protected void DemandAdministratorPermissions()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
try
{
acls[securityGuid].DemandPermission();
}
catch (KeyNotFoundException)
{
Logger.Fatal("SecurityManager did not register to itself.");
throw;
}
catch (System.Security.SecurityException e)
{
Logger.Error("User " + GetCurrentUser() + " was denied administrator permissions.", e);
throw;
}
catch (Exception e)
{
Logger.Error("Unexpected exception occurred while demanding administrator permissions.", e);
throw new System.Security.SecurityException("An unexpected exception occurred while demanding administrator permissions. Operation was denied.", e);
}
}
}
public void Authenticate(string user, string password)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (!users.ContainsKey(user))
{
Logger.Error("Local login failed for username " + user);
throw new System.Security.SecurityException("Invalid authentication. User or password incorrect.");
}
if (users[user].Password == password)
{
if (users[user].LastConnect < DateTime.Now - new TimeSpan(0, 10, 0))
{
Logger.Info("User " + user + " authenticated locally");
}
users[user].SetUserConnected();
System.Threading.Thread.CurrentPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(user), new string[] { USER_ROLE });
}
else
{
Logger.Error("User " + user + " failed to authenticate locally.");
throw new System.Security.SecurityException("Invalid authentication. User or password incorrect.");
}
}
}
private void FixAdministrator()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (users.Count == 0)
{
Logger.Warn("No users found, adding Administrator account with default password");
l.UpgradeToWriterLock();
UserInfo adminInfo = new UserInfo("Administrator", "ServerChecker4");
users.Add(adminInfo.Username, adminInfo);
l.DowngradeToReaderLock();
}
SecuritySubject me = acls[securityGuid];
System.Collections.Specialized.StringCollection permissions = new System.Collections.Specialized.StringCollection();
permissions.AddRange(me.GetPermissions());
if (permissions.Count == 0)
{
Logger.Warn("No permissions found for SecurityManager. Adding permission for Administrator account");
l.UpgradeToWriterLock();
me.AddPermission("Administrator");
l.DowngradeToReaderLock();
}
}
}
public void UnregisterSubject(Guid guid, bool remove)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
try
{
SecuritySubject subject = acls[guid];
acls.Remove(guid);
if (remove)
{
l.UpgradeToWriterLock();
subjects.Remove(subject.Name);
l.DowngradeToReaderLock();
}
}
catch (KeyNotFoundException)
{
Logger.Error("Tried unregistering subject that never registered.");
throw;
}
catch (Exception e)
{
Logger.Error("An unexpected error occurred during unregistering of a subject.", e);
throw;
}
}
SaveSettings();
}
public void Authenticate(string user, string base64HMAC, byte[] nonce, System.IO.MemoryStream stream)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (!users.ContainsKey(user))
{
Logger.Error("Someone tried to login with username " + user);
throw new System.Security.SecurityException("Invalid authentication. Check your username and password.");
}
string password = users[user].Password;
byte[] key = new System.Security.Cryptography.Rfc2898DeriveBytes(password, nonce, 997).GetBytes(64);
System.Security.Cryptography.HMACSHA512 hmac = new System.Security.Cryptography.HMACSHA512(key);
string computedBase64HMAC = Convert.ToBase64String(hmac.ComputeHash(stream.ToArray()));
stream.Seek(0, System.IO.SeekOrigin.Begin);
if (base64HMAC == computedBase64HMAC)
{
if (users[user].LastConnect < DateTime.Now - new TimeSpan(0, 10, 0))
{
Logger.Info("User " + user + " authenticated.");
}
users[user].SetUserConnected();
System.Threading.Thread.CurrentPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(user), new string[] { USER_ROLE });
}
else
{
Logger.Error("User " + user + " failed to authenticate.");
throw new System.Security.SecurityException("Invalid authentication. Check your username and password.");
}
}
}
public void DemandPermissions(Guid guid, string operation)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
try
{
acls[guid].DemandPermission(operation);
}
catch (System.Security.SecurityException)
{
Logger.Error("User " + GetCurrentUser() + " was denied access to subject " + acls[guid].Name + " for operation " + operation);
throw;
}
