private Principal CreatePrincipal(ISecurityPrincipal principal) { if (principal.IsNull) { return(Principal.Null); } if (string.IsNullOrEmpty(principal.User)) { throw CreateAccessControlException("No principal was provided."); } if (string.IsNullOrEmpty(principal.SubstitutedUser) && principal.SubstitutedRole != null) { throw CreateAccessControlException("A substituted role was specified without a substituted user."); } User user = _securityPrincipalRepository.GetUser(principal.User); lock (user.RootTransaction) { Tenant principalTenant = user.Tenant; User principalUser; IEnumerable <Role> principalRoles; if (principal.SubstitutedUser != null) { Substitution substitution = GetSubstitution(principal, user); if (substitution == null) { principalUser = null; principalRoles = new Role[0]; } else if (principal.SubstitutedRole != null) { principalUser = null; principalRoles = EnumerableUtility.Singleton(substitution.SubstitutedRole); } else { principalUser = substitution.SubstitutedUser; principalRoles = substitution.SubstitutedUser.Roles; } } else { principalUser = user; principalRoles = user.Roles; if (principal.Role != null) { principalRoles = principalRoles.Where(r => IsRoleMatchingPrincipalRole(r, principal.Role)); } } return(new Principal( principalTenant.GetHandle(), principalUser.GetSafeHandle(), principalRoles.Select(r => new PrincipalRole(r.Position.GetHandle(), r.Group.GetHandle())))); } }
public void CheckMethodAccess(ISecurableObject securableObject, IMethodInformation methodInformation, ISecurityPrincipal principal) { ArgumentUtility.DebugCheckNotNull("securableObject", securableObject); ArgumentUtility.DebugCheckNotNull("methodInformation", methodInformation); ArgumentUtility.DebugCheckNotNull("principal", principal); if (!HasMethodAccess(securableObject, methodInformation, principal)) { ArgumentUtility.CheckNotNull("securableObject", securableObject); ArgumentUtility.CheckNotNull("methodInformation", methodInformation); throw CreatePermissionDeniedException( "Access to method '{0}' on type '{1}' has been denied.", methodInformation.Name, securableObject.GetSecurableType().FullName); } }
public void SetUp() { _principal = new NullSecurityPrincipal(); }
public bool HasStatelessAccess(Type securableClass, ISecurityPrincipal principal, params AccessType[] requiredAccessTypes) { return(HasStatelessAccess(securableClass, principal, (IReadOnlyList <AccessType>)requiredAccessTypes)); }
public bool HasMethodAccess(ISecurableObject securableObject, MethodInfo methodInfo, ISecurityPrincipal principal) { ArgumentUtility.CheckNotNull("securableObject", securableObject); ArgumentUtility.CheckNotNull("methodInfo", methodInfo); ArgumentUtility.DebugCheckNotNull("principal", principal); var methodInformation = _memberResolver.GetMethodInformation(securableObject.GetSecurableType(), methodInfo, MemberAffiliation.Instance); return(HasMethodAccess(securableObject, methodInformation, principal)); }
private SecurityDescriptorTarget CreateTarget(AccessMask allowed, AccessMask denied, string ou, ISecurityPrincipal trustee) { return(new SecurityDescriptorTarget { AuthorizationMode = AuthorizationMode.SecurityDescriptor, Id = Guid.NewGuid().ToString(), Target = ou, Type = TargetType.Container, SecurityDescriptor = this.CreateSecurityDescriptor(trustee, allowed, denied) }); }
public bool HasAccess(ISecurableObject securableObject, ISecurityPrincipal principal, params AccessType[] requiredAccessTypes) { return(HasAccess(securableObject, principal, (IReadOnlyList <AccessType>)requiredAccessTypes)); }
public bool TryGetPrincipal(string name, out ISecurityPrincipal principal) { return(DirectoryExtensions.TryGet(() => this.GetPrincipal(name), out principal)); }
public bool TryGetPrincipal(SecurityIdentifier sid, out ISecurityPrincipal principal) { return(DirectoryExtensions.TryGet(() => this.GetPrincipal(sid), out principal)); }
public IEnumerable <SecurityIdentifier> GetTokenGroups(ISecurityPrincipal principal) { return(this.GetTokenGroups(principal, null)); }
public IEnumerable <SecurityIdentifier> GetTokenGroups(ISecurityPrincipal principal, SecurityIdentifier targetDomainSid) { return(NativeMethods.GetTokenGroups(principal.Sid, targetDomainSid)); }
public bool IsSidInPrincipalToken(SecurityIdentifier sidToFindInToken, ISecurityPrincipal principal, SecurityIdentifier targetDomainSid) { return(NativeMethods.CheckForSidInToken(principal.Sid, sidToFindInToken, targetDomainSid)); }
