Exemple #1
0
        public IAsyncResult BeginCheckAccess(IAccountIdentifier identifier, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state)
        {
            AsyncIteratorContext <NoResults> asyncIteratorContext = new AsyncIteratorContext <NoResults>("RealServiceManager.Authorize", callback, state);

            asyncIteratorContext.Begin(this.CheckAccessImpl(identifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, asyncIteratorContext));
            return(asyncIteratorContext);
        }
Exemple #2
0
        private IEnumerator <IAsyncResult> CheckAccessImpl(IAccountIdentifier identifier, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <NoResults> context)
        {
            IAsyncResult asyncResult = this.BeginAuthorizeRequest(identifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, context.GetResumeCallback(), context.GetResumeState("RealServiceManager.AuthorizeImpl"));

            yield return(asyncResult);

            AuthorizationResult authorizationResult = this.EndAuthorizeRequest(asyncResult);

            if (!authorizationResult.Authorized)
            {
                if (identifier == null || !identifier.IsSecondaryAccess || !AuthorizationManager.IsWritePermission(requestedPermission))
                {
                    throw new NephosUnauthorizedAccessException(resourceAccount, resourceContainer, resourceIdentifier, identifier, requestedPermission, requestedSasParameters.SignedPermission, authorizationResult.FailureReason);
                }
                throw new SecondaryWriteNotAllowedException();
            }
        }
Exemple #3
0
 public abstract IAsyncResult BeginAuthorizeRequest(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state);
Exemple #4
0
        private IEnumerator <IAsyncResult> AuthorizeRequestImpl(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <AuthorizationResult> context)
        {
            Duration     startingNow = Duration.StartingNow;
            IAsyncResult asyncResult = this.BeginSharedKeyAuthorization(requestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, authorizationInfo, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("NephosAuthorizationManager.AuthorizeRequestImpl"));

            yield return(asyncResult);

            AuthorizationResult authorizationResult = this.EndAuthorizeRequest(asyncResult);
            bool authorized = authorizationResult.Authorized;

            if (!authorized || !(requestor is SignedAccessAccountIdentifier) && !(requestor is AccountSasAccessIdentifier))
            {
                context.ResultData = authorizationResult;
            }
            else
            {
                NephosAssertionException.Assert((requestor is SignedAccessAccountIdentifier ? true : requestor is AccountSasAccessIdentifier));
                if (!(requestor is SignedAccessAccountIdentifier))
                {
                    if (!(requestor is AccountSasAccessIdentifier))
                    {
                        throw new NephosUnauthorizedAccessException("Signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
                    }
                    if ((requestedSasParameters.SupportedSasTypes & SasType.AccountSas) != SasType.AccountSas)
                    {
                        throw new NephosUnauthorizedAccessException("Account signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
                    }
                    if (requestedSasParameters.SignedPermission == SASPermission.None)
                    {
                        throw new ArgumentException("signedPerrmission");
                    }
                    authorizationResult = this.AuthorizeAccountSignedAccessRequest(requestor as AccountSasAccessIdentifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters);
                    context.ResultData  = authorizationResult;
                }
                else
                {
                    if ((requestedSasParameters.SupportedSasTypes & SasType.ResourceSas) != SasType.ResourceSas)
                    {
                        throw new NephosUnauthorizedAccessException("Signed access not supported for this request", resourceAccount, resourceContainer, resourceIdentifier, requestor, requestedPermission, AuthorizationFailureReason.InvalidOperationSAS);
                    }
                    if (requestedSasParameters.SignedPermission == SASPermission.None)
                    {
                        throw new ArgumentException("signedPerrmission");
                    }
                    authorizationResult = this.AuthorizeResourceSignedAccessRequest(requestor as SignedAccessAccountIdentifier, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters.SignedPermission);
                    context.ResultData  = authorizationResult;
                }
            }
        }
Exemple #5
0
        private IEnumerator <IAsyncResult> SharedKeyAuthorizationImpl(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel permission, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncIteratorContext <AuthorizationResult> context)
        {
            PermissionLevel            permissionLevel;
            PermissionLevel            permissionLevel1;
            PermissionLevel            permissionLevel2;
            PermissionLevel            permissionLevel3;
            PermissionLevel            permissionLevel4;
            IEnumerable <IAsyncResult> asyncResults;
            Duration            startingNow         = Duration.StartingNow;
            AuthorizationResult authorizationResult = new AuthorizationResult(false, AuthorizationFailureReason.AccessPermissionFailure);
            PermissionLevel     permissionLevel5    = PermissionLevel.Read | PermissionLevel.Write | PermissionLevel.Delete | PermissionLevel.ReadAcl | PermissionLevel.WriteAcl | PermissionLevel.FullControl | PermissionLevel.Owner | PermissionLevel.ReadDelete | PermissionLevel.ReadWrite | PermissionLevel.ReadWriteDelete | PermissionLevel.WriteDelete | PermissionLevel.ReadAclWriteAcl;

