bool CheckRemoteAccessPermissions(ClientCredentials clientCredentials, User user)
{
if (CheckHostIps(clientCredentials, "localhost"))
return true;
if (CheckHostIps(clientCredentials, "127.0.0.1"))
return true;
var remoteAccessPermissions = user.RemoteAccess;
if (remoteAccessPermissions == null)
return false;
switch (remoteAccessPermissions.RemoteAccessType)
{
case RemoteAccessType.RemoteAccessBanned:
return false;
case RemoteAccessType.RemoteAccessAllowed:
return true;
case RemoteAccessType.SelectivelyAllowed:
foreach (var hostNameOrIpAddress in remoteAccessPermissions.HostNameOrAddressList)
{
if (CheckHostIps(clientCredentials, hostNameOrIpAddress))
return true;
}
break;
}
return false;
}
OperationResult<bool> Authenticate(ClientCredentials clientCredentials)
{
var user = ConfigurationCashHelper.SecurityConfiguration.Users.FirstOrDefault(x => x.Login == clientCredentials.Login);
if (!CheckLogin(clientCredentials, user))
{
return OperationResult<bool>.FromError("Неверный логин или пароль");
}
if (!CheckRemoteAccessPermissions(clientCredentials, user))
{
return OperationResult<bool>.FromError("У пользователя " + clientCredentials.Login + " нет прав на подкючение к удаленному серверу c хоста: " + clientCredentials.ClientIpAddress);
}
if (!CheckUserPermissions(clientCredentials, user))
{
return OperationResult<bool>.FromError("У пользователя " + clientCredentials.Login + " нет прав на работу с программой");
}
if (!CheckSingleAdministrator(clientCredentials))
{
return OperationResult<bool>.FromError("К серверу уже подключен другой экземпляр Администратора");
}
if (!CheckClientsCount(clientCredentials))
{
return OperationResult<bool>.FromError("Сервер отказал в доступе в связи с отсутствием лицензии или достижением максимального количества клиентов");
}
return new OperationResult<bool>(true);
}
public Connection(ClientCredentials clientCredentials)
{
ClientType = clientCredentials.ClientType.ToDescription();
UID = clientCredentials.ClientUID;
FriendlyUserName = clientCredentials.FriendlyUserName;
IpAddress = clientCredentials.ClientIpAddress;
if (IpAddress.StartsWith("127.0.0.1"))
IpAddress = "localhost";
}
bool CheckUserPermissions(ClientCredentials clientCredentials, User user)
{
PermissionType? permission = null;
if (clientCredentials.ClientType == ClientType.Administrator)
permission = PermissionType.Adm_ViewConfig;
else if (clientCredentials.ClientType == ClientType.Monitor)
permission = PermissionType.Oper_Login;
if (!permission.HasValue)
return true;
return user == null ? false : user.HasPermission(permission.Value);
}
public ClientViewModel(ClientCredentials clientCredentials)
{
ClientCredentials = clientCredentials;
ClientType = clientCredentials.ClientType.ToDescription();
UID = ClientCredentials.ClientUID;
FriendlyUserName = clientCredentials.FriendlyUserName;
IpAddress = clientCredentials.ClientIpAddress;
if (IpAddress.StartsWith("127.0.0.1"))
IpAddress = "localhost";
RemoveCommand = new RelayCommand(OnRemove);
}
public OperationResult<bool> Connect(ClientCredentials clientCredentials)
{
if (DbService.ConnectionOperationResult.HasError && clientCredentials.ClientType != ClientType.Administrator)
return OperationResult<bool>.FromError("Отсутствует подключение к БД");
InitializeClientCredentials(clientCredentials);
var operationResult = Authenticate(clientCredentials);
if (operationResult.HasError)
return operationResult;
if (ClientsManager.Add(clientCredentials))
AddJournalMessage(JournalEventNameType.Вход_пользователя_в_систему, null, null, clientCredentials.ClientUID);
if (AfterConnect != null)
AfterConnect(clientCredentials.ClientUID);
return operationResult;
}
void InitializeClientCredentials(ClientCredentials clientCredentials)
{
try
{
if (OperationContext.Current.IncomingMessageProperties.Keys.Contains("Via"))
{
var uri = OperationContext.Current.IncomingMessageProperties["Via"] as Uri;
clientCredentials.ClientIpAddress = uri.Host;
}
if (OperationContext.Current.IncomingMessageProperties.Keys.Contains(RemoteEndpointMessageProperty.Name))
{
var endpoint = OperationContext.Current.IncomingMessageProperties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
