public static MaintainUsersTDS LoadUsersAndModulePermissions() { TDBTransaction ReadTransaction = null; MaintainUsersTDS ReturnValue = new MaintainUsersTDS(); DBAccess.GDBAccessObj.GetNewOrExistingAutoReadTransaction(IsolationLevel.ReadCommitted, TEnforceIsolationLevel.eilMinimum, ref ReadTransaction, delegate { SUserAccess.LoadAll(ReturnValue, ReadTransaction); SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, ReadTransaction); SModuleAccess.LoadAll(ReturnValue, ReadTransaction); }); // Remove Password Hash and Password 'Salt' before passing it out to the caller - these aren't needed // and it is better to not hand them out needlessly to prevent possible 'eavesdropping' by an attacker // (who could otherwise gather the Password Hashes and Password 'Salts' of all users in one go if the // attacker manages to listen to network traffic). (#5502)! foreach (var UserRow in ReturnValue.SUser.Rows) { ((SUserRow)UserRow).PasswordHash = "****************"; ((SUserRow)UserRow).PasswordSalt = "****************"; } ReturnValue.AcceptChanges(); return(ReturnValue); }
private TSubmitChangesResult StoreManualCode(ref MaintainUsersTDS ASubmitDS, out TVerificationResultCollection AVerificationResult) { AVerificationResult = new TVerificationResultCollection(); TSubmitChangesResult Result = TRemote.MSysMan.Maintenance.WebConnectors.SaveSUser(ref ASubmitDS); if (Result == TSubmitChangesResult.scrOK) { MessageBox.Show(Catalog.GetString("Changes to users will take effect at next login."), Catalog.GetString("Maintain Users")); // Reload the grid after every successful save. (This will add new password's hash and salt to the table.) Int32 rowIdx = GetSelectedRowIndex(); FPreviouslySelectedDetailRow = null; LoadUsers(); grdDetails.SelectRowWithoutFocus(rowIdx); ASubmitDS = FMainDS; btnChangePassword.Enabled = true; txtDetailPasswordHash.Enabled = false; } return(Result); }
private TSubmitChangesResult StoreManualCode(ref MaintainUsersTDS ASubmitDS, out TVerificationResultCollection AVerificationResult) { AVerificationResult = new TVerificationResultCollection(); TSubmitChangesResult Result = TRemote.MSysMan.Maintenance.WebConnectors.SaveSUser(ref ASubmitDS, TClientInfo.ClientComputerName, TClientInfo.ClientIPAddress); if (Result == TSubmitChangesResult.scrOK) { if (FChangesForCurrentUser) { MessageBox.Show(Catalog.GetString("If you made any changes to your user they will only take effect at the next login!"), Catalog.GetString("Maintain Users: Saving of Data Successful"), MessageBoxButtons.OK, MessageBoxIcon.Information); } // Reload the grid after every successful save. (This will add new password's hash and salt to the table.) Int32 rowIdx = GetSelectedRowIndex(); FPreviouslySelectedDetailRow = null; LoadUsers(); grdDetails.SelectRowWithoutFocus(rowIdx); ASubmitDS = FMainDS; btnResetPassword.Enabled = true; txtDetailPasswordHash.Enabled = false; } return(Result); }
public static MaintainUsersTDS LoadUsersAndModulePermissions() { MaintainUsersTDS ReturnValue = null; Boolean NewTransaction; TDBTransaction Transaction = DBAccess.GDBAccessObj.GetNewOrExistingTransaction(IsolationLevel.ReadCommitted, TEnforceIsolationLevel.eilMinimum, out NewTransaction); try { ReturnValue = new MaintainUsersTDS(); SUserAccess.LoadAll(ReturnValue, Transaction); SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, Transaction); SModuleAccess.LoadAll(ReturnValue, Transaction); } catch (Exception e) { TLogging.Log(e.Message); TLogging.Log(e.StackTrace); ReturnValue = null; } if (NewTransaction) { DBAccess.GDBAccessObj.RollbackTransaction(); } return(ReturnValue); }
