public static bool Authorize(Connection connection) { var roleStr = connection.SslCertificates.RemoteCertificate.Subject; var role = BasicCertificateInfo.GetAttribute(roleStr, CertificateAttribute.GivenName, ""); if (!Config.Dfs.RolePermissions.ContainsKey(role)) { return(false); } var perm = Config.Dfs.RolePermissions[role]; connection.Data["_R"] = role; connection.Data["_"] = (int)perm; return(true); }
public static bool Authorized(this Connection connection, DfsPermissions requiredPerms, [CallerMemberName] string method = "") { var num = (int)requiredPerms; var has = connection.Data.Get("_", 0); var missing = ~has & num; if (missing != 0) { var name = BasicCertificateInfo.GetAttribute(connection.SslCertificates.RemoteCertificate.Subject, CertificateAttribute.CommonName, null); Console.WriteLine( $"[Permissions] User {name} from {connection.Socket.RemoteEndPoint} tried to {method}, missing permissions: {(DfsPermissions) missing}"); return(false); } Console.WriteLine($"[Permissions] {connection.Socket.RemoteEndPoint}: {method}"); return(true); }
private static bool Server_HandleNewClient(Connection client) { var msg = $"Welcome to the chat server [{MicroProtocolConfiguration.VersionString}]"; var handshakeTask = client.SendReceive <S2C_Handshake, C2S_Handshake>(new S2C_Handshake(msg), TimeSpan.FromSeconds(5)); try { var result = handshakeTask.Result; var error = ""; var subject = client.SslCertificates.RemoteCertificate.Subject; if (result.VersionString != MicroProtocolConfiguration.VersionString) { error = "Invalid version"; } else if (client.SslCertificates.RemotePolicyErrors != SslPolicyErrors.None || !BasicCertificateInfo.VerifyAttribute(subject, CertificateAttribute.CommonName, result.Username)) { error = "Invalid certificate"; } var ret = new S2C_HandshakeResult(error); client.Data["Authorized"] = ret.Success; if (ret.Success) { var username = BasicCertificateInfo.GetAttribute(subject, CertificateAttribute.CommonName, result.Username); client.Data["Username"] = username; } client.Send(ret); return(ret.Success); } catch { } return(false); }