            if ((int)(permission & ~permissionLevel5) != 0 || (int)permission == 0)
            {
                throw new ArgumentException("permission", string.Format("permission is not well formed. Permission: {0}", permission));
            }
            if (requestor == null)
            {
                throw new ArgumentNullException("requestor");
            }
            if (!requestor.IsKeyDisabled)
            {
                PermissionLevel permissionLevel6 = permission & (PermissionLevel.Read | PermissionLevel.Write | PermissionLevel.Delete | PermissionLevel.ReadAcl | PermissionLevel.WriteAcl | PermissionLevel.FullControl | PermissionLevel.ReadDelete | PermissionLevel.ReadWrite | PermissionLevel.ReadWriteDelete | PermissionLevel.WriteDelete | PermissionLevel.ReadAclWriteAcl);
                if (!string.IsNullOrEmpty(resourceAccount) && resourceAccount.Equals(requestor.AccountName, StringComparison.OrdinalIgnoreCase))
                {
                    PermissionLevel permissionLevel7 = (PermissionLevel)0;
                    if ((permissionLevel6 & PermissionLevel.Read) == PermissionLevel.Read)
                    {
                        PermissionLevel permissionLevel8 = permissionLevel7;
                        if (requestor.IsReadAllowed)
                        {
                            permissionLevel4 = PermissionLevel.Read;
                        }
                        else
                        {
                            permissionLevel4 = (PermissionLevel)0;
                        }
                        permissionLevel7 = permissionLevel8 | permissionLevel4;
                    }
                    if ((permissionLevel6 & PermissionLevel.Write) == PermissionLevel.Write && requestor.IsWriteAllowed)
                    {
                        permissionLevel7 |= PermissionLevel.Write;
                    }
                    if ((permissionLevel6 & PermissionLevel.Delete) == PermissionLevel.Delete)
                    {
                        PermissionLevel permissionLevel9 = permissionLevel7;
                        if (requestor.IsDeleteAllowed)
                        {
                            permissionLevel3 = PermissionLevel.Delete;
                        }
                        else
                        {
                            permissionLevel3 = (PermissionLevel)0;
                        }
                        permissionLevel7 = permissionLevel9 | permissionLevel3;
                    }
                    if ((permissionLevel6 & PermissionLevel.FullControl) == PermissionLevel.FullControl)
                    {
                        PermissionLevel permissionLevel10 = permissionLevel7;
                        if (requestor.IsFullControlAllowed)
                        {
                            permissionLevel2 = PermissionLevel.FullControl;
                        }
                        else
                        {
                            permissionLevel2 = (PermissionLevel)0;
                        }
                        permissionLevel7 = permissionLevel10 | permissionLevel2;
                    }
                    if ((permissionLevel6 & PermissionLevel.ReadAcl) == PermissionLevel.ReadAcl)
                    {
                        PermissionLevel permissionLevel11 = permissionLevel7;
                        if (requestor.IsReadAllowed)
                        {
                            permissionLevel1 = PermissionLevel.ReadAcl;
                        }
                        else
                        {
                            permissionLevel1 = (PermissionLevel)0;
                        }
                        permissionLevel7 = permissionLevel11 | permissionLevel1;
                    }
                    if ((permissionLevel6 & PermissionLevel.WriteAcl) == PermissionLevel.WriteAcl)
                    {
                        PermissionLevel permissionLevel12 = permissionLevel7;
                        if (requestor.IsWriteAllowed)
                        {
                            permissionLevel = PermissionLevel.WriteAcl;
                        }
                        else
                        {
                            permissionLevel = (PermissionLevel)0;
                        }
                        permissionLevel7 = permissionLevel12 | permissionLevel;
                    }
                    if (permissionLevel7 != permissionLevel6)
                    {
                        authorizationResult.FailureReason = AuthorizationFailureReason.PermissionMismatch;
                        authorizationResult.Authorized    = false;
                    }
                    else
                    {
                        authorizationResult.FailureReason = AuthorizationFailureReason.NotApplicable;
                        authorizationResult.Authorized    = true;
                    }
                    context.ResultData = authorizationResult;
                }
                else if (!this.checkResourceAcl)
                {
                    authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
                    authorizationResult.Authorized    = false;
                    context.ResultData = authorizationResult;
                }
                else if (!this.PublicAccessEnabled)
                {
                    authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
                    authorizationResult.Authorized    = false;
                    context.ResultData = authorizationResult;
                }
                else if ((permission & PermissionLevel.Owner) == PermissionLevel.Owner)
                {
                    authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
                    authorizationResult.Authorized    = false;
                    context.ResultData = authorizationResult;
                }
                else if (permissionLevel6 != PermissionLevel.Read)
                {
                    authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
                    authorizationResult.Authorized    = false;
                    context.ResultData = authorizationResult;
                }
                else if (!string.IsNullOrEmpty(resourceContainer) || !string.IsNullOrEmpty(resourceIdentifier))
                {
                    try
                    {
                        asyncResults = this.AuthorizePublicAccess(context, authorizationResult, this.storageManager, resourceAccount, resourceContainer, resourceIdentifier, requestor, permission, startingNow, timeout);
                    }
                    catch (Exception exception1)
                    {
                        Exception exception = exception1;
                        Logger <IRestProtocolHeadLogger> .Instance.ErrorDebug.Log("Can't authorize public access using ACL");