public static MaintainUsersTDS LoadUsersAndModulePermissions() { TDBTransaction ReadTransaction = null; MaintainUsersTDS ReturnValue = new MaintainUsersTDS(); DBAccess.GDBAccessObj.GetNewOrExistingAutoReadTransaction(IsolationLevel.ReadCommitted, TEnforceIsolationLevel.eilMinimum, ref ReadTransaction, delegate { SUserAccess.LoadAll(ReturnValue, ReadTransaction); SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, ReadTransaction); SModuleAccess.LoadAll(ReturnValue, ReadTransaction); }); return(ReturnValue); }
public static TSubmitChangesResult SaveSUser(ref MaintainUsersTDS ASubmitDS) { TSubmitChangesResult ReturnValue = TSubmitChangesResult.scrError; bool CanCreateUser; bool CanChangePassword; bool CanChangePermissions; GetAuthenticationFunctionality(out CanCreateUser, out CanChangePassword, out CanChangePermissions); // make sure users are not deleted or added if this is not possible if (!CanCreateUser && (ASubmitDS.SUser != null)) { Int32 Counter = 0; while (Counter < ASubmitDS.SUser.Rows.Count) { if (ASubmitDS.SUser.Rows[Counter].RowState != DataRowState.Modified) { ASubmitDS.SUser.Rows.RemoveAt(Counter); } else { Counter++; } } } if (!CanChangePermissions && (ASubmitDS.SUserModuleAccessPermission != null)) { ASubmitDS.SUserModuleAccessPermission.Clear(); } // TODO: if user module access permissions have changed, automatically update the table access permissions? if (ASubmitDS.SUser != null) { foreach (SUserRow user in ASubmitDS.SUser.Rows) { // for new users: create users on the alternative authentication method if (user.RowState == DataRowState.Added) { CreateUser(user.UserId, user.PasswordHash, user.FirstName, user.LastName, string.Empty); user.AcceptChanges(); } // If a password has been added for the first time there will be a (unecrypted) password and no salt. // Create salt and hash. else if ((user.PasswordHash.Length > 0) && user.IsPasswordSaltNull()) { user.PasswordSalt = PasswordHelper.GetNewPasswordSalt(); user.PasswordHash = PasswordHelper.GetPasswordHash(user.PasswordHash, user.PasswordSalt); user.PasswordNeedsChange = true; } } } try { MaintainUsersTDSAccess.SubmitChanges(ASubmitDS); ReturnValue = TSubmitChangesResult.scrOK; } catch (Exception e) { TLogging.Log(e.Message); TLogging.Log(e.StackTrace); ReturnValue = TSubmitChangesResult.scrError; } return(ReturnValue); }
public static TSubmitChangesResult SaveSUser(ref MaintainUsersTDS ASubmitDS) { TSubmitChangesResult ReturnValue = TSubmitChangesResult.scrError; bool CanCreateUser; bool CanChangePassword; bool CanChangePermissions; GetAuthenticationFunctionality(out CanCreateUser, out CanChangePassword, out CanChangePermissions); // make sure users are not deleted or added if this is not possible if (!CanCreateUser && (ASubmitDS.SUser != null)) { Int32 Counter = 0; while (Counter < ASubmitDS.SUser.Rows.Count) { if (ASubmitDS.SUser.Rows[Counter].RowState != DataRowState.Modified) { ASubmitDS.SUser.Rows.RemoveAt(Counter); } else { Counter++; } } } if (!CanChangePermissions && (ASubmitDS.SUserModuleAccessPermission != null)) { ASubmitDS.SUserModuleAccessPermission.Clear(); } // TODO: if user module access permissions have changed, automatically update the table access permissions? if (ASubmitDS.SUser != null) { foreach (SUserRow user in ASubmitDS.SUser.Rows) { // for new users: create users on the alternative authentication method if (user.RowState == DataRowState.Added) { CreateUser(user.UserId, user.PasswordHash, user.FirstName, user.LastName, string.Empty); user.AcceptChanges(); } // If a password has been added for the first time there will be a (unecrypted) password and no salt. // Create salt and hash. else if ((user.PasswordHash.Length > 0) && user.IsPasswordSaltNull()) { user.PasswordSalt = PasswordHelper.GetNewPasswordSalt(); user.PasswordHash = PasswordHelper.GetPasswordHash(user.PasswordHash, user.PasswordSalt); user.PasswordNeedsChange = true; } } } try { MaintainUsersTDSAccess.SubmitChanges(ASubmitDS); ReturnValue = TSubmitChangesResult.scrOK; } catch (Exception e) { TLogging.Log(e.Message); TLogging.Log(e.StackTrace); ReturnValue = TSubmitChangesResult.scrError; } return ReturnValue; }
