Example #1
0
        public Shared.Types.BooleanResult AuthenticatedUserGateway(Shared.Types.SessionProperties properties)
        {
            UserInformation userInfo = properties.GetTrackedSingle<UserInformation>();

            try
            {
                using (MySqlUserDataSource dataSource = new MySqlUserDataSource())
                {
                    List<GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules();

                    foreach (GroupGatewayRule rule in rules)
                    {
                        m_logger.DebugFormat("Checking rule: {0}", rule.ToString());
                        if (rule.RuleMatch(dataSource.IsMemberOfGroup(userInfo.Username, rule.Group)))
                        {
                            m_logger.DebugFormat("Rule is a match, adding to {0}", rule.LocalGroup);
                            userInfo.Groups.Add(new GroupInformation { Name = rule.LocalGroup });
                        }
                        else
                        {
                            m_logger.DebugFormat("Rule is not a match");
                        }
                    }
                }
            }
            catch (Exception e)
            {
                m_logger.ErrorFormat("Unexpected error: {0}", e);
                throw;
            }
            
            // Always return success
            return new Shared.Types.BooleanResult { Success = true };
        }
Example #2
0
        public Shared.Types.BooleanResult AuthenticatedUserGateway(Shared.Types.SessionProperties properties)
        {
            UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();

            try
            {
                using (MySqlUserDataSource dataSource = new MySqlUserDataSource())
                {
                    List <GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules();

                    foreach (GroupGatewayRule rule in rules)
                    {
                        m_logger.DebugFormat("Checking rule: {0}", rule.ToString());
                        if (rule.RuleMatch(dataSource.IsMemberOfGroup(userInfo.Username, rule.Group)))
                        {
                            m_logger.DebugFormat("Rule is a match, adding to {0}", rule.LocalGroup);
                            userInfo.Groups.Add(new GroupInformation {
                                Name = rule.LocalGroup
                            });
                        }
                        else
                        {
                            m_logger.DebugFormat("Rule is not a match");
                        }
                    }
                }
            }
            catch (MySqlException e)
            {
                bool preventLogon = Settings.Store.PreventLogonOnServerError;
                if (preventLogon)
                {
                    m_logger.DebugFormat("Encountered MySQL server error, and preventing logon: {0}", e.Message);
                    return(new BooleanResult {
                        Success = false,
                        Message = string.Format("Preventing logon due to server error: {0}", e.Message)
                    });
                }
                else
                {
                    m_logger.DebugFormat("Encoutered MySQL server error, but returning success anyway.  Error: {0}", e.Message);
                    return(new BooleanResult {
                        Success = true,
                        Message = string.Format("Encountered server error: {0}", e.Message)
                    });
                }
            }
            catch (Exception e)
            {
                m_logger.ErrorFormat("Unexpected error: {0}", e);
                throw;
            }

            // Always return success
            return(new Shared.Types.BooleanResult {
                Success = true
            });
        }
Example #3
0
        private bool Save()
        {
            int port = 0;

            try
            {
                port = Convert.ToInt32(this.portTB.Text);
            }
            catch (Exception)
            {
                MessageBox.Show("The port must be a positive integer.");
                return(false);
            }

            Settings.Store.Host = this.hostTB.Text.Trim();
            Settings.Store.Port = port;
            Settings.Store.User = this.userTB.Text.Trim();
            Settings.Store.SetEncryptedSetting("Password", this.passwordTB.Text);
            Settings.Store.Database = this.dbTB.Text.Trim();
            Settings.Store.UseSsl   = this.useSslCB.Checked;

            // User table settings
            Settings.Store.Table                     = this.userTableTB.Text.Trim();
            Settings.Store.UsernameColumn            = this.unameColTB.Text.Trim();
            Settings.Store.HashMethodColumn          = this.hashMethodColTB.Text.Trim();
            Settings.Store.PasswordColumn            = this.passwdColTB.Text.Trim();
            Settings.Store.UserTablePrimaryKeyColumn = this.userPrimaryKeyColTB.Text.Trim();

            if (encHexRB.Checked)
            {
                Settings.Store.HashEncoding = (int)Settings.HashEncoding.HEX;
            }
            else
            {
                Settings.Store.HashEncoding = (int)Settings.HashEncoding.BASE_64;
            }

