as IAzManItem;
this.menuItem = Request["MenuItem"];
this.Text = "Item Authorizations";
this.Description = this.Text;
this.Title = this.Text;
this.currentOwnerName = this.Request.LogonUserIdentity.Name;
this.currentOwnerSid = new SqlAzManSID(this.Request.LogonUserIdentity.User.Value);
//this.showWaitPanelOnSubmit(this.pnlWait, this.pnlXXX);
if (!this.Page.IsPostBack)
{
string memberName;
bool isLocal;
DirectoryServicesWebUtils.GetMemberInfo(this.currentOwnerSid.StringValue, out memberName, out isLocal);
this.currentOwnerSidWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
this.saveSessionVariables();
this.loadSessionVariables();
this.dtAuthorizations = new DataTable();
DataColumn dcAuthorizationId = new DataColumn("AuthorizationID", typeof(int));
dcAuthorizationId.AutoIncrement = true;
dcAuthorizationId.AutoIncrementSeed = -1;
dcAuthorizationId.AutoIncrementStep = -1;
dcAuthorizationId.AllowDBNull = false;
dcAuthorizationId.Unique = true;
DataColumn dcAttributesLink = new DataColumn("AttributesLink", typeof(string));
DataColumn dcMemberTypeEnum = new DataColumn("MemberTypeEnum", typeof(MemberType));
DataColumn dcMemberType = new DataColumn("MemberType", typeof(string));
DataColumn dcOwner = new DataColumn("Owner", typeof(string));
DataColumn dcOwnerSid = new DataColumn("OwnerSID", typeof(string));
DataColumn dcName = new DataColumn("Name", typeof(string));
DataColumn dcObjectSid = new DataColumn("ObjectSID", typeof(string));
DataColumn dcWhereDefined = new DataColumn("WhereDefined", typeof(string));
DataColumn dcWhereDefinedEnum = new DataColumn("WhereDefinedEnum", typeof(WhereDefined));
DataColumn dcAuthorizationType = new DataColumn("AuthorizationType", typeof(string));
DataColumn dcAuthorizationTypeEnum = new DataColumn("AuthorizationTypeEnum", typeof(AuthorizationType));
DataColumn dcValidFrom = new DataColumn("ValidFrom", typeof(DateTime));
dcValidFrom.AllowDBNull = true;
DataColumn dcValidTo = new DataColumn("ValidTo", typeof(DateTime));
dcValidTo.AllowDBNull = true;
dcMemberType.Caption = "Member Type";
dcOwner.Caption = "Owner";
dcOwnerSid.Caption = "Owner SID";
dcName.Caption = "Name";
dcObjectSid.Caption = "Object SID";
dcWhereDefined.Caption = "Where Defined";
dcAuthorizationType.Caption = "Authorization Type";
dcValidFrom.Caption = "Valid From";
dcValidTo.Caption = "Valid To";
this.dtAuthorizations.Columns.AddRange(
new DataColumn[]
{
dcAuthorizationId,
dcMemberType,
dcName,
dcAuthorizationType,
dcWhereDefined,
dcOwner,
dcOwnerSid,
dcValidFrom,
dcValidTo,
dcObjectSid,
dcAuthorizationTypeEnum,
dcWhereDefinedEnum,
dcMemberTypeEnum,
dcAttributesLink
});
foreach (DataColumn dc in this.dtAuthorizations.Columns)
{
dc.AllowDBNull = true;
}
dcMemberType.AllowDBNull = false;
dcAuthorizationType.AllowDBNull = false;
this.modified = false;
this.btnAddStoreGroups.Enabled = this.item.Application.Store.HasStoreGroups();
this.btnAddApplicationGroups.Enabled = this.item.Application.HasApplicationGroups();
//Prepare DataGridView
this.dgAuthorizations.DataSource = this.dtAuthorizations;
this.dgAuthorizations.DataBind();
this.RenderItemAuthorizations();
this.Text += " - " + this.item.Name;
this.saveSessionVariables();
this.bindGridView();
}
else
{
this.loadSessionVariables();
if (this.Session["selectedStoreGroups"] != null)
{
this.btnAddStoreGroups_Click(this, EventArgs.Empty);
}
if (this.Session["selectedApplicationGroups"] != null)
{
this.btnAddApplicationGroups_Click(this, EventArgs.Empty);
}
if (this.Session["selectedDBUsers"] != null)
{
this.btnAddDBUsers_Click(this, EventArgs.Empty);
}
if (this.Session["selectedADObjects"] != null)
{
this.btnAddWindowsUsersAndGroups_Click(this, EventArgs.Empty);
}
}
}
private void raiseApplicationGroupMemberDeleted(IAzManApplicationGroup ownerApplicationGroup, IAzManSid sid)
{
if (this.ApplicationGroupMemberDeleted != null)
{
this.ApplicationGroupMemberDeleted(ownerApplicationGroup, sid);
}
}
/// <summary>
/// Removes the delegate [DB Users].
