public Shared.Types.BooleanResult AuthenticatedUserGateway(Shared.Types.SessionProperties properties)
{
UserInformation userInfo = properties.GetTrackedSingle<UserInformation>();
try
{
using (MySqlUserDataSource dataSource = new MySqlUserDataSource())
{
List<GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules();
foreach (GroupGatewayRule rule in rules)
{
m_logger.DebugFormat("Checking rule: {0}", rule.ToString());
if (rule.RuleMatch(dataSource.IsMemberOfGroup(userInfo.Username, rule.Group)))
{
m_logger.DebugFormat("Rule is a match, adding to {0}", rule.LocalGroup);
userInfo.Groups.Add(new GroupInformation { Name = rule.LocalGroup });
}
else
{
m_logger.DebugFormat("Rule is not a match");
}
}
}
}
catch (Exception e)
{
m_logger.ErrorFormat("Unexpected error: {0}", e);
throw;
}
// Always return success
return new Shared.Types.BooleanResult { Success = true };
}
public Shared.Types.BooleanResult AuthenticatedUserGateway(Shared.Types.SessionProperties properties)
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
try
{
using (MySqlUserDataSource dataSource = new MySqlUserDataSource())
{
List <GroupGatewayRule> rules = GroupRuleLoader.GetGatewayRules();
foreach (GroupGatewayRule rule in rules)
{
m_logger.DebugFormat("Checking rule: {0}", rule.ToString());
if (rule.RuleMatch(dataSource.IsMemberOfGroup(userInfo.Username, rule.Group)))
{
m_logger.DebugFormat("Rule is a match, adding to {0}", rule.LocalGroup);
userInfo.Groups.Add(new GroupInformation {
Name = rule.LocalGroup
});
}
else
{
m_logger.DebugFormat("Rule is not a match");
}
}
}
}
catch (MySqlException e)
{
bool preventLogon = Settings.Store.PreventLogonOnServerError;
if (preventLogon)
{
m_logger.DebugFormat("Encountered MySQL server error, and preventing logon: {0}", e.Message);
return(new BooleanResult {
Success = false,
Message = string.Format("Preventing logon due to server error: {0}", e.Message)
});
}
else
{
m_logger.DebugFormat("Encoutered MySQL server error, but returning success anyway. Error: {0}", e.Message);
return(new BooleanResult {
Success = true,
Message = string.Format("Encountered server error: {0}", e.Message)
});
}
}
catch (Exception e)
{
m_logger.ErrorFormat("Unexpected error: {0}", e);
throw;
}
// Always return success
return(new Shared.Types.BooleanResult {
Success = true
});
}
private bool Save()
{
int port = 0;
try
{
port = Convert.ToInt32(this.portTB.Text);
}
catch (Exception)
{
MessageBox.Show("The port must be a positive integer.");
return(false);
}
Settings.Store.Host = this.hostTB.Text.Trim();
Settings.Store.Port = port;
Settings.Store.User = this.userTB.Text.Trim();
Settings.Store.SetEncryptedSetting("Password", this.passwordTB.Text);
Settings.Store.Database = this.dbTB.Text.Trim();
Settings.Store.UseSsl = this.useSslCB.Checked;
// User table settings
Settings.Store.Table = this.userTableTB.Text.Trim();
Settings.Store.UsernameColumn = this.unameColTB.Text.Trim();
Settings.Store.HashMethodColumn = this.hashMethodColTB.Text.Trim();
Settings.Store.PasswordColumn = this.passwdColTB.Text.Trim();
Settings.Store.UserTablePrimaryKeyColumn = this.userPrimaryKeyColTB.Text.Trim();
if (encHexRB.Checked)
{
Settings.Store.HashEncoding = (int)Settings.HashEncoding.HEX;
}
else
{
Settings.Store.HashEncoding = (int)Settings.HashEncoding.BASE_64;
}
// Group table schema settings
Settings.Store.GroupTableName = this.groupTableNameTB.Text.Trim();
Settings.Store.GroupNameColumn = this.groupNameColTB.Text.Trim();
Settings.Store.GroupTablePrimaryKeyColumn = this.groupTablePrimaryKeyColTB.Text.Trim();
// User-Group table settings
Settings.Store.UserGroupTableName = this.userGroupTableNameTB.Text.Trim();
Settings.Store.UserForeignKeyColumn = this.userGroupUserFKColTB.Text.Trim();
Settings.Store.GroupForeignKeyColumn = this.userGroupGroupFKColTB.Text.Trim();
// Gateway rules
List <GroupGatewayRule> gwList = new List <GroupGatewayRule>();
