public virtual bool OperationPermitted(PamContext context, IPrincipal principal, string operation, object target, bool allowIfNoRule)
{
if (this.Catalog == null)
throw new ApplicationException("Catalog is undefined");
if (principal == null)
throw new ArgumentNullException("principal");
if (operation == null)
throw new ArgumentNullException("operation");
var ctx = context ?? new PamContext(principal, operation, target);
ctx["RawTarget"] = target;
try
{
this.Catalog[operation].Execute(ctx);
}
catch (Zetetic.Chain.NoSuchCommandException)
{
this.OnResult(ctx, operation, allowIfNoRule, true);
return allowIfNoRule;
}
this.OnResult(ctx, operation, ctx.Permit, false);
return ctx.Permit;
}
protected CommandResult AproposResponse(PamContext ctx, bool thisResult)
{
logger.Debug("{0}, pam {1}, thisResult {2}, existing-permit {3}",
this.GetType(), this.PamFlag, thisResult, ctx.Permit);
switch (this.PamFlag.ToLowerInvariant())
{
case "requisite":
ctx.Permit = thisResult;
if (!ctx.Permit)
ctx.MarkDenied();
return thisResult ? CommandResult.Continue
: CommandResult.Stop;
case "required":
ctx.Permit = thisResult;
if (!ctx.Permit)
ctx.MarkDenied();
return CommandResult.Continue;
case "sufficient":
if (thisResult)
ctx.Permit = true;
return thisResult ? CommandResult.Stop
: CommandResult.Continue;
case "optional":
return CommandResult.Continue;
default:
throw new ApplicationException("Unknown PamFlag " + this.PamFlag);
}
}
protected virtual void OnResult(PamContext context, string operation, bool result, bool isNoActionResult)
{
if (isNoActionResult)
logger.Warn("No command for '{0}'; return default {1}", operation, result);
}
