예제 #1
0
        Func <FirewallFilter, bool> IFirewallEnumTemplate <FirewallFilter> .GetFilterFunc(DisposableList list)
        {
            var user_conditions = Conditions.Where(c => FirewallConditionGuids.IsUserId(c.FieldKey));

            if (!user_conditions.Any())
            {
                return(_ => true);
            }

            var rm = list.AddResource(AuthZResourceManager.Create());
            Dictionary <Guid, AuthZContext> contexts = new Dictionary <Guid, AuthZContext>();

            foreach (var condition in user_conditions)
            {
                if (contexts.ContainsKey(condition.FieldKey))
                {
                    continue;
                }
                if (!(condition.Value.ContextValue is FirewallTokenInformation token) || token.UserSid == null)
                {
                    continue;
                }
                contexts.Add(condition.FieldKey, token.CreateContext(rm, list));
            }

            return(f => FilterFunc(contexts, f));
        }
예제 #2
0
 /// <summary>
 /// Process record.
 /// </summary>
 protected override void ProcessRecord()
 {
     AuthZHandleCallbackAce callback = null;
     if (CallbackAceScriptBlock != null)
     {
         callback = a => PSUtils.InvokeWithArg(CallbackAceScriptBlock, false, a);
     }
     WriteObject(AuthZResourceManager.Create(Name, Flags, callback));
 }
        internal AuthZContext CreateContext(AuthZResourceManager resource_manager, DisposableList list)
        {
            var ctx = list.AddResource(resource_manager.CreateContext(UserSid, AuthZContextInitializeSidFlags.SkipTokenGroups));

            AddGroups(ctx, AuthZGroupSidType.Normal, Sids);
            if (RestrictedSids.Count > 0)
            {
                AddGroups(ctx, AuthZGroupSidType.Restricted, RestrictedSids);
            }
            if (AppContainerSid != null)
            {
                ctx.SetAppContainer(AppContainerSid, Capabilities);
            }
            return(ctx);
        }
예제 #4
0
 /// <summary>
 /// Process record.
 /// </summary>
 protected override void ProcessRecord()
 {
     if (ParameterSetName == "LocalRM")
     {
         AuthZHandleCallbackAce callback = null;
         if (CallbackAceScriptBlock != null)
         {
             callback = a => PSUtils.InvokeWithArg(CallbackAceScriptBlock, false, a);
         }
         WriteObject(AuthZResourceManager.Create(Name, Flags, callback));
     }
     else
     {
         WriteObject(AuthZResourceManager.Create(Server, ServerSpn, ServiceType));
     }
 }
        private void BuildAuthZContext()
        {
            _resource_manager = string.IsNullOrWhiteSpace(Server) ? AuthZResourceManager.Create(GetType().Name,
                                                                                                AuthZResourceManagerInitializeFlags.NoAudit | AuthZResourceManagerInitializeFlags.NoCentralAccessPolicies,
                                                                                                null) : AuthZResourceManager.Create(Server, null, AuthZResourceManagerRemoteServiceType.Default);

            var sids = new HashSet <Sid>();

            if (UserSid != null)
            {
                foreach (var sid in UserSid)
                {
                    sids.Add(sid);
                }
            }
            if (UserName != null)
            {
                foreach (var name in UserName)
                {
                    sids.Add(NtSecurity.LookupAccountName(name));
                }
            }
            if (sids.Count == 0)
            {
                sids.Add(NtToken.CurrentUser.Sid);
            }

            if (_resource_manager.Remote || UseLocalGroup)
            {
                _context.AddRange(sids.Select(s => _resource_manager.CreateContext(s, AuthZContextInitializeSidFlags.None)));
            }
            else
            {
                foreach (var sid in sids)
                {
                    if (!NtSecurity.IsDomainSid(sid) || NtSecurity.IsLocalDomainSid(sid))
                    {
                        _context.AddResource(_resource_manager.CreateContext(sid, AuthZContextInitializeSidFlags.None));
                        continue;
                    }

                    WriteProgress($"Building security context for {sid.Name}");
                    var context = _context.AddResource(_resource_manager.CreateContext(sid, AuthZContextInitializeSidFlags.SkipTokenGroups));
                    context.AddSids(_cached_user_groups.GetOrAdd(Tuple.Create(Domain, sid), _ => GetUserDomainSids(Domain, sid)));
                }
            }

            foreach (var context in Context)
            {
                if (sids.Add(context.User.Sid))
                {
                    var next_ctx = _context.AddResource(_resource_manager.CreateContext(context.User.Sid, AuthZContextInitializeSidFlags.SkipTokenGroups));
                    foreach (var group in context.Groups)
                    {
                        next_ctx.AddSid(group.Sid);
                    }
                }
            }

            _token_info = _context.Select(c => new TokenInformation(c)).ToList();
        }