catch (KeyNotFoundException e)
{
Logger.Error("Subject was not registered.");
throw new System.Security.SecurityException("The subject is not registered. Permission was denied.", e);
}
catch (Exception e)
{
Logger.Error("An unexpected error occurred while demanding permissions for subject " + acls[guid].Name + " and operation " + operation + ".", e);
throw new System.Security.SecurityException("An unexpected error occurred.", e);
}
}
}
private void SaveSettings()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
settingsProviders.SaveSettings(Settings);
}
}
public bool HavePermission(Guid guid, string operation)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
return(acls[guid].HavePermission(operation));
}
}
public SC.Interfaces.INetwork[] GetAllowedClientNetworks()
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
return(clients.ToArray());
}
}
public string[] GetSubjects()
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
return(new List <string>(subjects.Keys).ToArray());
}
}
public string[] GetPermissions(string subject, string operation)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
return(subjects[subject].GetPermissions(operation));
}
}
public void AddPermission(string subject, string username)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
Logger.Info("User " + GetCurrentUser() + " gave user " + username + " access to subject " + subject);
subjects[subject].AddPermission(username);
}
SaveSettings();
}
public void RemovePermission(string subject, string username, string operation)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
Logger.Info("User " + GetCurrentUser() + " removed permissions for user " + username + " to subject " + subject + " for operation " + operation);
subjects[subject].RemovePermission(username, operation);
}
SaveSettings();
}
private Guid RegisterSubject(string name, string[] additionalOperations, string username)
{
Logger.Debug("Registered subject " + name);
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
SecuritySubject subject;
if (!subjects.ContainsKey(name))
{
if (username == null)
{
subjects[name] = new SecuritySubject(name);
}
else
{
subjects[name] = new SecuritySubject(name, username);
}
}
subject = subjects[name];
Guid guid = Guid.NewGuid();
while (acls.ContainsKey(guid))
{
guid = Guid.NewGuid();
}
acls.Add(guid, subject);
if (additionalOperations != null)
{
Logger.Debug("Additional operations " + string.Join(", ", additionalOperations));
System.Collections.Specialized.StringCollection operations = new System.Collections.Specialized.StringCollection();
operations.AddRange(additionalOperations);
foreach (string op in operations)
{
if (!subject.HaveOperation(op))
{
subject.AddOperation(op);
}
}
operations.Add(Operation.DEFAULT_OPERATION);
foreach (string op in subject.GetOperations())
{
if (!operations.Contains(op))
{
subject.RemoveOperation(op);
}
}
}
return(guid);
}
}
private void RestoreSettings()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
SecuritySettings mysettings = settingsProviders.RestoreSettings(typeof(SecuritySettings)) as SecuritySettings;
if (mysettings != null)
{
Settings = mysettings;
}
}
}
internal string[] GetDefaultAccess()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (subjects.ContainsKey("SecurityManager"))
{
return(subjects["SecurityManager"].GetPermissions()); // current admin permissions
}
else
{
return(new string[] { "Administrator" });
}
}
}
public bool IsClientIPAllowed(System.Net.IPAddress address)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
foreach (SC.Security.Network net in clients)
{
if (net.IsHostInNet(address))
{
return(true);
}
}
return(false);
}
}
public void RemoveAllowedClientNetwork(SC.Interfaces.INetwork network)
{
SC.Security.Network net = new Network(network.Address, network.Netmask);
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
if (!clients.Remove(net))
{
Logger.Error("Removal of network " + net.ToString() + " failed because it is not in the access list.");
throw new ArgumentException("Given network is not present in list");
}
Logger.Info("Network " + net.ToString() + " was removed from the access list.");
}
}
public void RemoveUser(string username)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
Logger.Info("User " + username + " was removed.");
users.Remove(username);
foreach (SecuritySubject subject in subjects.Values)
