/// <summary> /// Create the policy locally /// </summary> public void CreatePolicy(IPolicy policy, IPrincipal principal) { // Demand local admin var pdp = ApplicationContext.Current.GetService <IPolicyDecisionService>(); if (pdp.GetPolicyOutcome(principal ?? AuthenticationContext.Current.Principal, PolicyIdentifiers.AccessClientAdministrativeFunction) != PolicyGrantType.Grant) { throw new PolicyViolationException(PolicyIdentifiers.AccessClientAdministrativeFunction, PolicyGrantType.Deny); } var conn = this.CreateConnection(); using (conn.Lock()) { try { var polId = conn.Table <DbSecurityPolicy>().Where(o => o.Oid == policy.Oid).FirstOrDefault(); if (polId == null) { polId = new DbSecurityPolicy() { CanOverride = policy.CanOverride, Name = policy.Name, Oid = policy.Oid, Key = Guid.NewGuid() }; conn.Insert(polId); } } catch (Exception e) { this.m_tracer.TraceError("Could create policy {0}", e); } } }
/// <summary> /// Local security policy instance /// </summary> public AdoSecurityPolicyInstance(DbEntitySecurityPolicy entityPolicy, DbSecurityPolicy policy, object securable) { this.Policy = new AdoSecurityPolicy(policy); // TODO: Configuration of the policy as opt-in / opt-out this.Rule = PolicyGrantType.Grant; this.Securable = securable; }
/// <summary> /// Local security policy instance /// </summary> public AdoSecurityPolicyInstance(DbActSecurityPolicy actPolicy, DbSecurityPolicy policy, object securable) { this.Policy = new AdoSecurityPolicy(policy); // TODO: Configuration of the policy as opt-in / opt-out this.Rule = PolicyDecisionOutcomeType.Grant; this.Securable = securable; }
/// <summary> /// Create a local security policy /// </summary> public AdoSecurityPolicy(DbSecurityPolicy policy) { this.CanOverride = policy.CanOverride; this.Key = policy.Key; this.Name = policy.Name; this.Oid = policy.Oid; this.IsActive = policy.ObsoletionTime == null || policy.ObsoletionTime < DateTimeOffset.Now; if (!String.IsNullOrEmpty(policy.Handler) && !s_handlers.TryGetValue(policy.Handler, out this.m_handler)) { Type handlerType = Type.GetType(policy.Handler); if (handlerType == null) { throw new InvalidOperationException("Cannot find policy handler"); } var ci = handlerType.GetConstructor(Type.EmptyTypes); if (ci == null) { throw new InvalidOperationException("Cannot find parameterless constructor"); } this.m_handler = ci.Invoke(null) as IPolicyHandler; if (this.m_handler == null) { throw new InvalidOperationException("Policy handler does not implement IPolicyHandler"); } lock (s_lockObject) s_handlers.Add(policy.Handler, this.m_handler); } }
/// <summary> /// Local security policy instance /// </summary> public AdoSecurityPolicyInstance(DbSecurityApplicationPolicy applicationPolicy, DbSecurityPolicy policy, object securable) { this.Policy = new AdoSecurityPolicy(policy); this.Rule = (PolicyGrantType)applicationPolicy.GrantType; this.Securable = securable; }
/// <summary> /// Local security policy instance /// </summary> public AdoSecurityPolicyInstance(DbSecurityDevicePolicy devicePolicy, DbSecurityPolicy policy, object securable) { this.Policy = new AdoSecurityPolicy(policy); this.Rule = (PolicyGrantType)devicePolicy.GrantType; this.Securable = securable; }
/// <summary> /// Local security policy instance /// </summary> public AdoSecurityPolicyInstance(DbSecurityRolePolicy rolePolicy, DbSecurityPolicy policy, object securable) { this.Policy = new AdoSecurityPolicy(policy); this.Rule = (PolicyDecisionOutcomeType)rolePolicy.GrantType; this.Securable = securable; }
/// <summary> /// Local security policy instance /// </summary> public AdoSecurityPolicyInstance(DbSecurityPolicyActionableInstance policyInstance, DbSecurityPolicy policy, object securable) { this.Policy = new AdoSecurityPolicy(policy); this.Rule = (PolicyGrantType)policyInstance.GrantType; this.Securable = securable; }
/// <summary> /// Create the policy locally /// </summary> public void CreatePolicy(IPolicy policy, IPrincipal principal) { // Demand local admin if (principal != AuthenticationContext.SystemPrincipal) { ApplicationServiceContext.Current.GetService <IPolicyEnforcementService>().Demand(PermissionPolicyIdentifiers.AccessClientAdministrativeFunction, principal); } var conn = this.CreateConnection(); using (conn.Lock()) { try { var polId = conn.Table <DbSecurityPolicy>().Where(o => o.Oid == policy.Oid).FirstOrDefault(); if (polId == null) { polId = new DbSecurityPolicy() { CanOverride = policy.CanOverride, Name = policy.Name, Oid = policy.Oid, Key = policy.Key }; conn.Insert(polId); } else if (polId.Key != policy.Key) { conn.Delete(polId); polId.Key = policy.Key; conn.Insert(polId); // Update any records we have var updates = conn.Table <DbAssigningAuthority>().Where(o => o.PolicyUuid == polId.Uuid).ToList().Select(o => { o.PolicyUuid = policy.Key.ToByteArray(); return(o); }).OfType <Object>().Union( conn.Table <DbSecurityRolePolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o => { o.PolicyId = policy.Key.ToByteArray(); return(o); })).Union( conn.Table <DbSecurityApplicationPolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o => { o.PolicyId = policy.Key.ToByteArray(); return(o); })).Union( conn.Table <DbSecurityDevicePolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o => { o.PolicyId = policy.Key.ToByteArray(); return(o); })).Union( conn.Table <DbEntitySecurityPolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o => { o.PolicyId = policy.Key.ToByteArray(); return(o); }) ).Union( conn.Table <DbActSecurityPolicy>().Where(o => o.PolicyId == polId.Uuid).ToList().Select(o => { o.PolicyId = policy.Key.ToByteArray(); return(o); }) ); conn.UpdateAll(updates); } } catch (Exception e) { this.m_tracer.TraceError("Could create policy {0}", e); } } }