/// </summary>
/// <param name="delegatingUser">The delegating user.</param>
/// <param name="delegateUser">The delegate user.</param>
/// <param name="authorizationType">Type of the authorization.</param>
public void DeleteDelegateAuthorization(IAzManDBUser delegatingUser, IAzManSid delegateUser, RestrictedAuthorizationType authorizationType)
{
string delegatedName;
bool isLocal;
DirectoryServicesUtils.GetMemberInfo(delegateUser.StringValue, out delegatedName, out isLocal);
//Check if user has AllowWithDelegation permission on this Item.
if (this.CheckAccess(delegatingUser, DateTime.Now) != AuthorizationType.AllowWithDelegation)
{
string msg = String.Format("Remove Delegate permission deny for user '{0}' ({1}) to user '{2}' ({3}).", delegatingUser.UserName, delegatingUser.CustomSid.StringValue, delegatedName, delegateUser.StringValue);
throw new SqlAzManException(msg);
}
WhereDefined memberWhereDefined = isLocal ? WhereDefined.Local : WhereDefined.LDAP;
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && memberWhereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot remove Delegates defined on local in Administrator Mode");
}
IAzManSid owner = delegatingUser.CustomSid;
string ownerName = delegatingUser.UserName;
foreach (IAzManAuthorization auth in this.GetAuthorizations(owner, delegateUser))
{
if ((byte)auth.AuthorizationType == (byte)authorizationType)
{
int affectedRecords = db.DeleteDelegate(auth.AuthorizationId, owner.BinaryValue);
if (affectedRecords != 0)
this.raiseDelegateDeleted(this, delegatingUser.CustomSid, delegateUser, authorizationType);
}
}
}
void SqlAzManENS_StoreGroupMemberDeleted(IAzManStoreGroup ownerStoreGroup, IAzManSid sid)
{
logging.WriteInfo(this, String.Format("ENS Event: {0}\r\n\r\nStore Group: {1}\r\nSID: {2}\r\n", "StoreGroupMemberDeleted", ownerStoreGroup.ToString(), sid));
}
private IEnumerable<IAzManSid> getApplicationGroupSidMembers(IAzManApplication application, bool isMember, IAzManSid groupObjectSid)
{
var applicationGroup = (from ag in application.ApplicationGroups.Values
where ag.SID.StringValue == groupObjectSid.StringValue
select ag).First();
IEnumerable<IAzManSid> result = new IAzManSid[0];
//Store Group members
var membersResult = from agm in applicationGroup.Members.Values
where agm.ApplicationGroup.ApplicationGroupId == applicationGroup.ApplicationGroupId &&
agm.IsMember == isMember &&
((this.storage.Mode == NetSqlAzManMode.Administrator && (agm.WhereDefined == WhereDefined.LDAP || agm.WhereDefined == WhereDefined.Database)) ||
(this.storage.Mode == NetSqlAzManMode.Developer && agm.WhereDefined >= WhereDefined.LDAP && agm.WhereDefined <= WhereDefined.Database))
select agm.SID;
result = result.Union(membersResult);
//BASIC GROUP
if (applicationGroup.GroupType == GroupType.Basic)
{
//Sub Store Groups
var subMembers = from agm in applicationGroup.Members.Values
where agm.ApplicationGroup.ApplicationGroupId == applicationGroup.ApplicationGroupId &&
agm.IsMember == isMember &&
agm.WhereDefined == WhereDefined.Store
select agm;
foreach (var subMember in subMembers)
{
//recursive call
bool nonMemberType;
if (isMember)
{
if (subMember.IsMember == false)
nonMemberType = false;
else
nonMemberType = true;
}
else
{
if (subMember.IsMember == false)
nonMemberType = true;
else
nonMemberType = false;
}
var subMembersResult = this.getStoreGroupSidMembers(application.Store, nonMemberType, subMember.SID);
result = result.Union(subMembersResult);
}
//Sub Application Groups
