public BooleanResult AuthorizeUser(SessionProperties properties)
{
m_logger.Debug("MySql Plugin Authorization");
bool requireAuth = Settings.Store.AuthzRequireMySqlAuth;
// If we require authentication, and we failed to auth this user, then we
// fail authorization.
if (requireAuth)
{
PluginActivityInformation actInfo = properties.GetTrackedSingle <PluginActivityInformation>();
try
{
BooleanResult mySqlResult = actInfo.GetAuthenticationResult(this.Uuid);
if (!mySqlResult.Success)
{
m_logger.InfoFormat("Deny because MySQL auth failed, and configured to require MySQL auth.");
return(new BooleanResult()
{
Success = false,
Message = "Deny because MySQL authentication failed."
});
}
}
catch (KeyNotFoundException)
{
// The plugin is not enabled for authentication
m_logger.ErrorFormat("MySQL is not enabled for authentication, and authz is configured to require auth.");
return(new BooleanResult
{
Success = false,
Message = "Deny because MySQL auth did not execute, and configured to require MySQL auth."
});
}
}
// Get the authz rules from registry
List <GroupAuthzRule> rules = GroupRuleLoader.GetAuthzRules();
if (rules.Count == 0)
{
throw new Exception("No authorization rules found.");
}
try
{
UserInformation userInfo = properties.GetTrackedSingle <UserInformation>();
string user = userInfo.Username;
using (MySqlUserDataSource dataSource = new MySqlUserDataSource())
{
foreach (GroupAuthzRule rule in rules)
{
m_logger.DebugFormat("Checking rule: {0}", rule.ToString());
bool inGroup = false;
if (rule.RuleCondition != GroupRule.Condition.ALWAYS)
{
inGroup = dataSource.IsMemberOfGroup(user, rule.Group);
m_logger.DebugFormat("User '{0}' {1} a member of '{2}'", user,
inGroup ? "is" : "is not", rule.Group);
}
if (rule.RuleMatch(inGroup))
{
if (rule.AllowOnMatch)
{
return new BooleanResult
{
Success = true,
Message = string.Format("Allow via rule '{0}'", rule.ToString())
}
}
;
else
{
return new BooleanResult
{
Success = false,
Message = string.Format("Deny via rule '{0}'", rule.ToString())
}
};
}
}
}
// If we get this far, no rules matched. This should never happen since
// the last rule should always match (the default). Throw.
throw new Exception("Missing default authorization rule.");
}
catch (Exception e)
{
m_logger.ErrorFormat("Exception during authorization: {0}", e);
throw;
}
}
private void InitUI()
{
this.hostTB.Text = Settings.Store.Host;
int port = Settings.Store.Port;
this.portTB.Text = Convert.ToString(port);
this.userTB.Text = Settings.Store.User;
this.passwordTB.Text = Settings.Store.GetEncryptedSetting("Password");
this.dbTB.Text = Settings.Store.Database;
bool useSsl = Settings.Store.UseSsl;
this.useSslCB.Checked = useSsl;
// User table schema settings
this.userTableTB.Text = Settings.Store.Table;
this.unameColTB.Text = Settings.Store.UsernameColumn;
this.hashMethodColTB.Text = Settings.Store.HashMethodColumn;
this.passwdColTB.Text = Settings.Store.PasswordColumn;
this.userPrimaryKeyColTB.Text = Settings.Store.UserTablePrimaryKeyColumn;
int encodingInt = Settings.Store.HashEncoding;
Settings.HashEncoding encoding = (Settings.HashEncoding)encodingInt;
if (encoding == Settings.HashEncoding.HEX)
this.encHexRB.Checked = true;
else
this.encBase64RB.Checked = true;
// Group table schema settings
this.groupTableNameTB.Text = Settings.Store.GroupTableName;
this.groupNameColTB.Text = Settings.Store.GroupNameColumn;
this.groupTablePrimaryKeyColTB.Text = Settings.Store.GroupTablePrimaryKeyColumn;
// User-Group table settings
this.userGroupTableNameTB.Text = Settings.Store.UserGroupTableName;
this.userGroupUserFKColTB.Text = Settings.Store.UserForeignKeyColumn;
this.userGroupGroupFKColTB.Text = Settings.Store.GroupForeignKeyColumn;
/////////////// Authorization tab /////////////////
this.cbAuthzMySqlGroupMemberOrNot.SelectedIndex = 0;
this.cbAuthzGroupRuleAllowOrDeny.SelectedIndex = 0;
this.ckDenyWhenMySqlAuthFails.Checked = Settings.Store.AuthzRequireMySqlAuth;
List<GroupAuthzRule> lst = GroupRuleLoader.GetAuthzRules();
// The last one should be the default rule
if (lst.Count > 0 &&
lst[lst.Count - 1].RuleCondition == GroupRule.Condition.ALWAYS)
{
GroupAuthzRule rule = lst[lst.Count - 1];
if (rule.AllowOnMatch)
this.rbDefaultAllow.Checked = true;
else
this.rbDefaultDeny.Checked = true;
lst.RemoveAt(lst.Count - 1);
}
else
{
// The list is empty or the last rule is not a default rule.
throw new Exception("Default rule not found in rule list.");
}
// The rest of the rules
foreach (GroupAuthzRule rule in lst)
this.listBoxAuthzRules.Items.Add(rule);
///////////////// Gateway tab ///////////////
List<GroupGatewayRule> gwLst = GroupRuleLoader.GetGatewayRules();
foreach (GroupGatewayRule rule in gwLst)
this.gtwRulesListBox.Items.Add(rule);
this.gtwRuleConditionCB.SelectedIndex = 0;
this.m_preventLogonWhenServerUnreachableCb.Checked = Settings.Store.PreventLogonOnServerError;
}