public bool IsSidInPrincipalToken(SecurityIdentifier sidToFindInToken, ISecurityPrincipal principal) { return(this.IsSidInPrincipalToken(sidToFindInToken, principal, principal.Sid.AccountDomainSid)); }
private ISecurityProvider CreateSecurityProviderStub(Type securableClassType, ISecurityPrincipal principal, Enum[] returnedAccessTypes) { var securityProviderStub = MockRepository.GenerateStub <ISecurityProvider>(); securityProviderStub.Stub( stub => stub.GetAccess( Arg <ISecurityContext> .Matches(sc => TypeUtility.GetType(sc.Class, true) == securableClassType), Arg.Is(principal))) .Return(returnedAccessTypes.Select(accessType => AccessType.Get(accessType)).ToArray()); return(securityProviderStub); }
private IOptionsSnapshot <AuthorizationOptions> SetupOptionsForOUTarget(AccessMask allowed, AccessMask denied, string ou, ISecurityPrincipal trustee) { return(SetupOptions(CreateTarget(allowed, denied, ou, trustee))); }
private void SetupResultSecurityProviderGetAccessForPosition(Delegation delegation, ISecurityPrincipal principal, params Enum[] returnedAccessTypeEnums) { Type classType = typeof(Position); string owner = string.Empty; string owningGroup = string.Empty; string owningTenant = string.Empty; Dictionary <string, Enum> states = new Dictionary <string, Enum>(); states.Add("Delegation", delegation); List <Enum> abstractRoles = new List <Enum>(); SecurityContext securityContext = SecurityContext.Create(classType, owner, owningGroup, owningTenant, states, abstractRoles); AccessType[] returnedAccessTypes = Array.ConvertAll(returnedAccessTypeEnums, AccessType.Get); SetupResult.For(_mockSecurityProvider.GetAccess(securityContext, principal)).Return(returnedAccessTypes); }
private IOptionsSnapshot <AuthorizationOptions> SetupOptionsForComputerTarget(AccessMask allowed, AccessMask denied, IComputer computer, ISecurityPrincipal trustee) { return(SetupOptions(CreateTarget(allowed, denied, computer, trustee))); }
public void AddMember(ISecurityPrincipal principal, TimeSpan ttl) { de.Properties["member"].Add($"<TTL={ttl.TotalSeconds},<SID={principal.Sid}>>"); de.CommitChanges(); }
private SecurityDescriptorTarget CreateTarget(AccessMask allowed, AccessMask denied, ISecurityPrincipal principal, ISecurityPrincipal trustee) { return(new SecurityDescriptorTarget { AuthorizationMode = AuthorizationMode.SecurityDescriptor, Id = Guid.NewGuid().ToString(), Target = principal.Sid.ToString(), Type = principal switch { IGroup _ => TargetType.Group, IComputer _ => TargetType.Computer, _ => throw new NotImplementedException(), },
public void RemoveMember(ISecurityPrincipal principal) { de.Properties["member"].Remove($"<SID={principal.Sid}>"); de.CommitChanges(); }
public void CheckAccess(ISecurableObject securableObject, ISecurityPrincipal principal, params AccessType[] requiredAccessTypes) { CheckAccess(securableObject, principal, (IReadOnlyList <AccessType>)requiredAccessTypes); }
public abstract bool HasAccess(ISecurityProvider securityService, ISecurityPrincipal principal, AccessType[] requiredAccessTypes);
public void CheckStatelessAccess(Type securableClass, ISecurityPrincipal principal, params AccessType[] requiredAccessTypes) { CheckStatelessAccess(securableClass, principal, (IReadOnlyList <AccessType>)requiredAccessTypes); }
public abstract bool HasAccess(ISecurityProvider securityService, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes);
public virtual bool HasMethodAccess(ISecurableObject securableObject, IMethodInformation methodInformation, ISecurityPrincipal principal) { ArgumentUtility.CheckNotNull("securableObject", securableObject); ArgumentUtility.CheckNotNull("methodInformation", methodInformation); ArgumentUtility.DebugCheckNotNull("principal", principal); var requiredAccessTypeEnums = _permissionProvider.GetRequiredMethodPermissions(securableObject.GetSecurableType(), methodInformation); Assertion.DebugIsNotNull(requiredAccessTypeEnums, "IPermissionProvider.GetRequiredMethodPermissions evaluated and returned null."); return(HasAccess(securableObject, methodInformation, requiredAccessTypeEnums, principal)); }
protected virtual bool AccessAllowed(ISecurityPrincipal user) { return(actions.All(user.Can)); }
protected virtual bool AccessAllowed(ISecurityPrincipal user) { return actions.Any(user.Can); }
public bool HasAccess(ISecurityProvider securityProvider, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes) { return(true); }