var subMembers2 = from agm in applicationGroup.Members.Values
where agm.ApplicationGroup.ApplicationGroupId == applicationGroup.ApplicationGroupId &&
agm.IsMember == isMember &&
agm.WhereDefined == WhereDefined.Application
select agm;
foreach (var subMember in subMembers2)
{
//recursive call
bool nonMemberType;
if (isMember)
{
if (subMember.IsMember == false)
nonMemberType = false;
else
nonMemberType = true;
}
else
{
if (subMember.IsMember == false)
nonMemberType = true;
else
nonMemberType = false;
}
var subMembersResult = this.getApplicationGroupSidMembers(application, nonMemberType, subMember.SID);
result = result.Union(subMembersResult);
}
return result;
}
else if (applicationGroup.GroupType == GroupType.LDapQuery && isMember == true)
{
//LDAP Group
return this.getCachedLDAPQueryResults(applicationGroup);
}
else
{
//Empty result
return new IAzManSid[0];
}
}
/// <summary>
/// Creates the authorization.
/// </summary>
/// <param name="owner">The owner owner.</param>
/// <param name="ownerSidWhereDefined">The owner sid where defined.</param>
/// <param name="sid">The object owner.</param>
/// <param name="sidWhereDefined">The object owner where defined.</param>
/// <param name="authorizationType">Type of the authorization.</param>
/// <param name="validFrom">The valid from.</param>
/// <param name="validTo">The valid to.</param>
/// <returns></returns>
public IAzManAuthorization CreateAuthorization(IAzManSid owner, WhereDefined ownerSidWhereDefined, IAzManSid sid, WhereDefined sidWhereDefined, AuthorizationType authorizationType, DateTime? validFrom, DateTime? validTo)
{
//DateTime range check
if (validFrom.HasValue && validTo.HasValue)
{
if (validFrom.Value > validTo.Value)
throw new InvalidOperationException("ValidFrom cannot be greater then ValidTo if supplied.");
}
if (this.application.Store.Storage.Mode == NetSqlAzManMode.Administrator && sidWhereDefined == WhereDefined.Local)
{
throw new SqlAzManException("Cannot create an Authorization on members defined on local in Administrator Mode");
}
var existing = (from aut in this.db.Authorizations()
where aut.ItemId == this.itemId && aut.OwnerSid == owner.BinaryValue && aut.OwnerSidWhereDefined == (byte)ownerSidWhereDefined && aut.ObjectSid == sid.BinaryValue && aut.AuthorizationType == (byte)authorizationType && aut.ValidFrom == validFrom && aut.ValidTo == validTo
select aut).FirstOrDefault();
if (existing == null)
{
int id = this.db.AuthorizationInsert(this.itemId, owner.BinaryValue, (byte)ownerSidWhereDefined, sid.BinaryValue, (byte)sidWhereDefined, (byte)authorizationType, (validFrom.HasValue ? validFrom.Value : new DateTime?()), (validTo.HasValue ? validTo.Value : new DateTime?()), this.application.ApplicationId);
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, id, owner, ownerSidWhereDefined, sid, sidWhereDefined, authorizationType, validFrom, validTo, this.ens);
this.raiseAuthorizationCreated(this, result);
if (this.ens != null)
this.ens.AddPublisher(result);
this.authorizations = null; //Force cache refresh
return result;
}
else
{
IAzManAuthorization result = new SqlAzManAuthorization(this.db, this, existing.ItemId.Value, new SqlAzManSID(existing.OwnerSid.ToArray()), (WhereDefined)existing.OwnerSidWhereDefined, new SqlAzManSID(existing.ObjectSid.ToArray()), (WhereDefined)existing.ObjectSidWhereDefined, (AuthorizationType)existing.AuthorizationType.Value, existing.ValidFrom, existing.ValidTo, this.ens);
return result;
}
}
private IEnumerable<IAzManSid> getStoreGroupSidMembers(IAzManStore store, bool isMember, IAzManSid groupObjectSid)