            // Group table schema settings
            Settings.Store.GroupTableName             = this.groupTableNameTB.Text.Trim();
            Settings.Store.GroupNameColumn            = this.groupNameColTB.Text.Trim();
            Settings.Store.GroupTablePrimaryKeyColumn = this.groupTablePrimaryKeyColTB.Text.Trim();

            // User-Group table settings
            Settings.Store.UserGroupTableName    = this.userGroupTableNameTB.Text.Trim();
            Settings.Store.UserForeignKeyColumn  = this.userGroupUserFKColTB.Text.Trim();
            Settings.Store.GroupForeignKeyColumn = this.userGroupGroupFKColTB.Text.Trim();

            // Gateway rules
            List <GroupGatewayRule> gwList = new List <GroupGatewayRule>();

            foreach (Object item in this.gtwRulesListBox.Items)
            {
                gwList.Add(item as GroupGatewayRule);
            }
            GroupRuleLoader.SaveGatewayRules(gwList);

            return(true);
        }
Example #4
0
        private void InitUI()
        {
            this.hostTB.Text = Settings.Store.Host;
            int port = Settings.Store.Port;

            this.portTB.Text     = Convert.ToString(port);
            this.userTB.Text     = Settings.Store.User;
            this.passwordTB.Text = Settings.Store.GetEncryptedSetting("Password");
            this.dbTB.Text       = Settings.Store.Database;
            bool useSsl = Settings.Store.UseSsl;

            this.useSslCB.Checked = useSsl;

            // User table schema settings
            this.userTableTB.Text         = Settings.Store.Table;
            this.unameColTB.Text          = Settings.Store.UsernameColumn;
            this.hashMethodColTB.Text     = Settings.Store.HashMethodColumn;
            this.passwdColTB.Text         = Settings.Store.PasswordColumn;
            this.userPrimaryKeyColTB.Text = Settings.Store.UserTablePrimaryKeyColumn;

            int encodingInt = Settings.Store.HashEncoding;

            Settings.HashEncoding encoding = (Settings.HashEncoding)encodingInt;

            if (encoding == Settings.HashEncoding.HEX)
            {
                this.encHexRB.Checked = true;
            }
            else
            {
                this.encBase64RB.Checked = true;
            }

            // Group table schema settings
            this.groupTableNameTB.Text          = Settings.Store.GroupTableName;
            this.groupNameColTB.Text            = Settings.Store.GroupNameColumn;
            this.groupTablePrimaryKeyColTB.Text = Settings.Store.GroupTablePrimaryKeyColumn;

            // User-Group table settings
            this.userGroupTableNameTB.Text  = Settings.Store.UserGroupTableName;
            this.userGroupUserFKColTB.Text  = Settings.Store.UserForeignKeyColumn;
            this.userGroupGroupFKColTB.Text = Settings.Store.GroupForeignKeyColumn;

            // Gateway rules
            List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();

            foreach (GroupGatewayRule rule in gwLst)
            {
                this.gtwRulesListBox.Items.Add(rule);
            }
            this.gtwRuleConditionCB.SelectedIndex = 0;
        }
Example #5
0
        public BooleanResult AuthorizeUser(SessionProperties properties)
        {
            m_logger.Debug("MySql Plugin Authorization");

            bool requireAuth = Settings.Store.AuthzRequireMySqlAuth;

            // If we require authentication, and we failed to auth this user, then we
            // fail authorization.
            if (requireAuth)
            {
                PluginActivityInformation actInfo = properties.GetTrackedSingle <PluginActivityInformation>();
                try
                {
                    BooleanResult mySqlResult = actInfo.GetAuthenticationResult(this.Uuid);
                    if (!mySqlResult.Success)
                    {
                        m_logger.InfoFormat("Deny because MySQL auth failed, and configured to require MySQL auth.");
                        return(new BooleanResult()
                        {
                            Success = false,
                            Message = "Deny because MySQL authentication failed."
                        });
                    }
                }
                catch (KeyNotFoundException)
                {
                    // The plugin is not enabled for authentication
                    m_logger.ErrorFormat("MySQL is not enabled for authentication, and authz is configured to require auth.");
                    return(new BooleanResult
                    {
                        Success = false,
                        Message = "Deny because MySQL auth did not execute, and configured to require MySQL auth."
                    });
                }
            }