{
subject.RemovePermission(username);
}
}
SaveSettings();
}
public void SetPassword(string username, string password)
{
bool canSet = false;
// if (!canSet)
// {
try
{
new System.Security.Permissions.PrincipalPermission(username, USER_ROLE).Demand();
canSet = true;
}
catch (System.Security.SecurityException)
{
// We're not the user
}
// }
if (!canSet)
{
try
{
DemandAdministratorPermissions();
canSet = true;
}
catch (System.Security.SecurityException)
{
// We're not an administrator
}
}
if (!canSet)
{
Logger.Error("User " + GetCurrentUser() + " tried settings password for user " + username + ". The operation was denied.");
throw new System.Security.SecurityException("You cannot set other users' password without administrator privileges. Your action will be reported.");
}
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
if (!users.ContainsKey(username))
{
throw new SC.Interfaces.SCException("The given username doesn't exist.");
}
Logger.Info("User " + username + " changed password.");
users[username].Password = password;
}
}
private void AddAllowedClientNetwork(Network network)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
foreach (SC.Security.Network net in clients)
{
if (net.IsHostInNet(network.Address) || network.IsHostInNet(net.Address))
{
Logger.Error("Network add failed because network " + network.ToString() + " is contained in " + net.ToString());
throw new ArgumentException("Cannot add network because it contains or is contained in another network: " + net.ToString());
}
}
l.UpgradeToWriterLock();
Logger.Info("Adding network " + network.ToString() + " to the access list.");
clients.Add(network);
}
}
public void AddUser(string username, string password)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
if (users.ContainsKey(username))
{
throw new SC.Interfaces.SCException("A user with name " + username + " already exists.");
}
if (username == SYSTEM_ACCOUNT)
{
throw new SC.Interfaces.SCException("Invalid username.");
}
UserInfo newUser = new UserInfo(username, password);
Logger.Info("Adding user " + username);
users.Add(newUser.Username, newUser);
}
SaveSettings();
}
private void FixAdministrator()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (users.Count == 0)
{
Logger.Warn("No users found, adding Administrator account with default password");
l.UpgradeToWriterLock();
UserInfo adminInfo = new UserInfo("Administrator", "ServerChecker4");
users.Add(adminInfo.Username, adminInfo);
l.DowngradeToReaderLock();
}
SecuritySubject me = acls[securityGuid];
System.Collections.Specialized.StringCollection permissions = new System.Collections.Specialized.StringCollection();
permissions.AddRange(me.GetPermissions());
if (permissions.Count == 0)
{
Logger.Warn("No permissions found for SecurityManager. Adding permission for Administrator account");
l.UpgradeToWriterLock();
me.AddPermission("Administrator");
l.DowngradeToReaderLock();
}
}
}
private void RestoreSettings()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
SecuritySettings mysettings = settingsProviders.RestoreSettings(typeof(SecuritySettings)) as SecuritySettings;
if (mysettings != null)
{
Settings = mysettings;
}
}
}
private Guid RegisterSubject(string name, string[] additionalOperations, string username)
{
Logger.Debug("Registered subject " + name);
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
SecuritySubject subject;
if (!subjects.ContainsKey(name))
{
if (username == null)
subjects[name] = new SecuritySubject(name);
else
subjects[name] = new SecuritySubject(name, username);
}
subject = subjects[name];
Guid guid = Guid.NewGuid();
while (acls.ContainsKey(guid))
guid = Guid.NewGuid();
acls.Add(guid, subject);
if (additionalOperations != null)
{
Logger.Debug("Additional operations " + string.Join(", ", additionalOperations));
System.Collections.Specialized.StringCollection operations = new System.Collections.Specialized.StringCollection();
operations.AddRange(additionalOperations);
foreach (string op in operations)
{
if (!subject.HaveOperation(op))
subject.AddOperation(op);
}
operations.Add(Operation.DEFAULT_OPERATION);
foreach (string op in subject.GetOperations())
{
if (!operations.Contains(op))
subject.RemoveOperation(op);
}
}
return guid;
}
}
public string[] GetUsers()
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