{
IEnumerable<IAzManSid> result = new IAzManSid[0];
var storeGroup = (from sg in store.StoreGroups.Values
where sg.SID.StringValue == groupObjectSid.StringValue
select sg).First();
//BASIC GROUP
if (storeGroup.GroupType == GroupType.Basic)
{
//Windows SIDs
var membersResult = from sgm in storeGroup.Members.Values
where sgm.StoreGroup.StoreGroupId == storeGroup.StoreGroupId &&
sgm.IsMember == isMember &&
((this.storage.Mode == NetSqlAzManMode.Administrator && (sgm.WhereDefined == WhereDefined.LDAP || sgm.WhereDefined == WhereDefined.Database)) ||
(this.storage.Mode == NetSqlAzManMode.Developer && sgm.WhereDefined >= WhereDefined.LDAP && sgm.WhereDefined <= WhereDefined.Database))
select sgm.SID;
result = result.Union(membersResult);
//Sub Store Groups
var subMembers = from sgm in storeGroup.Members.Values
where sgm.StoreGroup.StoreGroupId == storeGroup.StoreGroupId &&
sgm.IsMember == isMember &&
sgm.WhereDefined == WhereDefined.Store
select sgm;
foreach (var subMember in subMembers)
{
//recursive call
bool nonMemberType;
if (isMember)
{
if (subMember.IsMember == false)
nonMemberType = false;
else
nonMemberType = true;
}
else
{
if (subMember.IsMember == false)
nonMemberType = true;
else
nonMemberType = false;
}
var subMembersResult = this.getStoreGroupSidMembers(store, nonMemberType, subMember.SID);
result = result.Union(subMembersResult);
}
return result;
}
else if (storeGroup.GroupType == GroupType.LDapQuery && isMember == true)
{
return this.getCachedLDAPQueryResults(storeGroup);
}
else
{
//Empty result
return result;
}
}
private void buildApplicationCacheMultiThread()
{
try
{
DateTime globalNow = DateTime.Now;
this.storage.OpenConnection();
this.collectPermissionData();
List <ItemCheckAccessResult> results = new List <ItemCheckAccessResult>();
IAzManSid sid = this.windowsIdentity != null ? new SqlAzManSID(this.windowsIdentity.User) : this.dbUser.CustomSid;
List <ManualResetEvent> waitHandles = new List <ManualResetEvent>();
Hashtable allResult = new Hashtable();
int index = 0;
Exception lastException = null;
foreach (String itemname in this.items)
{
var drAuthorization = this.dtAuthorizations.Where(t => t.ItemName == itemname).FirstOrDefault();
if (drAuthorization == null)
{
drAuthorization = new BuildUserPermissionCacheResult2()
{
ItemName = itemname,
ValidFrom = null,
ValidTo = null
}
}
;
//string itemName = drAuthorization.ItemName;
ManualResetEvent waitHandle = new ManualResetEvent(false);
waitHandles.Add(waitHandle);
//New Thread Pool
ThreadPool.QueueUserWorkItem(new WaitCallback(
delegate(object o)
{
IAzManStorage clonedStorage = new SqlAzManStorage(((SqlAzManStorage)this.storage).db.Connection.ConnectionString);
int localIndex = (int)((object[])o)[0];
ManualResetEvent localWaitHandle = (ManualResetEvent)((object[])o)[1];
BuildUserPermissionCacheResult2 localAuth = (BuildUserPermissionCacheResult2)((object[])o)[2];
DateTime now = (DateTime)((object[])o)[3];
string itemName = localAuth.ItemName;
try
{
clonedStorage.OpenConnection();
ItemCheckAccessResult result = new ItemCheckAccessResult(itemName);
result.ValidFrom = localAuth.ValidFrom.HasValue ? localAuth.ValidFrom.Value : DateTime.MinValue;
result.ValidTo = localAuth.ValidTo.HasValue ? localAuth.ValidTo.Value : DateTime.MaxValue;
List <KeyValuePair <string, string> > attributes = null;
DateTime validFor = localAuth.ValidFrom.HasValue ? localAuth.ValidFrom.Value : now;
if (this.windowsIdentity != null)
{
if (this.retrieveAttributes)
{