                        throw exception;
                    }
                    foreach (IAsyncResult asyncResult in asyncResults)
                    {
                        yield return(asyncResult);
                    }
                }
                else
                {
                    authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
                    authorizationResult.Authorized    = false;
                    context.ResultData = authorizationResult;
                }
            }
            else
            {
                authorizationResult.FailureReason = AuthorizationFailureReason.KeyDisabled;
                authorizationResult.Authorized    = false;
                context.ResultData = authorizationResult;
            }
        }
Exemple #6
0
        protected internal IAsyncResult BeginSharedKeyAuthorization(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel permission, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state)
        {
            AsyncIteratorContext <AuthorizationResult> asyncIteratorContext = new AsyncIteratorContext <AuthorizationResult>("OwnerAdminAuthorizationManager.AuthorizeRequest", callback, state);

            asyncIteratorContext.Begin(this.SharedKeyAuthorizationImpl(requestor, resourceAccount, resourceContainer, resourceIdentifier, permission, authorizationInfo, timeout, asyncIteratorContext));
            return(asyncIteratorContext);
        }
Exemple #7
0
        public override IAsyncResult BeginAuthorizeRequest(IAccountIdentifier requestor, string resourceAccount, string resourceContainer, string resourceIdentifier, PermissionLevel requestedPermission, SASAuthorizationParameters requestedSasParameters, AuthorizationInformation authorizationInfo, TimeSpan timeout, AsyncCallback callback, object state)
        {
            AsyncIteratorContext <AuthorizationResult> asyncIteratorContext = new AsyncIteratorContext <AuthorizationResult>("OwnerAdminAuthorizationManager.AuthorizeRequest", callback, state);

            asyncIteratorContext.Begin(this.AuthorizeRequestImpl(requestor, resourceAccount, resourceContainer, resourceIdentifier, requestedPermission, requestedSasParameters, authorizationInfo, timeout, asyncIteratorContext));
            return(asyncIteratorContext);
        }