            // Get the authz rules from registry
            List <GroupAuthzRule> rules = GroupRuleLoader.GetAuthzRules();

            if (rules.Count == 0)
            {
                throw new Exception("No authorization rules found.");
            }

            try
            {
                UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
                string          user     = userInfo.Username;

                using (MySqlUserDataSource dataSource = new MySqlUserDataSource())
                {
                    foreach (GroupAuthzRule rule in rules)
                    {
                        m_logger.DebugFormat("Checking rule: {0}", rule.ToString());
                        bool inGroup = false;

                        if (rule.RuleCondition != GroupRule.Condition.ALWAYS)
                        {
                            inGroup = dataSource.IsMemberOfGroup(user, rule.Group);
                            m_logger.DebugFormat("User '{0}' {1} a member of '{2}'", user,
                                                 inGroup ? "is" : "is not", rule.Group);
                        }

                        if (rule.RuleMatch(inGroup))
                        {
                            if (rule.AllowOnMatch)
                            {
                                return new BooleanResult
                                       {
                                           Success = true,
                                           Message = string.Format("Allow via rule '{0}'", rule.ToString())
                                       }
                            }
                            ;
                            else
                            {
                                return new BooleanResult
                                       {
                                           Success = false,
                                           Message = string.Format("Deny via rule '{0}'", rule.ToString())
                                       }
                            };
                        }
                    }
                }

                // If we get this far, no rules matched.  This should never happen since
                // the last rule should always match (the default).  Throw.
                throw new Exception("Missing default authorization rule.");
            }
            catch (Exception e)
            {
                m_logger.ErrorFormat("Exception during authorization: {0}", e);
                throw;
            }
        }
Example #6
0
        private void InitUI()
        {
            this.hostTB.Text = Settings.Store.Host;
            int port = Settings.Store.Port;
            this.portTB.Text = Convert.ToString(port);
            this.userTB.Text = Settings.Store.User;
            this.passwordTB.Text = Settings.Store.GetEncryptedSetting("Password");
            this.dbTB.Text = Settings.Store.Database;
            bool useSsl = Settings.Store.UseSsl;
            this.useSslCB.Checked = useSsl;

            // User table schema settings
            this.userTableTB.Text = Settings.Store.Table;
            this.unameColTB.Text = Settings.Store.UsernameColumn;
            this.hashMethodColTB.Text = Settings.Store.HashMethodColumn;
            this.passwdColTB.Text = Settings.Store.PasswordColumn;
            this.userPrimaryKeyColTB.Text = Settings.Store.UserTablePrimaryKeyColumn;

            int encodingInt = Settings.Store.HashEncoding;
            Settings.HashEncoding encoding = (Settings.HashEncoding)encodingInt;

            if (encoding == Settings.HashEncoding.HEX)
                this.encHexRB.Checked = true;
            else
                this.encBase64RB.Checked = true;

            // Group table schema settings
            this.groupTableNameTB.Text = Settings.Store.GroupTableName;
            this.groupNameColTB.Text = Settings.Store.GroupNameColumn;
            this.groupTablePrimaryKeyColTB.Text = Settings.Store.GroupTablePrimaryKeyColumn;

            // User-Group table settings
            this.userGroupTableNameTB.Text = Settings.Store.UserGroupTableName;
            this.userGroupUserFKColTB.Text = Settings.Store.UserForeignKeyColumn;
            this.userGroupGroupFKColTB.Text = Settings.Store.GroupForeignKeyColumn;

            /////////////// Authorization tab /////////////////
            this.cbAuthzMySqlGroupMemberOrNot.SelectedIndex = 0;
            this.cbAuthzGroupRuleAllowOrDeny.SelectedIndex = 0;

            this.ckDenyWhenMySqlAuthFails.Checked = Settings.Store.AuthzRequireMySqlAuth;

