internal static void ListPolicies(ListPolicyParms parms)
{
IEnumerable <SecurityPolicy> policies = null;
if (!String.IsNullOrEmpty(parms.Name))
{
policies = m_client.GetPolicies(o => o.Name.Contains(parms.Name)).CollectionItem.OfType <SecurityPolicy>();
}
else if (!String.IsNullOrEmpty(parms.Oid))
{
policies = m_client.GetPolicies(o => o.Oid.Contains(parms.Oid)).CollectionItem.OfType <SecurityPolicy>();
}
else
{
policies = m_client.GetPolicies(o => true).CollectionItem.OfType <SecurityPolicy>();
}
// Now output
DisplayUtil.TablePrint(policies,
new String[] { "SID", "Name", "Oid" },
new int[] { 38, 38, 44 },
p => p.Key,
p => p.Name,
p => p.Oid
);
}
internal static void AddRole(AddRoleParms parms)
{
var policies = new List <SecurityPolicyInfo>();
if (parms.GrantPolicies?.Count > 0)
{
policies = parms.GrantPolicies.OfType <String>().Select(o => m_client.GetPolicies(r => r.Oid == o).CollectionItem.FirstOrDefault()).OfType <SecurityPolicy>().Select(o => new SecurityPolicyInfo(o)).ToList();
}
if (parms.DenyPolicies?.Count > 0)
{
policies = policies.Union(parms.DenyPolicies.OfType <String>().Select(o => m_client.GetPolicies(r => r.Oid == o).CollectionItem.FirstOrDefault()).OfType <SecurityPolicy>().Select(o => new SecurityPolicyInfo(o))).ToList();
}
policies.ForEach(o => o.Grant = parms.GrantPolicies?.Contains(o.Oid) == true ? Core.Model.Security.PolicyGrantType.Grant : PolicyGrantType.Deny);
m_client.CreateRole(new Core.Model.AMI.Auth.SecurityRoleInfo()
{
Policies = policies,
Entity = new Core.Model.Security.SecurityRole()
{
Name = parms.RoleName,
Description = parms.Description
}
});
}
/// <summary>
/// Print policy information
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="user"></param>
public static void PrintPolicies <T>(ISecurityEntityInfo <T> user, String[] dataLabels, params Expression <Func <T, object> >[] data)
where T : SecurityEntity
{
int d = 0;
foreach (var dat in data)
{
try
{
Console.WriteLine("{0}: {1}", dataLabels[d], dat.Compile().DynamicInvoke(user.Entity));
}
catch
{
}
finally
{
d++;
}
}
List <SecurityPolicyInfo> policies = m_client.GetPolicies(o => o.ObsoletionTime == null).CollectionItem.OfType <SecurityPolicy>().OrderBy(o => o.Oid).Select(o => new SecurityPolicyInfo(o)).ToList();
policies.ForEach(o => o.Grant = (PolicyGrantType)10);
foreach (var pol in user.Policies)
{
var existing = policies.FirstOrDefault(o => o.Oid == pol.Oid);
if (pol.Grant < existing.Grant)
{
existing.Grant = pol.Grant;
}
}
Console.WriteLine("\tEffective Policies:");
foreach (var itm in policies)
{
Console.Write("\t\t{0} : ", itm.Name);
if (itm.Grant == (PolicyGrantType)10) // Lookup parent
{
var parent = policies.LastOrDefault(o => itm.Oid.StartsWith(o.Oid + ".") && itm.Oid != o.Oid);
if (parent != null && parent.Grant <= PolicyGrantType.Grant)
{
Console.WriteLine("{0} (inherited from {1})", parent.Grant, parent.Name);
}
else
{
Console.WriteLine("--- (default DENY)");
}
}
else
{
Console.WriteLine("{0} (explicit)", itm.Grant);
}
}
}
// [PolicyPermission(System.Security.Permissions.SecurityAction.Demand, PolicyId = PermissionPolicyIdentifiers.CreateDevice)]
internal static void AddDevice(AddDeviceParms parms)
{
var policies = new List <SecurityPolicyInfo>();
if (parms.GrantPolicies?.Count > 0)
{
policies = parms.GrantPolicies.OfType <String>().Select(o => m_client.GetPolicies(r => r.Oid == o).CollectionItem.FirstOrDefault()).OfType <SecurityPolicy>().Select(o => new SecurityPolicyInfo(o)).ToList();
}
if (parms.DenyPolicies?.Count > 0)
{
policies = policies.Union(parms.DenyPolicies.OfType <String>().Select(o => m_client.GetPolicies(r => r.Oid == o).CollectionItem.FirstOrDefault()).OfType <SecurityPolicy>().Select(o => new SecurityPolicyInfo(o))).ToList();
