public static bool Authorize(Connection connection)
{
var roleStr = connection.SslCertificates.RemoteCertificate.Subject;
var role = BasicCertificateInfo.GetAttribute(roleStr, CertificateAttribute.GivenName, "");
if (!Config.Dfs.RolePermissions.ContainsKey(role))
{
return(false);
}
var perm = Config.Dfs.RolePermissions[role];
connection.Data["_R"] = role;
connection.Data["_"] = (int)perm;
return(true);
}
public static bool Authorized(this Connection connection, DfsPermissions requiredPerms, [CallerMemberName] string method = "")
{
var num = (int)requiredPerms;
var has = connection.Data.Get("_", 0);
var missing = ~has & num;
if (missing != 0)
{
var name = BasicCertificateInfo.GetAttribute(connection.SslCertificates.RemoteCertificate.Subject,
CertificateAttribute.CommonName, null);
Console.WriteLine(
$"[Permissions] User {name} from {connection.Socket.RemoteEndPoint} tried to {method}, missing permissions: {(DfsPermissions) missing}");
return(false);
}
Console.WriteLine($"[Permissions] {connection.Socket.RemoteEndPoint}: {method}");
return(true);
}
private static bool Server_HandleNewClient(Connection client)
{
var msg = $"Welcome to the chat server [{MicroProtocolConfiguration.VersionString}]";
var handshakeTask =
client.SendReceive <S2C_Handshake, C2S_Handshake>(new S2C_Handshake(msg), TimeSpan.FromSeconds(5));
try
{
var result = handshakeTask.Result;
var error = "";
var subject = client.SslCertificates.RemoteCertificate.Subject;
if (result.VersionString != MicroProtocolConfiguration.VersionString)
{
error = "Invalid version";
}
else if (client.SslCertificates.RemotePolicyErrors != SslPolicyErrors.None ||
!BasicCertificateInfo.VerifyAttribute(subject,
CertificateAttribute.CommonName, result.Username))
{
error = "Invalid certificate";
}
var ret = new S2C_HandshakeResult(error);
client.Data["Authorized"] = ret.Success;
if (ret.Success)
{
var username =
BasicCertificateInfo.GetAttribute(subject,
CertificateAttribute.CommonName, result.Username);
client.Data["Username"] = username;
}
client.Send(ret);
return(ret.Success);
}
catch
{
}
return(false);
}