public static MaintainUsersTDS LoadUsersAndModulePermissions() { TDBTransaction ReadTransaction = null; MaintainUsersTDS ReturnValue = new MaintainUsersTDS(); DBAccess.GDBAccessObj.GetNewOrExistingAutoReadTransaction(IsolationLevel.ReadCommitted, TEnforceIsolationLevel.eilMinimum, ref ReadTransaction, delegate { SUserAccess.LoadAll(ReturnValue, ReadTransaction); SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, ReadTransaction); SModuleAccess.LoadAll(ReturnValue, ReadTransaction); }); return ReturnValue; }
private TSubmitChangesResult StoreManualCode(ref MaintainUsersTDS ASubmitDS, out TVerificationResultCollection AVerificationResult) { AVerificationResult = null; TSubmitChangesResult Result = TRemote.MSysMan.Maintenance.WebConnectors.SaveSUser(ref ASubmitDS); if (Result == TSubmitChangesResult.scrOK) { MessageBox.Show(Catalog.GetString("Changes to users will take effect at next login."), Catalog.GetString("Maintain Users")); // Reload the grid after every successful save. (This will add new password's hash and salt to the table.) LoadUsers(); btnChangePassword.Enabled = true; txtDetailPasswordHash.Enabled = false; } return Result; }
public static TSubmitChangesResult SaveSUser(ref MaintainUsersTDS ASubmitDS, string AClientComputerName, string AClientIPAddress) { TSubmitChangesResult ReturnValue = TSubmitChangesResult.scrError; TDBTransaction SubmitChangesTransaction = null; bool CanCreateUser; bool CanChangePassword; bool CanChangePermissions; int PwdSchemeVersionUpTillNow; int CurrentPwdSchemeVersion = TPasswordHelper.CurrentPasswordSchemeNumber; MaintainUsersTDS SubmitDS; SubmitDS = ASubmitDS; GetAuthenticationFunctionality(out CanCreateUser, out CanChangePassword, out CanChangePermissions); // make sure users are not deleted or added if this is not possible if (!CanCreateUser && (ASubmitDS.SUser != null)) { Int32 Counter = 0; while (Counter < ASubmitDS.SUser.Rows.Count) { if (ASubmitDS.SUser.Rows[Counter].RowState != DataRowState.Modified) { ASubmitDS.SUser.Rows.RemoveAt(Counter); } else { Counter++; } } } if (!CanChangePermissions && (ASubmitDS.SUserModuleAccessPermission != null)) { ASubmitDS.SUserModuleAccessPermission.Clear(); } // TODO: if user module access permissions have changed, automatically update the table access permissions? DBAccess.SimpleAutoTransactionWrapper(IsolationLevel.Serializable, "SaveSUser", out SubmitChangesTransaction, ref ReturnValue, delegate { if (SubmitDS.SUser != null) { foreach (SUserRow user in SubmitDS.SUser.Rows) { // for new users: create users on the alternative authentication method if (user.RowState == DataRowState.Added) { CreateUser(user.UserId, user.PasswordHash, user.FirstName, user.LastName, string.Empty, AClientComputerName, AClientIPAddress, SubmitChangesTransaction); user.AcceptChanges(); } else { PwdSchemeVersionUpTillNow = user.PwdSchemeVersion; // Has the 'Account Locked' state changed? if (Convert.ToBoolean(user[SUserTable.GetAccountLockedDBName(), DataRowVersion.Original]) != user.AccountLocked) { if (user.AccountLocked) { TUserAccountActivityLog.AddUserAccountActivityLogEntry(user.UserId, TUserAccountActivityLog.USER_ACTIVITY_USER_ACCOUNT_GOT_LOCKED, String.Format( StrUserChangedOtherUsersLockedState, UserInfo.GUserInfo.UserID, user.UserId, Catalog.GetString("locked")) + String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress), SubmitChangesTransaction); } else { TUserAccountActivityLog.AddUserAccountActivityLogEntry(user.UserId, TUserAccountActivityLog.USER_ACTIVITY_USER_ACCOUNT_GOT_UNLOCKED, String.Format( StrUserChangedOtherUsersLockedState, UserInfo.GUserInfo.UserID, user.UserId, Catalog.GetString("unlocked")) + String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress), SubmitChangesTransaction); // If the user account got locked when a Password Hashing Scheme was in place that isn't // the current one then require the user to change his/her password on next login. This is to // ensure that the Password Hash and Salt that gets placed in the s_user table record of this // user at his/her next logon isn't just the new Password Hash and Salt of the password that // the user had used when the user account got Locked (the Password Hashing Scheme of that user // will get upgraded to the current one then, but in case the system administrator locked the user // account because (s)he suspects a security breach then any future attempts to use the previous // password will be thwarted). if (PwdSchemeVersionUpTillNow != CurrentPwdSchemeVersion) { user.PasswordNeedsChange = true; } } } // Has the 'Retired' state changed? if (Convert.ToBoolean(user[SUserTable.GetRetiredDBName(), DataRowVersion.Original]) != user.Retired) { if (user.Retired) { TUserAccountActivityLog.AddUserAccountActivityLogEntry(user.UserId, TUserAccountActivityLog.USER_ACTIVITY_USER_GOT_RETIRED, String.Format( StrUserChangedOtherUsersRetiredState, UserInfo.GUserInfo.UserID, user.UserId, Catalog.GetString("retired")) + String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress), SubmitChangesTransaction); } else { TUserAccountActivityLog.AddUserAccountActivityLogEntry(user.UserId, TUserAccountActivityLog.USER_ACTIVITY_USER_GOT_UNRETIRED, String.Format( StrUserChangedOtherUsersRetiredState, UserInfo.GUserInfo.UserID, user.UserId, Catalog.GetString("no longer retired")) + String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress), SubmitChangesTransaction); // If the user account got retired when a Password Hashing Scheme was in place that isn't // the current one then require the user to change his/her password on next login. This is to // ensure that the Password Hash and Salt that gets placed in the s_user table record of this // user at his/her next logon isn't just the new Password Hash and Salt of the password that // the user had used when the user account got Retired (the Password Hashing Scheme of that user // will get upgraded to the current one then, but in case the system administrator retired the user // account because (s)he suspects a security breach then any future attempts to use the previous // password will be thwarted). if (PwdSchemeVersionUpTillNow != CurrentPwdSchemeVersion) { user.PasswordNeedsChange = true; } } } } } } try { MaintainUsersTDSAccess.SubmitChanges(SubmitDS, SubmitChangesTransaction.DataBaseObj); ReturnValue = TSubmitChangesResult.scrOK; } catch (Exception e) { TLogging.Log(e.Message); TLogging.Log(e.StackTrace); throw; } }); ASubmitDS = SubmitDS; return(ReturnValue); }
public static MaintainUsersTDS LoadUsersAndModulePermissions() { MaintainUsersTDS ReturnValue = null; Boolean NewTransaction; TDBTransaction Transaction = DBAccess.GDBAccessObj.GetNewOrExistingTransaction(IsolationLevel.ReadCommitted, TEnforceIsolationLevel.eilMinimum, out NewTransaction); try { ReturnValue = new MaintainUsersTDS(); SUserAccess.LoadAll(ReturnValue, Transaction); SUserModuleAccessPermissionAccess.LoadAll(ReturnValue, Transaction); SModuleAccess.LoadAll(ReturnValue, Transaction); } catch (Exception e) { TLogging.Log(e.Message); TLogging.Log(e.StackTrace); ReturnValue = null; } if (NewTransaction) { DBAccess.GDBAccessObj.RollbackTransaction(); } return ReturnValue; }