/// <summary>
/// Create the policy locally
/// </summary>
public void CreatePolicy(IPolicy policy, IPrincipal principal)
{
// Demand local admin
var pdp = ApplicationContext.Current.GetService <IPolicyDecisionService>();
if (pdp.GetPolicyOutcome(principal ?? AuthenticationContext.Current.Principal, PolicyIdentifiers.AccessClientAdministrativeFunction) != PolicyGrantType.Grant)
{
throw new PolicyViolationException(PolicyIdentifiers.AccessClientAdministrativeFunction, PolicyGrantType.Deny);
}
var conn = this.CreateConnection();
using (conn.Lock())
{
try
{
var polId = conn.Table <DbSecurityPolicy>().Where(o => o.Oid == policy.Oid).FirstOrDefault();
if (polId == null)
{
polId = new DbSecurityPolicy()
{
CanOverride = policy.CanOverride,
Name = policy.Name,
Oid = policy.Oid,
Key = Guid.NewGuid()
};
conn.Insert(polId);
}
}
catch (Exception e)
{
this.m_tracer.TraceError("Could create policy {0}", e);
}
}
}
/// <summary>
/// Local security policy instance
/// </summary>
public AdoSecurityPolicyInstance(DbEntitySecurityPolicy entityPolicy, DbSecurityPolicy policy, object securable)
{
this.Policy = new AdoSecurityPolicy(policy);
// TODO: Configuration of the policy as opt-in / opt-out
this.Rule = PolicyGrantType.Grant;
this.Securable = securable;
}
/// <summary>
/// Local security policy instance
/// </summary>
public AdoSecurityPolicyInstance(DbActSecurityPolicy actPolicy, DbSecurityPolicy policy, object securable)
{
this.Policy = new AdoSecurityPolicy(policy);
// TODO: Configuration of the policy as opt-in / opt-out
this.Rule = PolicyDecisionOutcomeType.Grant;
this.Securable = securable;
}
/// <summary>
/// Create a local security policy
/// </summary>
public AdoSecurityPolicy(DbSecurityPolicy policy)
{
this.CanOverride = policy.CanOverride;
this.Key = policy.Key;
this.Name = policy.Name;
this.Oid = policy.Oid;
this.IsActive = policy.ObsoletionTime == null || policy.ObsoletionTime < DateTimeOffset.Now;
if (!String.IsNullOrEmpty(policy.Handler) && !s_handlers.TryGetValue(policy.Handler, out this.m_handler))
{
Type handlerType = Type.GetType(policy.Handler);
if (handlerType == null)
{
throw new InvalidOperationException("Cannot find policy handler");
}
var ci = handlerType.GetConstructor(Type.EmptyTypes);
if (ci == null)
{
throw new InvalidOperationException("Cannot find parameterless constructor");
}
this.m_handler = ci.Invoke(null) as IPolicyHandler;
if (this.m_handler == null)
{
throw new InvalidOperationException("Policy handler does not implement IPolicyHandler");
}
lock (s_lockObject)
s_handlers.Add(policy.Handler, this.m_handler);
}
}
/// <summary>
/// Local security policy instance
/// </summary>
public AdoSecurityPolicyInstance(DbSecurityApplicationPolicy applicationPolicy, DbSecurityPolicy policy, object securable)
{
this.Policy = new AdoSecurityPolicy(policy);
this.Rule = (PolicyGrantType)applicationPolicy.GrantType;
this.Securable = securable;
}
/// <summary>
/// Local security policy instance
/// </summary>
public AdoSecurityPolicyInstance(DbSecurityDevicePolicy devicePolicy, DbSecurityPolicy policy, object securable)
{
this.Policy = new AdoSecurityPolicy(policy);
this.Rule = (PolicyGrantType)devicePolicy.GrantType;
this.Securable = securable;
}
/// <summary>
/// Local security policy instance
/// </summary>
public AdoSecurityPolicyInstance(DbSecurityRolePolicy rolePolicy, DbSecurityPolicy policy, object securable)
{
this.Policy = new AdoSecurityPolicy(policy);
this.Rule = (PolicyDecisionOutcomeType)rolePolicy.GrantType;
this.Securable = securable;
}
/// <summary>
/// Local security policy instance
/// </summary>
public AdoSecurityPolicyInstance(DbSecurityPolicyActionableInstance policyInstance, DbSecurityPolicy policy, object securable)
{
this.Policy = new AdoSecurityPolicy(policy);
this.Rule = (PolicyGrantType)policyInstance.GrantType;
this.Securable = securable;
}
/// <summary>
/// Create the policy locally
/// </summary>
public void CreatePolicy(IPolicy policy, IPrincipal principal)
{
// Demand local admin
if (principal != AuthenticationContext.SystemPrincipal)
{
ApplicationServiceContext.Current.GetService <IPolicyEnforcementService>().Demand(PermissionPolicyIdentifiers.AccessClientAdministrativeFunction, principal);
}
var conn = this.CreateConnection();
using (conn.Lock())
{
try
{
var polId = conn.Table <DbSecurityPolicy>().Where(o => o.Oid == policy.Oid).FirstOrDefault();
if (polId == null)
{
polId = new DbSecurityPolicy()
{
CanOverride = policy.CanOverride,
Name = policy.Name,
Oid = policy.Oid,
Key = policy.Key
};
conn.Insert(polId);
}
else if (polId.Key != policy.Key)
{
conn.Delete(polId);
polId.Key = policy.Key;
conn.Insert(polId);
// Update any records we have
var updates = conn.Table <DbAssigningAuthority>().Where(o => o.PolicyUuid == polId.Uuid).ToList().Select(o =>
{
o.PolicyUuid = policy.Key.ToByteArray();
return(o);
}).OfType <Object>().Union(
conn.Table <DbSecurityRolePolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o =>
{
o.PolicyId = policy.Key.ToByteArray();
return(o);
})).Union(
conn.Table <DbSecurityApplicationPolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o =>
{
o.PolicyId = policy.Key.ToByteArray();
return(o);
})).Union(
conn.Table <DbSecurityDevicePolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o =>
{
o.PolicyId = policy.Key.ToByteArray();
return(o);
})).Union(
conn.Table <DbEntitySecurityPolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o =>
{
o.PolicyId = policy.Key.ToByteArray();
return(o);
})
).Union(
conn.Table <DbActSecurityPolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o =>
{
o.PolicyId = policy.Key.ToByteArray();
return(o);
})
);
conn.UpdateAll(updates);
}
}
catch (Exception e)
{
this.m_tracer.TraceError("Could create policy {0}", e);
}
}
}