foreach (Object item in this.gtwRulesListBox.Items)
{
gwList.Add(item as GroupGatewayRule);
}
GroupRuleLoader.SaveGatewayRules(gwList);
return(true);
}
private void InitUI()
{
this.hostTB.Text = Settings.Store.Host;
int port = Settings.Store.Port;
this.portTB.Text = Convert.ToString(port);
this.userTB.Text = Settings.Store.User;
this.passwordTB.Text = Settings.Store.GetEncryptedSetting("Password");
this.dbTB.Text = Settings.Store.Database;
bool useSsl = Settings.Store.UseSsl;
this.useSslCB.Checked = useSsl;
// User table schema settings
this.userTableTB.Text = Settings.Store.Table;
this.unameColTB.Text = Settings.Store.UsernameColumn;
this.hashMethodColTB.Text = Settings.Store.HashMethodColumn;
this.passwdColTB.Text = Settings.Store.PasswordColumn;
this.userPrimaryKeyColTB.Text = Settings.Store.UserTablePrimaryKeyColumn;
int encodingInt = Settings.Store.HashEncoding;
Settings.HashEncoding encoding = (Settings.HashEncoding)encodingInt;
if (encoding == Settings.HashEncoding.HEX)
{
this.encHexRB.Checked = true;
}
else
{
this.encBase64RB.Checked = true;
}
// Group table schema settings
this.groupTableNameTB.Text = Settings.Store.GroupTableName;
this.groupNameColTB.Text = Settings.Store.GroupNameColumn;
this.groupTablePrimaryKeyColTB.Text = Settings.Store.GroupTablePrimaryKeyColumn;
// User-Group table settings
this.userGroupTableNameTB.Text = Settings.Store.UserGroupTableName;
this.userGroupUserFKColTB.Text = Settings.Store.UserForeignKeyColumn;
this.userGroupGroupFKColTB.Text = Settings.Store.GroupForeignKeyColumn;
// Gateway rules
List <GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();
foreach (GroupGatewayRule rule in gwLst)
{
this.gtwRulesListBox.Items.Add(rule);
}
this.gtwRuleConditionCB.SelectedIndex = 0;
}
public BooleanResult AuthorizeUser(SessionProperties properties)
{
m_logger.Debug("MySql Plugin Authorization");
bool requireAuth = Settings.Store.AuthzRequireMySqlAuth;
// If we require authentication, and we failed to auth this user, then we
// fail authorization.
if (requireAuth)
{
PluginActivityInformation actInfo = properties.GetTrackedSingle <PluginActivityInformation>();
try
{
BooleanResult mySqlResult = actInfo.GetAuthenticationResult(this.Uuid);
if (!mySqlResult.Success)
{
m_logger.InfoFormat("Deny because MySQL auth failed, and configured to require MySQL auth.");
return(new BooleanResult()
{
Success = false,
Message = "Deny because MySQL authentication failed."
});
}
}
catch (KeyNotFoundException)
{
// The plugin is not enabled for authentication
m_logger.ErrorFormat("MySQL is not enabled for authentication, and authz is configured to require auth.");
return(new BooleanResult
{
Success = false,
Message = "Deny because MySQL auth did not execute, and configured to require MySQL auth."
});
}
}
// Get the authz rules from registry
List <GroupAuthzRule> rules = GroupRuleLoader.GetAuthzRules();
if (rules.Count == 0)
{
throw new Exception("No authorization rules found.");
}
try
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
string user = userInfo.Username;
using (MySqlUserDataSource dataSource = new MySqlUserDataSource())
{
foreach (GroupAuthzRule rule in rules)
{
m_logger.DebugFormat("Checking rule: {0}", rule.ToString());
bool inGroup = false;
if (rule.RuleCondition != GroupRule.Condition.ALWAYS)
{
inGroup = dataSource.IsMemberOfGroup(user, rule.Group);
m_logger.DebugFormat("User '{0}' {1} a member of '{2}'", user,
inGroup ? "is" : "is not", rule.Group);
}
if (rule.RuleMatch(inGroup))
{
if (rule.AllowOnMatch)
{
return new BooleanResult
{
Success = true,
Message = string.Format("Allow via rule '{0}'", rule.ToString())
}
}
;
else
{
return new BooleanResult
{
Success = false,
Message = string.Format("Deny via rule '{0}'", rule.ToString())
}
};
}
}
}
// If we get this far, no rules matched. This should never happen since
// the last rule should always match (the default). Throw.
