GetAuthzRules() публичный статический Метод

public static GetAuthzRules ( ) : List
Результат List
Пример #1
0
        public BooleanResult AuthorizeUser(SessionProperties properties)
        {
            m_logger.Debug("MySql Plugin Authorization");

            bool requireAuth = Settings.Store.AuthzRequireMySqlAuth;

            // If we require authentication, and we failed to auth this user, then we
            // fail authorization.
            if (requireAuth)
            {
                PluginActivityInformation actInfo = properties.GetTrackedSingle <PluginActivityInformation>();
                try
                {
                    BooleanResult mySqlResult = actInfo.GetAuthenticationResult(this.Uuid);
                    if (!mySqlResult.Success)
                    {
                        m_logger.InfoFormat("Deny because MySQL auth failed, and configured to require MySQL auth.");
                        return(new BooleanResult()
                        {
                            Success = false,
                            Message = "Deny because MySQL authentication failed."
                        });
                    }
                }
                catch (KeyNotFoundException)
                {
                    // The plugin is not enabled for authentication
                    m_logger.ErrorFormat("MySQL is not enabled for authentication, and authz is configured to require auth.");
                    return(new BooleanResult
                    {
                        Success = false,
                        Message = "Deny because MySQL auth did not execute, and configured to require MySQL auth."
                    });
                }
            }

            // Get the authz rules from registry
            List <GroupAuthzRule> rules = GroupRuleLoader.GetAuthzRules();

            if (rules.Count == 0)
            {
                throw new Exception("No authorization rules found.");
            }

            try
            {
                UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
                string          user     = userInfo.Username;

                using (MySqlUserDataSource dataSource = new MySqlUserDataSource())
                {
                    foreach (GroupAuthzRule rule in rules)
                    {
                        m_logger.DebugFormat("Checking rule: {0}", rule.ToString());
                        bool inGroup = false;

                        if (rule.RuleCondition != GroupRule.Condition.ALWAYS)
                        {
                            inGroup = dataSource.IsMemberOfGroup(user, rule.Group);
                            m_logger.DebugFormat("User '{0}' {1} a member of '{2}'", user,
                                                 inGroup ? "is" : "is not", rule.Group);
                        }

                        if (rule.RuleMatch(inGroup))
                        {
                            if (rule.AllowOnMatch)
                            {
                                return new BooleanResult
                                       {
                                           Success = true,
                                           Message = string.Format("Allow via rule '{0}'", rule.ToString())
                                       }
                            }
                            ;
                            else
                            {
                                return new BooleanResult
                                       {
                                           Success = false,
                                           Message = string.Format("Deny via rule '{0}'", rule.ToString())
                                       }
                            };
                        }
                    }
                }

                // If we get this far, no rules matched.  This should never happen since
                // the last rule should always match (the default).  Throw.
                throw new Exception("Missing default authorization rule.");
            }
            catch (Exception e)
            {
                m_logger.ErrorFormat("Exception during authorization: {0}", e);
                throw;
            }
        }
Пример #2
0
        private void InitUI()
        {
            this.hostTB.Text = Settings.Store.Host;
            int port = Settings.Store.Port;
            this.portTB.Text = Convert.ToString(port);
            this.userTB.Text = Settings.Store.User;
            this.passwordTB.Text = Settings.Store.GetEncryptedSetting("Password");
            this.dbTB.Text = Settings.Store.Database;
            bool useSsl = Settings.Store.UseSsl;
            this.useSslCB.Checked = useSsl;

            // User table schema settings
            this.userTableTB.Text = Settings.Store.Table;
            this.unameColTB.Text = Settings.Store.UsernameColumn;
            this.hashMethodColTB.Text = Settings.Store.HashMethodColumn;
            this.passwdColTB.Text = Settings.Store.PasswordColumn;
            this.userPrimaryKeyColTB.Text = Settings.Store.UserTablePrimaryKeyColumn;

            int encodingInt = Settings.Store.HashEncoding;
            Settings.HashEncoding encoding = (Settings.HashEncoding)encodingInt;

            if (encoding == Settings.HashEncoding.HEX)
                this.encHexRB.Checked = true;
            else
                this.encBase64RB.Checked = true;

            // Group table schema settings
            this.groupTableNameTB.Text = Settings.Store.GroupTableName;
            this.groupNameColTB.Text = Settings.Store.GroupNameColumn;
            this.groupTablePrimaryKeyColTB.Text = Settings.Store.GroupTablePrimaryKeyColumn;

            // User-Group table settings
            this.userGroupTableNameTB.Text = Settings.Store.UserGroupTableName;
            this.userGroupUserFKColTB.Text = Settings.Store.UserForeignKeyColumn;
            this.userGroupGroupFKColTB.Text = Settings.Store.GroupForeignKeyColumn;

            /////////////// Authorization tab /////////////////
            this.cbAuthzMySqlGroupMemberOrNot.SelectedIndex = 0;
            this.cbAuthzGroupRuleAllowOrDeny.SelectedIndex = 0;

            this.ckDenyWhenMySqlAuthFails.Checked = Settings.Store.AuthzRequireMySqlAuth;

            List<GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules();
            // The last one should be the default rule
            if (lst.Count > 0 &&
                lst[lst.Count - 1].RuleCondition == GroupRule.Condition.ALWAYS)
            {
                GroupAuthzRule rule = lst[lst.Count - 1];
                if (rule.AllowOnMatch)
                    this.rbDefaultAllow.Checked = true;
                else
                    this.rbDefaultDeny.Checked = true;
                lst.RemoveAt(lst.Count - 1);
            }
            else
            {
                // The list is empty or the last rule is not a default rule.
                throw new Exception("Default rule not found in rule list.");
            }
            // The rest of the rules
            foreach (GroupAuthzRule rule in lst)
                this.listBoxAuthzRules.Items.Add(rule);

            ///////////////// Gateway tab ///////////////
            List<GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();
            foreach (GroupGatewayRule rule in gwLst)
                this.gtwRulesListBox.Items.Add(rule);
            this.gtwRuleConditionCB.SelectedIndex = 0;

            this.m_preventLogonWhenServerUnreachableCb.Checked = Settings.Store.PreventLogonOnServerError;
        }