public bool GetUserPermission(FilterAPI.MessageSendData messageSend, ref FilterAPI.MessageReplyData messageReply)
{
Boolean retVal = true;
string userPassword = string.Empty;
string fileName = messageSend.FileName;
string lastError = string.Empty;
string processName = string.Empty;
string userName = string.Empty;
bool isFirstAccess = false;
CacheUserAccessInfo cacheUserAccessInfo = new CacheUserAccessInfo();
try
{
FilterAPI.DecodeProcessName(messageSend.ProcessId, out processName);
FilterAPI.DecodeUserName(messageSend.Sid, out userName);
string index = (userName + "_" + processName + "_" + fileName).ToLower();
//cache the same user/process/filename access.
lock (userAccessCache)
{
if (userAccessCache.ContainsKey(index))
{
cacheUserAccessInfo = userAccessCache[index];
EventManager.WriteMessage(446, "GetUserPermission", EventLevel.Verbose, "Thread" + Thread.CurrentThread.ManagedThreadId + ",userInfoKey " + index + " exists in the cache table.");
}
else
{
isFirstAccess = true;
cacheUserAccessInfo.index = index;
cacheUserAccessInfo.lastAccessTime = DateTime.Now;
userAccessCache.Add(index, cacheUserAccessInfo);
EventManager.WriteMessage(435, "GetUserPermission", EventLevel.Verbose, "Thread" + Thread.CurrentThread.ManagedThreadId + ",add userInfoKey " + index + " to the cache table.");
}
}
//synchronize the same file access.
if (!cacheUserAccessInfo.syncEvent.WaitOne(new TimeSpan(0, 0, (int)GlobalConfig.ConnectionTimeOut)))
{
string info = "User name: " + userName + ",processname:" + processName + ",file name:" + fileName + " wait for permission timeout.";
EventManager.WriteMessage(402, "GetUserPermission", EventLevel.Warning, info);
}
TimeSpan timeSpan = DateTime.Now - cacheUserAccessInfo.lastAccessTime;
if (!isFirstAccess && timeSpan.TotalSeconds < cacheTimeOutInSeconds)
{
//the access was cached, return the last access status.
retVal = cacheUserAccessInfo.accessStatus;
string info = "thread" + Thread.CurrentThread.ManagedThreadId + ", Cached userInfoKey " + index + " in the cache table,return " + retVal;
EventManager.WriteMessage(451, "GetUserPermission", EventLevel.Verbose, info);
return(retVal);
}
DRPolicyData drPolicyData = new DRPolicyData();
retVal = GetDRPolicyDataFromDataBuffer(messageSend.DataBuffer, messageSend.Length, ref drPolicyData, ref lastError);
if (!retVal)
{
EventManager.WriteMessage(258, "GetUserPermission", EventLevel.Error, "Process encrypted file failed because of error:" + lastError);
}
else
{
if ((drPolicyData.AESFlags & AESFlags.Flags_Enabled_Check_User_Password) == AESFlags.Flags_Enabled_Check_User_Password)
{
string messageInfo = "User name: " + userName + ",processname:" + processName + ",file name:" + fileName + "\n\n Enter password in password windows.";
EventManager.WriteMessage(301, "Request user password.", EventLevel.Verbose, messageInfo);
UserPasswordForm userPasswordForm = new UserPasswordForm(userName, processName, fileName);
userPasswordForm.BringToFront();
userPasswordForm.Focus();
userPasswordForm.TopMost = true;
if (userPasswordForm.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
userPassword = userPasswordForm.userPassword;
}
}
if ((drPolicyData.AESFlags & AESFlags.Flags_Enabled_Revoke_Access_Control) == AESFlags.Flags_Enabled_Revoke_Access_Control)
{
retVal = GetAccessPermissionFromServer(messageSend, drPolicyData, userName, processName, userPassword, ref cacheUserAccessInfo);
