예제 #1
0
        private void Server_Authentication(object sender, AuthenticationEventArgs e)
        {
            if (e.UserName != Config.UserName)
            {
                e.Reject();
                return;
            }

            if (e.Key != null)
            {
                // test that the actual key is one of the expected keys
                var keys = UserPublicKeys;
                if (keys != null && keys.Contains(e.Key))
                {
                    e.Accept(Server.Users[Config.UserName]);
                }
                else
                {
                    e.Reject();
                }
            }
            else
            {
                if (e.Password == Config.UserPassword)
                {
                    e.Accept(Server.Users[Config.UserName]);
                }
                else
                {
                    e.Reject();
                }
            }
        }
예제 #2
0
파일: Daemon.cs 프로젝트: bhbk/fm3na7zy
        private void FsUser_Authentication(object sender, AuthenticationEventArgs e)
        {
            /*
             * https://www.rebex.net/file-server/features/events.aspx#authentication
             */
            try
            {
                var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}";

                using (var scope = _factory.CreateScope())
                {
                    var conf = scope.ServiceProvider.GetRequiredService <IConfiguration>();
                    var log  = scope.ServiceProvider.GetRequiredService <ILogger>();
                    var uow  = scope.ServiceProvider.GetRequiredService <IUnitOfWork>();
                    var user = uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>()
                                             .Where(x => x.IdentityAlias == e.UserName).ToLambda(),
                                             new List <Expression <Func <tbl_User, object> > >()
                    {
                        x => x.tbl_PublicKey,
                        x => x.tbl_UserMount,
                    }).SingleOrDefault();

                    var admin = scope.ServiceProvider.GetRequiredService <IAdminService>();
                    var sts   = scope.ServiceProvider.GetRequiredService <IStsService>();

                    if (e.Key != null)
                    {
                        Log.Information($"'{callPath}' '{e.UserName}' in-progress with public key");

                        if (UserHelper.ValidatePubKey(user.tbl_PublicKey.Where(x => x.Enabled).ToList(), e.Key) &&
                            admin.User_VerifyV1(user.IdentityId).Result)
                        {
                            Log.Information($"'{callPath}' '{e.UserName}' success with public key");

                            if (e.PartiallyAccepted ||
                                !user.RequirePassword)
                            {
                                /*
                                 * an smb mount will not succeed without a user password or ambassador credential.
                                 */
                                if (user.FileSystemType == FileSystemTypes.SMB.ToString() &&
                                    !user.tbl_UserMount.CredentialId.HasValue)
                                {
                                    Log.Warning($"'{callPath}' '{e.UserName}' failure no credential to create {FileSystemTypes.SMB} filesystem");

                                    e.Reject();
                                    return;
                                }

                                var fs     = FileSystemFactory.CreateFileSystem(_factory, log, user, e.UserName, e.Password);
                                var fsUser = new FileServerUser(e.UserName, e.Password);
                                fsUser.SetFileSystem(fs);

                                var fsNotify = fs.GetFileSystemNotifier();
                                fsNotify.CreatePreview   += FsNotify_CreatePreview;
                                fsNotify.CreateCompleted += FsNotify_CreateCompleted;
                                fsNotify.DeletePreview   += FsNotify_DeletePreview;
                                fsNotify.DeleteCompleted += FsNotify_DeleteCompleted;

                                e.Accept(fsUser);
                                return;
                            }
                            else
                            {
                                /*
                                 * authenticate partially if another kind of credential has not been provided yet.
                                 */
                                e.AcceptPartially();
                                return;
                            }
                        }
                        else
                        {
                            Log.Warning($"'{callPath}' '{e.UserName}' failure with public key");

                            e.Reject();
                            return;
                        }
                    }

                    if (e.Password != null)
                    {
                        Log.Information($"'{callPath}' '{e.UserName}' in-progress with password");

                        try
                        {
                            var identity = admin.User_GetV1(user.IdentityId.ToString()).Result;

                            var auth = sts.ResourceOwner_GrantV2(
                                new ResourceOwnerV2()
                            {
                                issuer     = conf["IdentityCredentials:IssuerName"],
                                client     = conf["IdentityCredentials:AudienceName"],
                                grant_type = "password",
                                user       = identity.UserName,
                                password   = e.Password,
                            }).Result;

                            Log.Information($"'{callPath}' '{e.UserName}' success with password");

                            if (e.PartiallyAccepted ||
                                !user.RequirePublicKey)
                            {
                                var fs     = FileSystemFactory.CreateFileSystem(_factory, log, user, e.UserName, e.Password);
                                var fsUser = new FileServerUser(e.UserName, e.Password);
                                fsUser.SetFileSystem(fs);

                                var fsNotify = fs.GetFileSystemNotifier();
                                fsNotify.CreatePreview   += FsNotify_CreatePreview;
                                fsNotify.CreateCompleted += FsNotify_CreateCompleted;
                                fsNotify.DeletePreview   += FsNotify_DeletePreview;
                                fsNotify.DeleteCompleted += FsNotify_DeleteCompleted;

                                e.Accept(fsUser);
                                return;
                            }
                            else
                            {
                                /*
                                 * authenticate partially if another kind of credential has not been provided yet.
                                 */
                                e.AcceptPartially();
                                return;
                            }
                        }
                        catch (HttpRequestException)
                        {
                            Log.Warning($"'{callPath}' '{e.UserName}' failure with password");

                            e.Reject();
                            return;
                        }
                    }

                    Log.Warning($"'{callPath}' '{e.UserName}' denied");

                    e.Reject();
                    return;
                }
            }
            catch (Exception ex)
            {
                Log.Error(ex.ToString());
            }
        }