public bool GetUserPermission(FilterAPI.MessageSendData messageSend, ref FilterAPI.MessageReplyData messageReply) { Boolean retVal = true; string userPassword = string.Empty; string fileName = messageSend.FileName; string lastError = string.Empty; string processName = string.Empty; string userName = string.Empty; bool isFirstAccess = false; CacheUserAccessInfo cacheUserAccessInfo = new CacheUserAccessInfo(); try { FilterAPI.DecodeProcessName(messageSend.ProcessId, out processName); FilterAPI.DecodeUserName(messageSend.Sid, out userName); string index = (userName + "_" + processName + "_" + fileName).ToLower(); //cache the same user/process/filename access. lock (userAccessCache) { if (userAccessCache.ContainsKey(index)) { cacheUserAccessInfo = userAccessCache[index]; EventManager.WriteMessage(446, "GetUserPermission", EventLevel.Verbose, "Thread" + Thread.CurrentThread.ManagedThreadId + ",userInfoKey " + index + " exists in the cache table."); } else { isFirstAccess = true; cacheUserAccessInfo.index = index; cacheUserAccessInfo.lastAccessTime = DateTime.Now; userAccessCache.Add(index, cacheUserAccessInfo); EventManager.WriteMessage(435, "GetUserPermission", EventLevel.Verbose, "Thread" + Thread.CurrentThread.ManagedThreadId + ",add userInfoKey " + index + " to the cache table."); } } //synchronize the same file access. if (!cacheUserAccessInfo.syncEvent.WaitOne(new TimeSpan(0, 0, (int)GlobalConfig.ConnectionTimeOut))) { string info = "User name: " + userName + ",processname:" + processName + ",file name:" + fileName + " wait for permission timeout."; EventManager.WriteMessage(402, "GetUserPermission", EventLevel.Warning, info); } TimeSpan timeSpan = DateTime.Now - cacheUserAccessInfo.lastAccessTime; if (!isFirstAccess && timeSpan.TotalSeconds < cacheTimeOutInSeconds) { //the access was cached, return the last access status. retVal = cacheUserAccessInfo.accessStatus; string info = "thread" + Thread.CurrentThread.ManagedThreadId + ", Cached userInfoKey " + index + " in the cache table,return " + retVal; EventManager.WriteMessage(451, "GetUserPermission", EventLevel.Verbose, info); return(retVal); } DRPolicyData drPolicyData = new DRPolicyData(); retVal = GetDRPolicyDataFromDataBuffer(messageSend.DataBuffer, messageSend.Length, ref drPolicyData, ref lastError); if (!retVal) { EventManager.WriteMessage(258, "GetUserPermission", EventLevel.Error, "Process encrypted file failed because of error:" + lastError); } else { if ((drPolicyData.AESFlags & AESFlags.Flags_Enabled_Check_User_Password) == AESFlags.Flags_Enabled_Check_User_Password) { string messageInfo = "User name: " + userName + ",processname:" + processName + ",file name:" + fileName + "\n\n Enter password in password windows."; EventManager.WriteMessage(301, "Request user password.", EventLevel.Verbose, messageInfo); UserPasswordForm userPasswordForm = new UserPasswordForm(userName, processName, fileName); userPasswordForm.BringToFront(); userPasswordForm.Focus(); userPasswordForm.TopMost = true; if (userPasswordForm.ShowDialog() == System.Windows.Forms.DialogResult.OK) { userPassword = userPasswordForm.userPassword; } } if ((drPolicyData.AESFlags & AESFlags.Flags_Enabled_Revoke_Access_Control) == AESFlags.Flags_Enabled_Revoke_Access_Control) { retVal = GetAccessPermissionFromServer(messageSend, drPolicyData, userName, processName, userPassword, ref cacheUserAccessInfo); } else { if (drPolicyData.UserPassword.Length > 0) { if (!string.Equals(userPassword, drPolicyData.UserPassword)) { retVal = false; } } } } cacheUserAccessInfo.accessStatus = retVal; } catch (Exception ex) { EventManager.WriteMessage(340, "GetUserPermission", EventLevel.Error, "filter callback exception." + ex.Message); retVal = false; } finally { if (!string.IsNullOrEmpty(cacheUserAccessInfo.key)) { byte[] encryptKey = Utils.ConvertHexStrToByteArray(cacheUserAccessInfo.key); byte[] encryptIV = Utils.ConvertHexStrToByteArray(cacheUserAccessInfo.iv); //write the iv and key to the reply data buffer with format FilterAPI.AESDataBuffer MemoryStream ms = new MemoryStream(messageReply.DataBuffer); BinaryWriter bw = new BinaryWriter(ms); bw.Write(encryptIV); bw.Write(encryptKey.Length); bw.Write(encryptKey); messageReply.DataBufferLength = (uint)ms.Length; } cacheUserAccessInfo.lastAccessTime = DateTime.Now; cacheUserAccessInfo.syncEvent.Set(); } return(retVal); }
private bool GetAccessPermissionFromServer(FilterAPI.MessageSendData messageSend, DRPolicyData drPolicyData, string userName, string processName, string userPassword, ref CacheUserAccessInfo cacheUserAccessInfo) { Boolean retVal = true; string fileName = messageSend.FileName; string lastError = string.Empty; try { UserInfo userInfo = new UserInfo(); string keyStr = string.Empty; string ivStr = string.Empty; userInfo.FileName = Path.GetFileName(messageSend.FileName) + DigitalRightControl.SECURE_SHARE_FILE_EXTENSION; userInfo.AccountName = drPolicyData.AccountName; userInfo.ProcessName = processName; userInfo.UserName = userName; userInfo.UserPassword = userPassword; userInfo.CreationTime = drPolicyData.CreationTime; byte[] computerId = new byte[52]; uint computerIdLength = (uint)computerId.Length; IntPtr computerIdPtr = Marshal.UnsafeAddrOfPinnedArrayElement(computerId, 0); retVal = FilterAPI.GetUniqueComputerId(computerIdPtr, ref computerIdLength); if (!retVal) { string message = "Get computerId failed,return error:" + FilterAPI.GetLastErrorMessage(); EventManager.WriteMessage(366, "GetAccessPermissionFromServer", EventLevel.Error, message); return(retVal); } Array.Resize(ref computerId, (int)computerIdLength); userInfo.ComputerId = UnicodeEncoding.Unicode.GetString(computerId); string userInfoStr = DigitalRightControl.EncryptObjectToStr <UserInfo>(userInfo); Stopwatch stopWatch = new Stopwatch(); stopWatch.Start(); //retVal = WebFormServices.GetFileKey(userInfoStr, ref keyStr, ref ivStr, ref lastError); stopWatch.Stop(); if (!retVal) { string message = "Get file " + messageSend.FileName + " permission from server return error:" + lastError; EventManager.WriteMessage(293, "GetAccessPermissionFromServer", EventLevel.Error, message); return(retVal); } else { string message = "Get file " + messageSend.FileName + " permission frome server return succeed, spent " + stopWatch.ElapsedMilliseconds + " milliseconds."; EventManager.WriteMessage(208, "GetAccessPermissionFromServer", EventLevel.Verbose, message); } cacheUserAccessInfo.key = keyStr; cacheUserAccessInfo.iv = ivStr; } catch (Exception ex) { EventManager.WriteMessage(286, "GetAccessPermissionFromServer", EventLevel.Error, "Get file " + messageSend.FileName + "permission failed with exception:" + ex.Message); retVal = false; } return(retVal); }