}
else
{
if (drPolicyData.UserPassword.Length > 0)
{
if (!string.Equals(userPassword, drPolicyData.UserPassword))
{
retVal = false;
}
}
}
}
cacheUserAccessInfo.accessStatus = retVal;
}
catch (Exception ex)
{
EventManager.WriteMessage(340, "GetUserPermission", EventLevel.Error, "filter callback exception." + ex.Message);
retVal = false;
}
finally
{
if (!string.IsNullOrEmpty(cacheUserAccessInfo.key))
{
byte[] encryptKey = Utils.ConvertHexStrToByteArray(cacheUserAccessInfo.key);
byte[] encryptIV = Utils.ConvertHexStrToByteArray(cacheUserAccessInfo.iv);
//write the iv and key to the reply data buffer with format FilterAPI.AESDataBuffer
MemoryStream ms = new MemoryStream(messageReply.DataBuffer);
BinaryWriter bw = new BinaryWriter(ms);
bw.Write(encryptIV);
bw.Write(encryptKey.Length);
bw.Write(encryptKey);
messageReply.DataBufferLength = (uint)ms.Length;
}
cacheUserAccessInfo.lastAccessTime = DateTime.Now;
cacheUserAccessInfo.syncEvent.Set();
}
return(retVal);
}
private bool GetAccessPermissionFromServer(FilterAPI.MessageSendData messageSend,
DRPolicyData drPolicyData,
string userName,
string processName,
string userPassword,
ref CacheUserAccessInfo cacheUserAccessInfo)
{
Boolean retVal = true;
string fileName = messageSend.FileName;
string lastError = string.Empty;
try
{
UserInfo userInfo = new UserInfo();
string keyStr = string.Empty;
string ivStr = string.Empty;
userInfo.FileName = Path.GetFileName(messageSend.FileName) + DigitalRightControl.SECURE_SHARE_FILE_EXTENSION;
userInfo.AccountName = drPolicyData.AccountName;
userInfo.ProcessName = processName;
userInfo.UserName = userName;
userInfo.UserPassword = userPassword;
userInfo.CreationTime = drPolicyData.CreationTime;
byte[] computerId = new byte[52];
uint computerIdLength = (uint)computerId.Length;
IntPtr computerIdPtr = Marshal.UnsafeAddrOfPinnedArrayElement(computerId, 0);
retVal = FilterAPI.GetUniqueComputerId(computerIdPtr, ref computerIdLength);
if (!retVal)
{
string message = "Get computerId failed,return error:" + FilterAPI.GetLastErrorMessage();
EventManager.WriteMessage(366, "GetAccessPermissionFromServer", EventLevel.Error, message);
return(retVal);
}
Array.Resize(ref computerId, (int)computerIdLength);
userInfo.ComputerId = UnicodeEncoding.Unicode.GetString(computerId);
string userInfoStr = DigitalRightControl.EncryptObjectToStr <UserInfo>(userInfo);
Stopwatch stopWatch = new Stopwatch();
stopWatch.Start();
//retVal = WebFormServices.GetFileKey(userInfoStr, ref keyStr, ref ivStr, ref lastError);
stopWatch.Stop();
if (!retVal)
{
string message = "Get file " + messageSend.FileName + " permission from server return error:" + lastError;
EventManager.WriteMessage(293, "GetAccessPermissionFromServer", EventLevel.Error, message);
return(retVal);
}
else
{
string message = "Get file " + messageSend.FileName + " permission frome server return succeed, spent " + stopWatch.ElapsedMilliseconds + " milliseconds.";
EventManager.WriteMessage(208, "GetAccessPermissionFromServer", EventLevel.Verbose, message);
}
cacheUserAccessInfo.key = keyStr;
cacheUserAccessInfo.iv = ivStr;
}
catch (Exception ex)
{
EventManager.WriteMessage(286, "GetAccessPermissionFromServer", EventLevel.Error, "Get file " + messageSend.FileName + "permission failed with exception:" + ex.Message);
retVal = false;
}
return(retVal);
}