}
policies.ForEach(o => o.Grant = parms.GrantPolicies?.Contains(o.Oid) == true ? Core.Model.Security.PolicyGrantType.Grant : PolicyGrantType.Deny);
if (policies.Count != (parms.DenyPolicies?.Count ?? 0) + (parms.GrantPolicies?.Count ?? 0))
{
throw new InvalidOperationException("Could not find one or more policies");
}
if (String.IsNullOrEmpty(parms.Secret))
{
parms.Secret = BitConverter.ToString(Guid.NewGuid().ToByteArray()).Replace("-", "");
Console.WriteLine("Device secret: {0}", parms.Secret);
}
m_client.CreateDevice(new SecurityDeviceInfo()
{
Policies = policies,
Entity = new Core.Model.Security.SecurityDevice()
{
Name = parms.DeviceId.OfType <String>().First(),
DeviceSecret = parms.Secret,
}
});
Console.WriteLine("CREATE {0}", parms.DeviceId[0]);
}
internal static void AddRole(AddRoleParms parms)
{
var policies = new List <SecurityPolicyInfo>();
if (parms.Policies?.Count > 0)
{
policies = parms.Policies.OfType <String>().Select(o => m_client.GetPolicies(r => r.Name == o).CollectionItem.FirstOrDefault()).ToList();
policies.ForEach(o => o.Grant = Core.Model.Security.PolicyGrantType.Grant);
}
m_client.CreateRole(new Core.Model.AMI.Auth.SecurityRoleInfo()
{
Name = parms.RoleName,
Policies = policies,
Role = new Core.Model.Security.SecurityRole()
{
Name = parms.RoleName,
Description = parms.Description
}
});
}
internal static void UserInfo(GenericUserParms parms)
{
if (parms.UserName == null)
{
throw new InvalidOperationException("Must specify a user");
}
foreach (var un in parms.UserName)
{
var user = m_client.GetUsers(o => o.UserName == un).CollectionItem.FirstOrDefault();
if (user == null)
{
throw new KeyNotFoundException($"User {un} not found");
}
Console.WriteLine("User: {0}", user.UserName);
Console.WriteLine("\tSID: {0}", user.UserId);
Console.WriteLine("\tEmail: {0}", user.Email);
Console.WriteLine("\tPhone: {0}", user.User.PhoneNumber);
Console.WriteLine("\tInvalid Logins: {0}", user.User.InvalidLoginAttempts);
Console.WriteLine("\tLockout: {0}", user.User.Lockout);
Console.WriteLine("\tLast Login: {0}", user.User.LastLoginTime);
Console.WriteLine("\tCreated: {0} ({1})", user.User.CreationTime, m_client.GetUser(user.User.CreatedByKey.ToString()).UserName);
if (user.User.UpdatedTime.HasValue)
{
Console.WriteLine("\tLast Updated: {0} ({1})", user.User.UpdatedTime, m_client.GetUser(user.User.UpdatedByKey.ToString()).UserName);
}
if (user.User.ObsoletionTime.HasValue)
{
Console.WriteLine("\tDeActivated: {0} ({1})", user.User.ObsoletionTime, m_client.GetUser(user.User.ObsoletedByKey.ToString()).UserName);
}
Console.WriteLine("\tGroups: {0}", String.Join(";", user.Roles.Select(o => o.Name)));
List <SecurityPolicyInfo> policies = m_client.GetPolicies(o => o.ObsoletionTime == null).CollectionItem.OrderBy(o => o.Oid).ToList();
policies.ForEach(o => o.Grant = (PolicyGrantType)10);
foreach (var rol in user.Roles)
{
foreach (var pol in m_client.GetRole(rol.Id.ToString()).Policies)
{
var existing = policies.FirstOrDefault(o => o.Oid == pol.Oid);
if (pol.Grant < existing.Grant)
{
existing.Grant = pol.Grant;
}
}
}
Console.WriteLine("\tEffective Policies:");
foreach (var itm in policies)
{
Console.Write("\t\t{0} : ", itm.Name);
if (itm.Grant == (PolicyGrantType)10) // Lookup parent
{
var parent = policies.LastOrDefault(o => itm.Oid.StartsWith(o.Oid + ".") && itm.Oid != o.Oid);
if (parent != null && parent.Grant <= PolicyGrantType.Grant)
{
Console.WriteLine("{0} (inherited from {1})", parent.Grant, parent.Name);
}
else
{
Console.WriteLine("Deny (automatic)");
}
}
else
{
Console.WriteLine("{0} (explicit)", itm.Grant);
}
}
}
}