clientCredentials.ClientIpAddress = endpoint.Address;
}
}
catch (Exception e)
{
Logger.Error(e, "RubezhService.InitializeClientCredentials");
}
}
public static bool Add(ClientCredentials clientCredentials)
{
if (ClientInfos.Any(x => x.UID == clientCredentials.ClientUID))
return false;
var result = true;
var existingClientInfo = ClientInfos.FirstOrDefault(x => x.ClientCredentials.UniqueId == clientCredentials.UniqueId);
if (existingClientInfo != null)
{
Remove(existingClientInfo.UID);
result = false;
}
var clientInfo = new ClientInfo();
clientInfo.UID = clientCredentials.ClientUID;
clientInfo.ClientCredentials = clientCredentials;
clientInfo.CallbackIndex = CallbackManager.Index;
ClientInfos.Add(clientInfo);
Notifier.AddClient(clientCredentials);
return result;
}
public void AddClient(ClientCredentials clientCredentials)
{
ConnectionsPresenter.AddConnection(clientCredentials);
}
public void AddClient(ClientCredentials clientCredentials)
{
SyncContext.Post(state =>
{
var connectionViewModel = new Client(clientCredentials);
_bindingSourceClients.Add(connectionViewModel);
View.EnableMenuDisconnect = _bindingSourceClients.Count > 0;
}, null);
}
public void AddClient(ClientCredentials clientCredentials)
{
ConnectionsModel.AddConnection(clientCredentials);
}
public void AddClient(ClientCredentials clientCredentials)
{
Application.Invoke(delegate
{
Clients.Add(clientCredentials);
UpdateConnectionNode();
});
}
public void AddClient(ClientCredentials clientCredentials)
{
_dispatcher.BeginInvoke((Action)(() =>
{
var connectionViewModel = new ClientViewModel(clientCredentials);
Clients.Add(connectionViewModel);
}));
}
public static void AddConnection(ClientCredentials clientCredentials)
{
Connections.Add(new Connection(clientCredentials));
// TODO: Notify
}
public static void AddConnection(ClientCredentials clientCredentials)
{
Connections.Add(new Connection(clientCredentials));
PageController.OnPageChanged(Page.Connections);
}
bool CheckSingleAdministrator(ClientCredentials clientCredentials)
{
if (clientCredentials.ClientType != ClientType.Administrator)
return true;
var administrators = ClientsManager.ClientInfos.Where(x => x.ClientCredentials.ClientType == ClientType.Administrator).ToList();
if (administrators.Count > 1)
return false;
var administrator = administrators.FirstOrDefault();
return administrator == null || administrator.ClientCredentials.UniqueId == clientCredentials.UniqueId;
}
internal static void AddClient(ClientCredentials clientCredentials)
{
if (_notifier != null)
_notifier.AddClient(clientCredentials);
}
bool CheckClientsCount(ClientCredentials clientCredentials)
{
return clientCredentials.ClientType == ClientType.Administrator || !clientCredentials.IsRemote
|| ClientsManager.ClientInfos.Count(x => x.ClientCredentials.ClientType != ClientType.Administrator && x.ClientCredentials.IsRemote)
< LicenseManager.CurrentLicenseInfo.RemoteClientsCount;
}
bool CheckHostIps(ClientCredentials clientCredentials, string hostNameOrIpAddress)
{
try
{
var addressList = Dns.GetHostEntry(hostNameOrIpAddress).AddressList;
return addressList.Any(ip => ip.ToString() == clientCredentials.ClientIpAddress);
}
catch (Exception e)
{
Logger.Error(e, "Исключение при вызове RubezhService.CheckHostIps");
return false;
}
}
void SetUserFullName(ClientCredentials clientCredentials, User user)
{
string userIp = "127.0.0.1";
try
{
if (OperationContext.Current.IncomingMessageProperties.Keys.Contains(RemoteEndpointMessageProperty.Name))
{
var endpoint = OperationContext.Current.IncomingMessageProperties[RemoteEndpointMessageProperty.Name] as RemoteEndpointMessageProperty;
userIp = endpoint.Address;
}
}
catch { }
var addressList = Dns.GetHostEntry("localhost").AddressList;
if (addressList.Any(ip => ip.ToString() == userIp))
userIp = "localhost";
clientCredentials.FriendlyUserName = user.Name;
}
bool CheckLogin(ClientCredentials clientCredentials, User user)
{
if (user == null)
{
return false;
}
if (!HashHelper.CheckPass(clientCredentials.Password, user.PasswordHash))
{
return false;
}
SetUserFullName(clientCredentials, user);
return true;
}