result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, out attributes, this.contextParameters);
}
else
{
result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, this.contextParameters);
}
}
else if (this.dbUser != null)
{
if (this.retrieveAttributes)
{
result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, out attributes, this.contextParameters);
}
else
{
result.AuthorizationType = clonedStorage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, this.contextParameters);
}
}
result.Attributes = attributes;
//Thread safety
lock (allResult.SyncRoot)
{
allResult.Add(localIndex, new object[] { itemName, result });
}
}
catch (Exception ex)
{
lastException = ex;
}
finally
{
clonedStorage.CloseConnection();
localWaitHandle.Set();
}
}), new object[] { index, waitHandle, drAuthorization, globalNow });
index++;
}
if (lastException != null)
{
throw lastException;
}
int count = index;
//Wait for all threads: http://www.devnewsgroups.net/group/microsoft.public.dotnet.framework/topic28609.aspx
if (Thread.CurrentThread.GetApartmentState() == ApartmentState.STA)
{
// WaitAll for multiple handles on an STA thread is not supported.
// ...so wait on each handle individually.
foreach (ManualResetEvent myWaitHandle in waitHandles)
{
myWaitHandle.WaitOne();
}
}
else
{
WaitHandle.WaitAll(waitHandles.ToArray());
}
//Extends all results
index = 0;
for (int i = 0; i < count; i++)
{
object[] values = (object[])allResult[index++];
string itemName = (string)((object[])values)[0];
ItemCheckAccessResult result = (ItemCheckAccessResult)((object[])values)[1];
results.Add(result);
this.extendResultToMembers(itemName, result, results);
}
this.checkAccessTimeSlice = results.ToArray();
}
finally
{
this.storage.CloseConnection();
}
}
private Bitmap RenderMemberType(MemberType memberType, IAzManSid sid)
{
switch (memberType)
{
case MemberType.StoreGroup:
if (this.item.Application.Store.GetStoreGroup(sid).GroupType==GroupType.Basic)
return Properties.Resources.StoreApplicationGroup_16x16.ToBitmap();
else
return Properties.Resources.WindowsQueryLDAPGroup_16x16.ToBitmap();
case MemberType.ApplicationGroup:
if (this.item.Application.GetApplicationGroup(sid).GroupType == GroupType.Basic)
return Properties.Resources.StoreApplicationGroup_16x16.ToBitmap();
else
return Properties.Resources.WindowsQueryLDAPGroup_16x16.ToBitmap();
case MemberType.WindowsNTUser:
return Properties.Resources.WindowsUser_16x16.ToBitmap();
case MemberType.WindowsNTGroup:
return Properties.Resources.WindowsBasicGroup_16x16.ToBitmap();
case MemberType.DatabaseUser:
return Properties.Resources.DBUser_16x16.ToBitmap();
default:
case MemberType.AnonymousSID:
return Properties.Resources.SIDNotFound_16x16.ToBitmap();
}
}
private void buildApplicationCache()
{
try
{
DateTime now = DateTime.Now;
this.storage.OpenConnection();
this.collectPermissionData();
List <ItemCheckAccessResult> results = new List <ItemCheckAccessResult>();
IAzManSid sid = this.windowsIdentity != null ? new SqlAzManSID(this.windowsIdentity.User) : this.dbUser.CustomSid;
int index = 0;
//foreach (var drAuthorization in this.dtAuthorizations)
foreach (String itemName in this.items)
{
var drAuthorization = this.dtAuthorizations.Where(t => t.ItemName == itemName).FirstOrDefault();
if (drAuthorization == null)
{
drAuthorization = new BuildUserPermissionCacheResult2()
{
ItemName = itemName,
ValidFrom = null,
ValidTo = null
}
}
;
//string itemName = drAuthorization.ItemName;
ItemCheckAccessResult result = new ItemCheckAccessResult(itemName);