            List<GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules();
            // The last one should be the default rule
            if (lst.Count > 0 &&
                lst[lst.Count - 1].RuleCondition == GroupRule.Condition.ALWAYS)
            {
                GroupAuthzRule rule = lst[lst.Count - 1];
                if (rule.AllowOnMatch)
                    this.rbDefaultAllow.Checked = true;
                else
                    this.rbDefaultDeny.Checked = true;
                lst.RemoveAt(lst.Count - 1);
            }
            else
            {
                // The list is empty or the last rule is not a default rule.
                throw new Exception("Default rule not found in rule list.");
            }
            // The rest of the rules
            foreach (GroupAuthzRule rule in lst)
                this.listBoxAuthzRules.Items.Add(rule);

            ///////////////// Gateway tab ///////////////
            List<GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();
            foreach (GroupGatewayRule rule in gwLst)
                this.gtwRulesListBox.Items.Add(rule);
            this.gtwRuleConditionCB.SelectedIndex = 0;

            this.m_preventLogonWhenServerUnreachableCb.Checked = Settings.Store.PreventLogonOnServerError;
        }
Example #7
0
        private bool Save()
        {
            int port = 0;
            try
            {
                port = Convert.ToInt32(this.portTB.Text);
            }
            catch (Exception)
            {
                MessageBox.Show("The port must be a positive integer.");
                return false;
            }

            Settings.Store.Host = this.hostTB.Text.Trim();
            Settings.Store.Port = port;
            Settings.Store.User = this.userTB.Text.Trim();
            Settings.Store.SetEncryptedSetting("Password", this.passwordTB.Text);
            Settings.Store.Database = this.dbTB.Text.Trim();
            Settings.Store.UseSsl = this.useSslCB.Checked;

            // User table settings
            Settings.Store.Table = this.userTableTB.Text.Trim();
            Settings.Store.UsernameColumn = this.unameColTB.Text.Trim();
            Settings.Store.HashMethodColumn = this.hashMethodColTB.Text.Trim();
            Settings.Store.PasswordColumn = this.passwdColTB.Text.Trim();
            Settings.Store.UserTablePrimaryKeyColumn = this.userPrimaryKeyColTB.Text.Trim();

            if (encHexRB.Checked)
                Settings.Store.HashEncoding = (int)Settings.HashEncoding.HEX;
            else
                Settings.Store.HashEncoding = (int)Settings.HashEncoding.BASE_64;

            // Group table schema settings
            Settings.Store.GroupTableName = this.groupTableNameTB.Text.Trim();
            Settings.Store.GroupNameColumn = this.groupNameColTB.Text.Trim();
            Settings.Store.GroupTablePrimaryKeyColumn = this.groupTablePrimaryKeyColTB.Text.Trim();

            // User-Group table settings
            Settings.Store.UserGroupTableName = this.userGroupTableNameTB.Text.Trim();
            Settings.Store.UserForeignKeyColumn = this.userGroupUserFKColTB.Text.Trim();
            Settings.Store.GroupForeignKeyColumn = this.userGroupGroupFKColTB.Text.Trim();

            ////////// Authorization Tab ////////////
            Settings.Store.AuthzRequireMySqlAuth = this.ckDenyWhenMySqlAuthFails.Checked;
            List<GroupAuthzRule> lst = new List<GroupAuthzRule>();
            foreach (Object item in this.listBoxAuthzRules.Items)
            {
                lst.Add(item as GroupAuthzRule);
                m_logger.DebugFormat("Saving rule: {0}", item);
            }
            // Add the default as the last rule in the list
            lst.Add(new GroupAuthzRule(this.rbDefaultAllow.Checked));

            GroupRuleLoader.SaveAuthzRules(lst);

            // Gateway rules
            List<GroupGatewayRule> gwList = new List<GroupGatewayRule>();
            foreach (Object item in this.gtwRulesListBox.Items)
            {
                gwList.Add(item as GroupGatewayRule);
            }
            GroupRuleLoader.SaveGatewayRules(gwList);

            Settings.Store.PreventLogonOnServerError = m_preventLogonWhenServerUnreachableCb.Checked;

            return true;
        }