protected override void ProcessRecord() { this.UserName = PswaHelper.TranslateLocalAccountName(this.UserName); PswaAuthorizationRule[] rule = this.Rule; if (rule == null) { SortedList <int, PswaAuthorizationRule> nums = PswaAuthorizationRuleCommandHelper.LoadFromFile(this, "Test"); if (nums != null) { rule = nums.Values.ToArray <PswaAuthorizationRule>(); } else { return; } } MatchingWildcard matchingWildcard = MatchingWildcard.None; if (this.UserName == "*") { matchingWildcard = matchingWildcard | MatchingWildcard.User; } if (this.ConfigurationName == "*") { matchingWildcard = matchingWildcard | MatchingWildcard.Configuration; } try { if (base.ParameterSetName != "ComputerName") { if (base.ParameterSetName == "ConnectionUri") { PswaAuthorizationRuleManager.Instance.TestRule(rule, this.UserName, this.ConnectionUri, this.ConfigurationName, true, matchingWildcard); } } else { if (this.ComputerName == "*") { matchingWildcard = matchingWildcard | MatchingWildcard.Destination; } PswaAuthorizationRuleManager.Instance.TestRule(rule, this.UserName, this.ComputerName, this.ConfigurationName, true, matchingWildcard); } if (this.matches == 0 && this.warnings > 0) { throw new Exception(Resources.TestRule_NoMatchWithWarnings); } } catch (Exception exception1) { Exception exception = exception1; base.WriteError(new ErrorRecord(exception, "TestRuleError", ErrorCategory.InvalidOperation, null)); } }
internal PswaAuthorizationRule[] TestRule(PswaAuthorizationRule[] rules, string user, string computer, string configuration, bool returnAllMatches, MatchingWildcard wildcardParts = 0) { string stringSid; string str; ArrayList arrayLists = new ArrayList(); PswaAuthorizationRule[] pswaAuthorizationRuleArray = rules; if (!returnAllMatches) { PswaAuthorizationRule pswaAuthorizationRule = this.CheckAllowAllRule(pswaAuthorizationRuleArray); if (pswaAuthorizationRule != null) { PswaAuthorizationRule[] pswaAuthorizationRuleArray1 = new PswaAuthorizationRule[1]; pswaAuthorizationRuleArray1[0] = pswaAuthorizationRule; return(pswaAuthorizationRuleArray1); } } string str1 = null; bool flag = false; if (wildcardParts.HasFlag(MatchingWildcard.User)) { stringSid = "*"; } else { stringSid = this.activeDirectoryHelper.ConvertAccountNameToStringSid(user, out flag, out str1); } string str2 = stringSid; bool flag1 = true; string stringSid1 = computer; if (!wildcardParts.HasFlag(MatchingWildcard.Destination)) { string str3 = this.TryParseDestinationIpAddress(stringSid1); if (str3 == null) { if (this.activeDirectoryHelper.IsCurrentComputerDomainJoined()) { try { string str4 = this.activeDirectoryHelper.ConvertComputerName(computer, false); stringSid1 = this.activeDirectoryHelper.ConvertAccountNameToStringSid(str4, out flag1, out str1); } catch (Exception exception) { } } } else { stringSid1 = str3; } } if (string.IsNullOrEmpty(configuration)) { str = "Microsoft.PowerShell"; } else { str = configuration; } string str5 = str; ArrayList arrayLists1 = new ArrayList(); ArrayList arrayLists2 = new ArrayList(); ArrayList arrayLists3 = new ArrayList(); PswaAuthorizationRule[] pswaAuthorizationRuleArray2 = pswaAuthorizationRuleArray; for (int i = 0; i < (int)pswaAuthorizationRuleArray2.Length; i++) { PswaAuthorizationRule pswaAuthorizationRule1 = pswaAuthorizationRuleArray2[i]; if (pswaAuthorizationRule1.UserType == PswaUserType.UserGroup || pswaAuthorizationRule1.DestinationType == PswaDestinationType.ComputerGroup) { if (pswaAuthorizationRule1.IsUserGroupLocal || pswaAuthorizationRule1.IsComputerGroupLocal) { arrayLists3.Add(pswaAuthorizationRule1); } else { arrayLists1.Add(pswaAuthorizationRule1); } } else { arrayLists2.Add(pswaAuthorizationRule1); } } PswaAuthorizationRule[] pswaAuthorizationRuleArray3 = this.TestNonGroupRule(arrayLists2, str2, stringSid1, str5, wildcardParts); if (!returnAllMatches) { if ((int)pswaAuthorizationRuleArray3.Length > 0) { return(pswaAuthorizationRuleArray3); } } else { arrayLists.AddRange(pswaAuthorizationRuleArray3); } List <string> strs = new List <string>(); List <string> accountDomainGroupSid = new List <string>(); try { if (!flag && !wildcardParts.HasFlag(MatchingWildcard.User)) { strs = this.activeDirectoryHelper.GetAccountDomainGroupSid(str2); } if (!flag1 && !wildcardParts.HasFlag(MatchingWildcard.Destination)) { accountDomainGroupSid = this.activeDirectoryHelper.GetAccountDomainGroupSid(stringSid1); } } catch (ArgumentException argumentException) { } PswaAuthorizationRule[] pswaAuthorizationRuleArray4 = this.TestDomainGroupRule(arrayLists1, str2, stringSid1, str5, strs, accountDomainGroupSid, wildcardParts); if (!returnAllMatches) { if ((int)pswaAuthorizationRuleArray4.Length > 0) { return(pswaAuthorizationRuleArray4); } } else { arrayLists.AddRange(pswaAuthorizationRuleArray4); } PswaAuthorizationRule[] pswaAuthorizationRuleArray5 = this.TestLocalGroupRule(arrayLists3, str2, stringSid1, str5, strs, accountDomainGroupSid, returnAllMatches, wildcardParts); if (!returnAllMatches) { if ((int)pswaAuthorizationRuleArray5.Length > 0) { return(pswaAuthorizationRuleArray5); } } else { arrayLists.AddRange(pswaAuthorizationRuleArray5); } return((PswaAuthorizationRule[])arrayLists.ToArray(typeof(PswaAuthorizationRule))); }
internal PswaAuthorizationRule[] TestRule(PswaAuthorizationRule[] rules, string user, Uri connectionUri, string configuration, bool returnAllMatches, MatchingWildcard wildcardParts = 0) { return(this.TestRule(rules, user, connectionUri.Host, configuration, returnAllMatches, wildcardParts)); }
private PswaAuthorizationRule[] TestNonGroupRule(IEnumerable rules, string userCanonicalForm, string computerCanonicalForm, string configurationName, MatchingWildcard parts) { ArrayList arrayLists = new ArrayList(); foreach (PswaAuthorizationRule rule in rules) { try { bool flag = false; bool flag1 = false; bool flag2 = false; if (parts.HasFlag(MatchingWildcard.User) || rule.UserType == PswaUserType.All || string.Compare(userCanonicalForm, rule.UserCanonicalForm, StringComparison.OrdinalIgnoreCase) == 0) { flag = true; } if (parts.HasFlag(MatchingWildcard.Destination) || rule.DestinationType == PswaDestinationType.All || string.Compare(computerCanonicalForm, rule.DestinationCanonicalForm, StringComparison.OrdinalIgnoreCase) == 0) { flag1 = true; } if (parts.HasFlag(MatchingWildcard.Configuration) || rule.ConfigurationName == "*" || string.Compare(rule.ConfigurationName, configurationName, StringComparison.OrdinalIgnoreCase) == 0) { flag2 = true; } if (flag && flag1 && flag2) { arrayLists.Add(rule); this.OnTestRuleRuleMatch(rule); } } catch (Exception exception1) { Exception exception = exception1; this.OnTestRuleInvalidRule(rule, exception); } } return((PswaAuthorizationRule[])arrayLists.ToArray(typeof(PswaAuthorizationRule))); }