return new List<string>(users.Keys).ToArray();
}
}
public string[] GetPermissions(string subject, string operation)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
return subjects[subject].GetPermissions(operation);
}
}
public void DemandPermissions(Guid guid, string operation)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
try
{
acls[guid].DemandPermission(operation);
}
catch (System.Security.SecurityException)
{
Logger.Error("User " + GetCurrentUser() + " was denied access to subject " + acls[guid].Name + " for operation " + operation);
throw;
}
catch (KeyNotFoundException e)
{
Logger.Error("Subject was not registered.");
throw new System.Security.SecurityException("The subject is not registered. Permission was denied.", e);
}
catch (Exception e)
{
Logger.Error("An unexpected error occurred while demanding permissions for subject " + acls[guid].Name + " and operation " + operation + ".", e);
throw new System.Security.SecurityException("An unexpected error occurred.", e);
}
}
}
public void UnregisterSubject(Guid guid, bool remove)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
try
{
SecuritySubject subject = acls[guid];
acls.Remove(guid);
if (remove)
{
l.UpgradeToWriterLock();
subjects.Remove(subject.Name);
l.DowngradeToReaderLock();
}
}
catch (KeyNotFoundException)
{
Logger.Error("Tried unregistering subject that never registered.");
throw;
}
catch (Exception e)
{
Logger.Error("An unexpected error occurred during unregistering of a subject.", e);
throw;
}
}
SaveSettings();
}
protected void DemandAdministratorPermissions()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
try
{
acls[securityGuid].DemandPermission();
}
catch (KeyNotFoundException)
{
Logger.Fatal("SecurityManager did not register to itself.");
throw;
}
catch (System.Security.SecurityException e)
{
Logger.Error("User " + GetCurrentUser() + " was denied administrator permissions.", e);
throw;
}
catch (Exception e)
{
Logger.Error("Unexpected exception occurred while demanding administrator permissions.", e);
throw new System.Security.SecurityException("An unexpected exception occurred while demanding administrator permissions. Operation was denied.", e);
}
}
}
private void SaveSettings()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
settingsProviders.SaveSettings(Settings);
}
}
public void RemoveAllowedClientNetwork(SC.Interfaces.INetwork network)
{
SC.Security.Network net = new Network(network.Address, network.Netmask);
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
if (!clients.Remove(net))
{
Logger.Error("Removal of network " + net.ToString() + " failed because it is not in the access list.");
throw new ArgumentException("Given network is not present in list");
}
Logger.Info("Network " + net.ToString() + " was removed from the access list.");
}
}
public void Authenticate(string user, string password)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (!users.ContainsKey(user))
{
Logger.Error("Local login failed for username " + user);
throw new System.Security.SecurityException("Invalid authentication. User or password incorrect.");
}
if (users[user].Password == password)
{
if (users[user].LastConnect < DateTime.Now - new TimeSpan(0, 10, 0))
Logger.Info("User " + user + " authenticated locally");
users[user].SetUserConnected();
System.Threading.Thread.CurrentPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(user), new string[] { USER_ROLE });
}
else
{
Logger.Error("User " + user + " failed to authenticate locally.");
throw new System.Security.SecurityException("Invalid authentication. User or password incorrect.");
}
}
}
public void RemovePermission(string subject, string username, string operation)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
Logger.Info("User " + GetCurrentUser() + " removed permissions for user " + username + " to subject " + subject + " for operation " + operation);
subjects[subject].RemovePermission(username, operation);
}
SaveSettings();
}
public void RemoveUser(string username)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
Logger.Info("User " + username + " was removed.");
users.Remove(username);
foreach (SecuritySubject subject in subjects.Values)
{
subject.RemovePermission(username);
}
}
SaveSettings();
}
public void SetPassword(string username, string password)
{
bool canSet = false;
// if (!canSet)
// {
try
{