result.ValidFrom = drAuthorization.ValidFrom.HasValue ? drAuthorization.ValidFrom.Value : DateTime.MinValue;
result.ValidTo = drAuthorization.ValidTo.HasValue ? drAuthorization.ValidTo.Value : DateTime.MaxValue;
List <KeyValuePair <string, string> > attributes = null;
DateTime validFor = DateTime.Now;
if (drAuthorization.ValidFrom.HasValue)
{
validFor = drAuthorization.ValidFrom.Value;
}
else if (drAuthorization.ValidTo.HasValue)
{
validFor = drAuthorization.ValidTo.Value;
}
else
{
var mindt = (from t in this.dtAuthorizations
where t.ValidFrom.HasValue
select t.ValidFrom).Min();
if (mindt.HasValue && mindt.Value != DateTime.MinValue)
{
validFor = mindt.Value.AddSeconds(-1);
}
else
{
var maxdt = (from t in this.dtAuthorizations
where t.ValidTo.HasValue
select t.ValidTo).Max();
if (maxdt.HasValue && maxdt.Value != DateTime.MaxValue)
{
validFor = maxdt.Value.AddSeconds(1);
}
}
}
if (this.windowsIdentity != null)
{
if (this.retrieveAttributes)
{
result.AuthorizationType = this.storage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, out attributes, this.contextParameters);
}
else
{
result.AuthorizationType = this.storage.CheckAccess(this.storeName, this.applicationName, itemName, this.windowsIdentity, validFor, false, this.contextParameters);
}
}
else if (this.dbUser != null)
{
if (this.retrieveAttributes)
{
result.AuthorizationType = this.storage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, out attributes, this.contextParameters);
}
else
{
result.AuthorizationType = this.storage.CheckAccess(this.storeName, this.applicationName, itemName, this.dbUser, validFor, false, this.contextParameters);
}
}
result.Attributes = attributes;
results.Add(result);
this.extendResultToMembers(itemName, result, results);
index++;
}
this.checkAccessTimeSlice = results.ToArray();
}
finally
{
this.storage.CloseConnection();
}
}
private bool FindMember(GenericMemberCollection members, IAzManSid sid)
{
foreach (GenericMember m in members)
{
if (m.sid.StringValue == sid.StringValue)
return true;
}
return false;
}
private IAzManSid[] getCachedLDAPQueryResults(IAzManApplicationGroup applicationGroup)
{
string key = "applicationGroup " + applicationGroup.ApplicationGroupId.ToString();
if (!this.ldapQueryResults.ContainsKey(key))
{
lock (ldapQueryResults)
{
if (!this.ldapQueryResults.ContainsKey(key))
{
//LDAP Group
var ldapQueryResult = applicationGroup.ExecuteLDAPQuery();
if (ldapQueryResult != null)
{
IAzManSid[] membersResults = new IAzManSid[ldapQueryResult.Count];
for (int i = 0; i < ldapQueryResult.Count; i++)
{
membersResults[i] = new SqlAzManSID((byte[])ldapQueryResult[i].Properties["objectSid"][0]);
}
this.ldapQueryResults.Add(key, membersResults);
}
}
}
}
return (IAzManSid[])this.ldapQueryResults[key];
}
/// <summary>
/// Gets the application group.
/// </summary>
/// <param name="sid">The object owner.</param>
/// <returns></returns>
public IAzManApplicationGroup GetApplicationGroup(IAzManSid sid)
{
ApplicationGroupsResult agr = null;
if ((agr = (from t in this.db.ApplicationGroups() where t.ObjectSid == sid.BinaryValue && t.ApplicationId == this.applicationId select t).FirstOrDefault()) != null)
{
IAzManApplicationGroup result = this.GetApplicationGroup(agr.Name);
if (this.ens != null)
this.ens.AddPublisher(result);
return result;
}
else
{
throw SqlAzManException.ApplicationGroupNotFoundException(sid.StringValue, this, null);
}
}
/// <summary>
/// Gets a list of the roles that a specified user is in for the configured applicationName.