private PswaAuthorizationRule[] TestLocalGroupRule(IEnumerable rules, string userCanonicalForm, string computerCanonicalForm, string configurationName, List <string> userDomainGroupSid, List <string> computerDomainGroupSid, bool returnAllMatches, MatchingWildcard parts) { ArrayList arrayLists = new ArrayList(); Dictionary <string, string> strs = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); Dictionary <string, string> strs1 = new Dictionary <string, string>(StringComparer.OrdinalIgnoreCase); foreach (PswaAuthorizationRule rule in rules) { try { bool flag = false; bool flag1 = false; bool flag2 = false; if (parts.HasFlag(MatchingWildcard.User) || rule.UserType == PswaUserType.All || rule.UserType == PswaUserType.User && userCanonicalForm == rule.UserCanonicalForm || rule.UserType == PswaUserType.UserGroup && !rule.IsUserGroupLocal && userDomainGroupSid.Contains <string>(rule.UserCanonicalForm, StringComparer.OrdinalIgnoreCase) || rule.UserType == PswaUserType.UserGroup && rule.IsUserGroupLocal && this.activeDirectoryHelper.IsAccountInGroup(rule.UserCanonicalForm, userDomainGroupSid, userCanonicalForm, strs)) { flag = true; } if (parts.HasFlag(MatchingWildcard.Destination) || rule.DestinationType == PswaDestinationType.All || rule.DestinationType == PswaDestinationType.Computer && computerCanonicalForm == rule.DestinationCanonicalForm || rule.DestinationType == PswaDestinationType.ComputerGroup && !rule.IsComputerGroupLocal && computerDomainGroupSid.Contains <string>(rule.DestinationCanonicalForm, StringComparer.OrdinalIgnoreCase) || rule.DestinationType == PswaDestinationType.ComputerGroup && rule.IsComputerGroupLocal && this.activeDirectoryHelper.IsAccountInGroup(rule.DestinationCanonicalForm, computerDomainGroupSid, computerCanonicalForm, strs1)) { flag1 = true; } if (parts.HasFlag(MatchingWildcard.Configuration) || rule.ConfigurationName == "*" || string.Compare(rule.ConfigurationName, configurationName, StringComparison.OrdinalIgnoreCase) == 0) { flag2 = true; } if (flag && flag1 && flag2) { arrayLists.Add(rule); this.OnTestRuleRuleMatch(rule); if (!returnAllMatches) { break; } } } catch (Exception exception1) { Exception exception = exception1; this.OnTestRuleInvalidRule(rule, exception); } } return((PswaAuthorizationRule[])arrayLists.ToArray(typeof(PswaAuthorizationRule))); }
internal PswaAuthorizationRule[] TestRule(PswaAuthorizationRule[] rules, string user, string computer, string configuration, bool returnAllMatches, MatchingWildcard wildcardParts = 0) { string stringSid; string str; ArrayList arrayLists = new ArrayList(); PswaAuthorizationRule[] pswaAuthorizationRuleArray = rules; if (!returnAllMatches) { PswaAuthorizationRule pswaAuthorizationRule = this.CheckAllowAllRule(pswaAuthorizationRuleArray); if (pswaAuthorizationRule != null) { PswaAuthorizationRule[] pswaAuthorizationRuleArray1 = new PswaAuthorizationRule[1]; pswaAuthorizationRuleArray1[0] = pswaAuthorizationRule; return pswaAuthorizationRuleArray1; } } string str1 = null; bool flag = false; if (wildcardParts.HasFlag(MatchingWildcard.User)) { stringSid = "*"; } else { stringSid = this.activeDirectoryHelper.ConvertAccountNameToStringSid(user, out flag, out str1); } string str2 = stringSid; bool flag1 = true; string stringSid1 = computer; if (!wildcardParts.HasFlag(MatchingWildcard.Destination)) { string str3 = this.TryParseDestinationIpAddress(stringSid1); if (str3 == null) { if (this.activeDirectoryHelper.IsCurrentComputerDomainJoined()) { try { string str4 = this.activeDirectoryHelper.ConvertComputerName(computer, false); stringSid1 = this.activeDirectoryHelper.ConvertAccountNameToStringSid(str4, out flag1, out str1); } catch (Exception exception) { } } } else { stringSid1 = str3; } } if (string.IsNullOrEmpty(configuration)) { str = "Microsoft.PowerShell"; } else { str = configuration; } string str5 = str; ArrayList arrayLists1 = new ArrayList(); ArrayList arrayLists2 = new ArrayList(); ArrayList arrayLists3 = new ArrayList(); PswaAuthorizationRule[] pswaAuthorizationRuleArray2 = pswaAuthorizationRuleArray; for (int i = 0; i < (int)pswaAuthorizationRuleArray2.Length; i++) { PswaAuthorizationRule pswaAuthorizationRule1 = pswaAuthorizationRuleArray2[i]; if (pswaAuthorizationRule1.UserType == PswaUserType.UserGroup || pswaAuthorizationRule1.DestinationType == PswaDestinationType.ComputerGroup) { if (pswaAuthorizationRule1.IsUserGroupLocal || pswaAuthorizationRule1.IsComputerGroupLocal) { arrayLists3.Add(pswaAuthorizationRule1); } else { arrayLists1.Add(pswaAuthorizationRule1); } } else { arrayLists2.Add(pswaAuthorizationRule1); } } PswaAuthorizationRule[] pswaAuthorizationRuleArray3 = this.TestNonGroupRule(arrayLists2, str2, stringSid1, str5, wildcardParts); if (!returnAllMatches) { if ((int)pswaAuthorizationRuleArray3.Length > 0) { return pswaAuthorizationRuleArray3; } } else { arrayLists.AddRange(pswaAuthorizationRuleArray3); } List<string> strs = new List<string>(); List<string> accountDomainGroupSid = new List<string>(); try { if (!flag && !wildcardParts.HasFlag(MatchingWildcard.User)) { strs = this.activeDirectoryHelper.GetAccountDomainGroupSid(str2); } if (!flag1 && !wildcardParts.HasFlag(MatchingWildcard.Destination)) { accountDomainGroupSid = this.activeDirectoryHelper.GetAccountDomainGroupSid(stringSid1); } } catch (ArgumentException argumentException) { } PswaAuthorizationRule[] pswaAuthorizationRuleArray4 = this.TestDomainGroupRule(arrayLists1, str2, stringSid1, str5, strs, accountDomainGroupSid, wildcardParts); if (!returnAllMatches) { if ((int)pswaAuthorizationRuleArray4.Length > 0) { return pswaAuthorizationRuleArray4; } } else { arrayLists.AddRange(pswaAuthorizationRuleArray4); } PswaAuthorizationRule[] pswaAuthorizationRuleArray5 = this.TestLocalGroupRule(arrayLists3, str2, stringSid1, str5, strs, accountDomainGroupSid, returnAllMatches, wildcardParts); if (!returnAllMatches) { if ((int)pswaAuthorizationRuleArray5.Length > 0) { return pswaAuthorizationRuleArray5; } } else { arrayLists.AddRange(pswaAuthorizationRuleArray5); } return (PswaAuthorizationRule[])arrayLists.ToArray(typeof(PswaAuthorizationRule)); }
internal PswaAuthorizationRule[] TestRule(PswaAuthorizationRule[] rules, string user, Uri connectionUri, string configuration, bool returnAllMatches, MatchingWildcard wildcardParts = 0) { return this.TestRule(rules, user, connectionUri.Host, configuration, returnAllMatches, wildcardParts); }