new System.Security.Permissions.PrincipalPermission(username, USER_ROLE).Demand();
canSet = true;
}
catch (System.Security.SecurityException)
{
// We're not the user
}
// }
if (!canSet)
{
try
{
DemandAdministratorPermissions();
canSet = true;
}
catch (System.Security.SecurityException)
{
// We're not an administrator
}
}
if (!canSet)
{
Logger.Error("User " + GetCurrentUser() + " tried settings password for user " + username + ". The operation was denied.");
throw new System.Security.SecurityException("You cannot set other users' password without administrator privileges. Your action will be reported.");
}
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
if (!users.ContainsKey(username))
throw new SC.Interfaces.SCException("The given username doesn't exist.");
Logger.Info("User " + username + " changed password.");
users[username].Password = password;
}
}
private void AddAllowedClientNetwork(Network network)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
foreach (SC.Security.Network net in clients)
{
if (net.IsHostInNet(network.Address) || network.IsHostInNet(net.Address))
{
Logger.Error("Network add failed because network " + network.ToString() + " is contained in " + net.ToString());
throw new ArgumentException("Cannot add network because it contains or is contained in another network: " + net.ToString());
}
}
l.UpgradeToWriterLock();
Logger.Info("Adding network " + network.ToString() + " to the access list.");
clients.Add(network);
}
}
public bool IsClientIPAllowed(System.Net.IPAddress address)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
foreach (SC.Security.Network net in clients)
{
if (net.IsHostInNet(address))
return true;
}
return false;
}
}
public SC.Interfaces.INetwork[] GetAllowedClientNetworks()
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
return clients.ToArray();
}
}
public bool HavePermission(Guid guid, string operation)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
return acls[guid].HavePermission(operation);
}
}
public void Authenticate(string user, string base64HMAC, byte[] nonce, System.IO.MemoryStream stream)
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (!users.ContainsKey(user))
{
Logger.Error("Someone tried to login with username " + user);
throw new System.Security.SecurityException("Invalid authentication. Check your username and password.");
}
string password = users[user].Password;
byte[] key = new System.Security.Cryptography.Rfc2898DeriveBytes(password, nonce, 997).GetBytes(64);
System.Security.Cryptography.HMACSHA512 hmac = new System.Security.Cryptography.HMACSHA512(key);
string computedBase64HMAC = Convert.ToBase64String(hmac.ComputeHash(stream.ToArray()));
stream.Seek(0, System.IO.SeekOrigin.Begin);
if (base64HMAC == computedBase64HMAC)
{
if (users[user].LastConnect < DateTime.Now - new TimeSpan(0, 10, 0))
Logger.Info("User " + user + " authenticated.");
users[user].SetUserConnected();
System.Threading.Thread.CurrentPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(user), new string[] { USER_ROLE });
}
else
{
Logger.Error("User " + user + " failed to authenticate.");
throw new System.Security.SecurityException("Invalid authentication. Check your username and password.");
}
}
}
public void AddUser(string username, string password)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
if (users.ContainsKey(username))
throw new SC.Interfaces.SCException("A user with name " + username + " already exists.");
if (username == SYSTEM_ACCOUNT)
throw new SC.Interfaces.SCException("Invalid username.");
UserInfo newUser = new UserInfo(username, password);
Logger.Info("Adding user " + username);
users.Add(newUser.Username, newUser);
}
SaveSettings();
}
public void AddPermission(string subject, string username)
{
DemandAdministratorPermissions();
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForWriting))
{
Logger.Info("User " + GetCurrentUser() + " gave user " + username + " access to subject " + subject);
subjects[subject].AddPermission(username);
}
SaveSettings();
}
internal string[] GetDefaultAccess()
{
using (SC.Utility.Lock l = new SC.Utility.Lock(secLock, SC.Utility.Lock.LockType.ForReading))
{
if (subjects.ContainsKey("SecurityManager"))
return subjects["SecurityManager"].GetPermissions(); // current admin permissions
else
{
return new string[] { "Administrator" };
}
}
}