/// </summary>
/// <param name="username">The user to return a list of roles for.</param>
/// <returns>
/// A string array containing the names of all the roles that the specified user is in for the configured applicationName.
/// </returns>
public override string[] GetRolesForUser(string username)
{
if (this.userLookupType == "LDAP")
{
WindowsIdentity wid = null;
if (String.Compare(((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent()).Name, this.getFQUN(username), true) == 0)
{
wid = ((System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity) ?? WindowsIdentity.GetCurrent());
}
if (wid == null)
{
wid = new WindowsIdentity(this.getUpn(this.getFQUN(username))); //Kerberos Protocol Transition: Works in W2K3 native domain only
}
if (!this.useWCFCacheService)
{
return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now)
where t.Type == ItemType.Role && (t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation)
select t.Name).ToArray());
}
else
{
using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient())
{
try
{
return((from t in csc.GetAuthorizedItemsForWindowsUsers(this.storeName, this.applicationName, wid.GetUserBinarySSid(), wid.GetGroupsBinarySSid(), DateTime.Now, null)
where t.Type == NetSqlAzManWCFCacheService.ItemType.Role && (t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation)
select t.Name).ToArray());
}
finally
{
((IDisposable)csc).Dispose();
}
}
}
}
else
{
using (IAzManStorage storage = new SqlAzManStorage(this.storageCache.ConnectionString))
{
IAzManApplication application = storage[this.storeName][this.applicationName];
IAzManDBUser dbUser = application.GetDBUser(username);
if (dbUser == null)
{
throw SqlAzManException.DBUserNotFoundException(username, null);
}
IAzManSid sid = dbUser.CustomSid;
if (!this.useWCFCacheService)
{
return((from t in this.storageCache.GetAuthorizedItems(this.storeName, this.applicationName, sid.StringValue, DateTime.Now)
where t.Type == ItemType.Role && (t.Authorization == AuthorizationType.Allow || t.Authorization == AuthorizationType.AllowWithDelegation)
select t.Name).ToArray());
}
else
{
using (NetSqlAzManWCFCacheService.CacheServiceClient csc = new NetSqlAzManWCFCacheService.CacheServiceClient())
{
try
{
return((from t in csc.GetAuthorizedItemsForDatabaseUsers(this.storeName, this.applicationName, sid.StringValue, DateTime.Now, null)
where t.Type == NetSqlAzManWCFCacheService.ItemType.Role && (t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.Allow || t.Authorization == NetSqlAzManWCFCacheService.AuthorizationType.AllowWithDelegation)
select t.Name).ToArray());
}
finally
{
((IDisposable)csc).Dispose();
}
}
}
}
}
}
private void raiseStoreGroupMemberDeleted(IAzManStoreGroup ownerStoreGroup, IAzManSid sid)
{
if (this.StoreGroupMemberDeleted != null)
this.StoreGroupMemberDeleted(ownerStoreGroup, sid);
}
public bool CheckAccess(Operation operation, IAzManSid dbUserName)
{
NetSqlAzMan.Interfaces.AuthorizationType result = this.GetAuthorizationType(operation, dbUserName);
return ((result == AuthorizationType.AllowWithDelegation)
|| (result == AuthorizationType.Allow));
}
/// <summary>
/// Gets the <see cref="T:IAzManAuthorization[]"/> with the specified owner.
/// </summary>
/// <value></value>
public IAzManAuthorization[] this[IAzManSid owner, IAzManSid sid]
{
get { return this.GetAuthorizations(owner, sid); }
}
private void raiseDelegateDeleted(IAzManItem item, IAzManSid delegatingUserSid, IAzManSid delegateUserSid, RestrictedAuthorizationType authorizationType)
{
if (this.DelegateDeleted != null)
this.DelegateDeleted(item, delegatingUserSid, delegateUserSid, authorizationType);
}