private PswaAuthorizationRule[] TestNonGroupRule(IEnumerable rules, string userCanonicalForm, string computerCanonicalForm, string configurationName, MatchingWildcard parts) { ArrayList arrayLists = new ArrayList(); foreach (PswaAuthorizationRule rule in rules) { try { bool flag = false; bool flag1 = false; bool flag2 = false; if (parts.HasFlag(MatchingWildcard.User) || rule.UserType == PswaUserType.All || string.Compare(userCanonicalForm, rule.UserCanonicalForm, StringComparison.OrdinalIgnoreCase) == 0) { flag = true; } if (parts.HasFlag(MatchingWildcard.Destination) || rule.DestinationType == PswaDestinationType.All || string.Compare(computerCanonicalForm, rule.DestinationCanonicalForm, StringComparison.OrdinalIgnoreCase) == 0) { flag1 = true; } if (parts.HasFlag(MatchingWildcard.Configuration) || rule.ConfigurationName == "*" || string.Compare(rule.ConfigurationName, configurationName, StringComparison.OrdinalIgnoreCase) == 0) { flag2 = true; } if (flag && flag1 && flag2) { arrayLists.Add(rule); this.OnTestRuleRuleMatch(rule); } } catch (Exception exception1) { Exception exception = exception1; this.OnTestRuleInvalidRule(rule, exception); } } return (PswaAuthorizationRule[])arrayLists.ToArray(typeof(PswaAuthorizationRule)); }
private PswaAuthorizationRule[] TestLocalGroupRule(IEnumerable rules, string userCanonicalForm, string computerCanonicalForm, string configurationName, List<string> userDomainGroupSid, List<string> computerDomainGroupSid, bool returnAllMatches, MatchingWildcard parts) { ArrayList arrayLists = new ArrayList(); Dictionary<string, string> strs = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase); Dictionary<string, string> strs1 = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase); foreach (PswaAuthorizationRule rule in rules) { try { bool flag = false; bool flag1 = false; bool flag2 = false; if (parts.HasFlag(MatchingWildcard.User) || rule.UserType == PswaUserType.All || rule.UserType == PswaUserType.User && userCanonicalForm == rule.UserCanonicalForm || rule.UserType == PswaUserType.UserGroup && !rule.IsUserGroupLocal && userDomainGroupSid.Contains<string>(rule.UserCanonicalForm, StringComparer.OrdinalIgnoreCase) || rule.UserType == PswaUserType.UserGroup && rule.IsUserGroupLocal && this.activeDirectoryHelper.IsAccountInGroup(rule.UserCanonicalForm, userDomainGroupSid, userCanonicalForm, strs)) { flag = true; } if (parts.HasFlag(MatchingWildcard.Destination) || rule.DestinationType == PswaDestinationType.All || rule.DestinationType == PswaDestinationType.Computer && computerCanonicalForm == rule.DestinationCanonicalForm || rule.DestinationType == PswaDestinationType.ComputerGroup && !rule.IsComputerGroupLocal && computerDomainGroupSid.Contains<string>(rule.DestinationCanonicalForm, StringComparer.OrdinalIgnoreCase) || rule.DestinationType == PswaDestinationType.ComputerGroup && rule.IsComputerGroupLocal && this.activeDirectoryHelper.IsAccountInGroup(rule.DestinationCanonicalForm, computerDomainGroupSid, computerCanonicalForm, strs1)) { flag1 = true; } if (parts.HasFlag(MatchingWildcard.Configuration) || rule.ConfigurationName == "*" || string.Compare(rule.ConfigurationName, configurationName, StringComparison.OrdinalIgnoreCase) == 0) { flag2 = true; } if (flag && flag1 && flag2) { arrayLists.Add(rule); this.OnTestRuleRuleMatch(rule); if (!returnAllMatches) { break; } } } catch (Exception exception1) { Exception exception = exception1; this.OnTestRuleInvalidRule(rule, exception); } } return (PswaAuthorizationRule[])arrayLists.ToArray(typeof(PswaAuthorizationRule)); }