Exemple #1
0
    public static PermissionsAnalysis RecheckDatabasePermissions()
    {
        while (_testReadCredentials == null || _testWriteCredentials == null || _testAdminCredentials == null)
        {
            Thread.Sleep(100);
            // A couple of async race conditions happen as this is called, we need to wait for credentials
        }

        PermissionsAnalysis result = new PermissionsAnalysis();

        // First, test ADMIN

        SwarmDb adminDb = SwarmDb.GetTestDatabase(_testAdminCredentials);

        // Drop table, procedure first just in case there's garbage left behind. Ignore result.
        adminDb.TestDropTable();
        adminDb.TestDropProcedure();

        // All these should pass.
        result.AdminCredentialsCanLogin  = adminDb.TestLogin();
        result.AdminCredentialsCanAdmin  = adminDb.TestCreateTable();
        result.AdminCredentialsCanAdmin &= adminDb.TestDropTable();
        result.AdminCredentialsCanAdmin &= adminDb.TestCreateTable();
        result.AdminCredentialsCanAdmin &= adminDb.TestAlterTable();
        result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // AND -- all must succeed
        result.AdminCredentialsCanAdmin &= adminDb.TestDropProcedure();
        // Test DROP before we mess up the state of the table, procedure
        result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // therefore, recreate it after the drop

        if (result.AdminCredentialsCanAdmin)                              // if we have a created table and procedure, otherwise default fail
        {
            result.AdminCredentialsCanExecute = adminDb.TestExecute("Admin Execute");
            result.AdminCredentialsCanSelect  = adminDb.TestSelect();
        }

        // Within the created table, test WRITE and READ accounts before testing them on excessive rights.

        SwarmDb writeDb = SwarmDb.GetTestDatabase(_testWriteCredentials);

        result.WriteCredentialsCanLogin = writeDb.TestLogin();

        if (result.WriteCredentialsCanLogin && result.AdminCredentialsCanAdmin)
        {
            result.WriteCredentialsCanExecute = writeDb.TestExecute("Write Execute");
            result.WriteCredentialsCanSelect  = writeDb.TestSelect();
        }

        SwarmDb readDb = SwarmDb.GetTestDatabase(_testReadCredentials);

        result.ReadCredentialsCanLogin = readDb.TestLogin();

        if (result.ReadCredentialsCanLogin && result.AdminCredentialsCanAdmin)
        {
            result.ReadCredentialsCanExecute = readDb.TestExecute("Read Execute");
            result.ReadCredentialsCanSelect  = readDb.TestSelect();
        }

        // Finally, test the write and read accounts for admin rights. Note the "OR" here rather than "AND" -
        // any one of these rights present should return a true, because it's a fail.

        if (result.ReadCredentialsCanLogin)
        {
            result.ReadCredentialsCanAdmin  = readDb.TestDropProcedure();
            result.ReadCredentialsCanAdmin |= readDb.TestDropTable();
            result.ReadCredentialsCanAdmin |= readDb.TestCreateTable();
            result.ReadCredentialsCanAdmin |= readDb.TestCreateProcedure();
        }

        if (result.WriteCredentialsCanLogin)
        {
            result.WriteCredentialsCanAdmin  = writeDb.TestDropProcedure();
            result.WriteCredentialsCanAdmin |= writeDb.TestDropTable();
            result.WriteCredentialsCanAdmin |= writeDb.TestCreateTable();
            result.WriteCredentialsCanAdmin |= writeDb.TestCreateProcedure();
        }

        // Clean up

        adminDb.TestDropTable(); // ignore result
        adminDb.TestDropProcedure();

        result.AllPermissionsOk =
            result.AdminCredentialsCanLogin &&
            result.AdminCredentialsCanSelect &&
            result.AdminCredentialsCanExecute &&
            result.AdminCredentialsCanAdmin &&
            result.WriteCredentialsCanLogin &&
            result.WriteCredentialsCanSelect &&
            result.WriteCredentialsCanExecute &&
            !result.WriteCredentialsCanAdmin && // not this
            result.ReadCredentialsCanLogin &&
            result.ReadCredentialsCanSelect &&
            !result.ReadCredentialsCanExecute && // not this
            !result.ReadCredentialsCanAdmin;     // not this

        return(result);
    }