throw new Exception("Missing default authorization rule.");
}
catch (Exception e)
{
m_logger.ErrorFormat("Exception during authorization: {0}", e);
throw;
}
}
private void InitUI()
{
this.hostTB.Text = Settings.Store.Host;
int port = Settings.Store.Port;
this.portTB.Text = Convert.ToString(port);
this.userTB.Text = Settings.Store.User;
this.passwordTB.Text = Settings.Store.GetEncryptedSetting("Password");
this.dbTB.Text = Settings.Store.Database;
bool useSsl = Settings.Store.UseSsl;
this.useSslCB.Checked = useSsl;
// User table schema settings
this.userTableTB.Text = Settings.Store.Table;
this.unameColTB.Text = Settings.Store.UsernameColumn;
this.hashMethodColTB.Text = Settings.Store.HashMethodColumn;
this.passwdColTB.Text = Settings.Store.PasswordColumn;
this.userPrimaryKeyColTB.Text = Settings.Store.UserTablePrimaryKeyColumn;
int encodingInt = Settings.Store.HashEncoding;
Settings.HashEncoding encoding = (Settings.HashEncoding)encodingInt;
if (encoding == Settings.HashEncoding.HEX)
this.encHexRB.Checked = true;
else
this.encBase64RB.Checked = true;
// Group table schema settings
this.groupTableNameTB.Text = Settings.Store.GroupTableName;
this.groupNameColTB.Text = Settings.Store.GroupNameColumn;
this.groupTablePrimaryKeyColTB.Text = Settings.Store.GroupTablePrimaryKeyColumn;
// User-Group table settings
this.userGroupTableNameTB.Text = Settings.Store.UserGroupTableName;
this.userGroupUserFKColTB.Text = Settings.Store.UserForeignKeyColumn;
this.userGroupGroupFKColTB.Text = Settings.Store.GroupForeignKeyColumn;
/////////////// Authorization tab /////////////////
this.cbAuthzMySqlGroupMemberOrNot.SelectedIndex = 0;
this.cbAuthzGroupRuleAllowOrDeny.SelectedIndex = 0;
this.ckDenyWhenMySqlAuthFails.Checked = Settings.Store.AuthzRequireMySqlAuth;
List<GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules();
// The last one should be the default rule
if (lst.Count > 0 &&
lst[lst.Count - 1].RuleCondition == GroupRule.Condition.ALWAYS)
{
GroupAuthzRule rule = lst[lst.Count - 1];
if (rule.AllowOnMatch)
this.rbDefaultAllow.Checked = true;
else
this.rbDefaultDeny.Checked = true;
lst.RemoveAt(lst.Count - 1);
}
else
{
// The list is empty or the last rule is not a default rule.
throw new Exception("Default rule not found in rule list.");
}
// The rest of the rules
foreach (GroupAuthzRule rule in lst)
this.listBoxAuthzRules.Items.Add(rule);
///////////////// Gateway tab ///////////////
List<GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();
foreach (GroupGatewayRule rule in gwLst)
this.gtwRulesListBox.Items.Add(rule);
this.gtwRuleConditionCB.SelectedIndex = 0;
this.m_preventLogonWhenServerUnreachableCb.Checked = Settings.Store.PreventLogonOnServerError;
}
private bool Save()
{
int port = 0;
try
{
port = Convert.ToInt32(this.portTB.Text);
}
catch (Exception)
{
MessageBox.Show("The port must be a positive integer.");
return false;
}
Settings.Store.Host = this.hostTB.Text.Trim();
Settings.Store.Port = port;
Settings.Store.User = this.userTB.Text.Trim();
Settings.Store.SetEncryptedSetting("Password", this.passwordTB.Text);
Settings.Store.Database = this.dbTB.Text.Trim();
Settings.Store.UseSsl = this.useSslCB.Checked;
// User table settings
Settings.Store.Table = this.userTableTB.Text.Trim();
Settings.Store.UsernameColumn = this.unameColTB.Text.Trim();
Settings.Store.HashMethodColumn = this.hashMethodColTB.Text.Trim();
Settings.Store.PasswordColumn = this.passwdColTB.Text.Trim();
Settings.Store.UserTablePrimaryKeyColumn = this.userPrimaryKeyColTB.Text.Trim();
if (encHexRB.Checked)
Settings.Store.HashEncoding = (int)Settings.HashEncoding.HEX;
else
Settings.Store.HashEncoding = (int)Settings.HashEncoding.BASE_64;
// Group table schema settings
Settings.Store.GroupTableName = this.groupTableNameTB.Text.Trim();
Settings.Store.GroupNameColumn = this.groupNameColTB.Text.Trim();
Settings.Store.GroupTablePrimaryKeyColumn = this.groupTablePrimaryKeyColTB.Text.Trim();
// User-Group table settings
Settings.Store.UserGroupTableName = this.userGroupTableNameTB.Text.Trim();
Settings.Store.UserForeignKeyColumn = this.userGroupUserFKColTB.Text.Trim();
Settings.Store.GroupForeignKeyColumn = this.userGroupGroupFKColTB.Text.Trim();
////////// Authorization Tab ////////////
Settings.Store.AuthzRequireMySqlAuth = this.ckDenyWhenMySqlAuthFails.Checked;
List<GroupAuthzRule> lst = new List<GroupAuthzRule>();
foreach (Object item in this.listBoxAuthzRules.Items)
{
lst.Add(item as GroupAuthzRule);
m_logger.DebugFormat("Saving rule: {0}", item);
}
// Add the default as the last rule in the list
lst.Add(new GroupAuthzRule(this.rbDefaultAllow.Checked));
GroupRuleLoader.SaveAuthzRules(lst);
// Gateway rules
List<GroupGatewayRule> gwList = new List<GroupGatewayRule>();
foreach (Object item in this.gtwRulesListBox.Items)
{
gwList.Add(item as GroupGatewayRule);
}
GroupRuleLoader.SaveGatewayRules(gwList);
Settings.Store.PreventLogonOnServerError = m_preventLogonWhenServerUnreachableCb.Checked;
return true;
}
