internal DateTime AllowAccess(string portName, string moduleName, string username) { AssertionExpression resourceAccessAssertion = new AssertionExpression( new AtomicAssertion( localAuthority, new AtomicClaim( new ResourceAccessFact( new StringPrincipal("port:" + portName), new StringPrincipal("mod:" + moduleName), new PrincipalVariable("$grp"), new IntegerVariable("$from"), new IntegerVariable("$to"), new IntegerVariable("$day"), new VerbVariable("$amode"), new IntegerVariable("prio"))))); AssertionExpression groupMembershipAssertion = new AssertionExpression( new AtomicAssertion( localAuthority, new AtomicClaim( new UserGroupMembershipFact( new StringPrincipal("usr:"******"$grp"))))); DateTime currTime = DateTime.Now; int currMinute = currTime.Hour * 100 | currTime.Minute; Expression minutesMoreThanFrom = new ConstraintExpression(new LessThanOrEqualConstraint(new IntegerVariable("$from"), new IntegerHolder(currMinute))); Expression minutesLessThanTo = new ConstraintExpression(new LessThanOrEqualConstraint(new IntegerHolder(currMinute), new IntegerVariable("$to"))); Expression minutesInRange = new AndExpression(minutesMoreThanFrom, minutesLessThanTo); int currDayOfWeek = (int)currTime.DayOfWeek; Expression noDayOfWeekRestriction = new NotExpression(new ConstraintExpression(new InequalityConstraint(new IntegerVariable("$day"), new IntegerHolder(-1)))); Expression dayOfWeekMatches = new NotExpression(new ConstraintExpression(new InequalityConstraint(new IntegerVariable("$day"), new IntegerHolder(currDayOfWeek)))); Expression dayOfWeekAllowed = new OrExpression(noDayOfWeekRestriction, dayOfWeekMatches); Query query = new Query( new AndExpression( resourceAccessAssertion, groupMembershipAssertion, minutesInRange, dayOfWeekAllowed)); QueryContext context = new QueryContext(localAuthority, policyAssertions, query, DateTime.UtcNow, new PrincipalIdentifier[] { }, new Uri[] { }, 0, false); ReadOnlyCollection <Answer> answers = new Microsoft.Secpal.Authorization.QueryEngine().ExecuteQuery(context); //logger.Log("\nquery: " + query + "\n"); //logger.Log("answers: {0}", answers.Count.ToString()); //foreach (Answer answer in answers) // logger.Log(answer.Substitution.ToString()); return((answers.Count > 0) ? DateTime.MaxValue : DateTime.MinValue); }
internal DateTime AllowAccess(string portName, string moduleName, string username) { AssertionExpression resourceAccessAssertion = new AssertionExpression( new AtomicAssertion( localAuthority, new AtomicClaim( new ResourceAccessFact( new StringPrincipal("port:" + portName), new StringPrincipal("mod:" + moduleName), new PrincipalVariable("$grp"), new IntegerVariable("$from"), new IntegerVariable("$to"), new IntegerVariable("$day"), new VerbVariable("$amode"), new IntegerVariable("prio"))))); AssertionExpression groupMembershipAssertion = new AssertionExpression( new AtomicAssertion( localAuthority, new AtomicClaim( new UserGroupMembershipFact( new StringPrincipal("usr:"******"$grp"))))); DateTime currTime = DateTime.Now; int currMinute = currTime.Hour * 100 | currTime.Minute; Expression minutesMoreThanFrom = new ConstraintExpression(new LessThanOrEqualConstraint(new IntegerVariable("$from"), new IntegerHolder(currMinute))); Expression minutesLessThanTo = new ConstraintExpression(new LessThanOrEqualConstraint(new IntegerHolder(currMinute), new IntegerVariable("$to"))); Expression minutesInRange = new AndExpression(minutesMoreThanFrom, minutesLessThanTo); int currDayOfWeek = (int) currTime.DayOfWeek; Expression noDayOfWeekRestriction = new NotExpression(new ConstraintExpression(new InequalityConstraint(new IntegerVariable("$day"), new IntegerHolder(-1)))); Expression dayOfWeekMatches = new NotExpression(new ConstraintExpression(new InequalityConstraint(new IntegerVariable("$day"), new IntegerHolder(currDayOfWeek)))); Expression dayOfWeekAllowed = new OrExpression(noDayOfWeekRestriction, dayOfWeekMatches); Query query = new Query( new AndExpression( resourceAccessAssertion, groupMembershipAssertion, minutesInRange, dayOfWeekAllowed)); QueryContext context = new QueryContext(localAuthority, policyAssertions, query, DateTime.UtcNow, new PrincipalIdentifier[] { }, new Uri[] { }, 0, false); ReadOnlyCollection<Answer> answers = new Microsoft.Secpal.Authorization.QueryEngine().ExecuteQuery(context); //logger.Log("\nquery: " + query + "\n"); //logger.Log("answers: {0}", answers.Count.ToString()); //foreach (Answer answer in answers) // logger.Log(answer.Substitution.ToString()); return (answers.Count > 0) ? DateTime.MaxValue : DateTime.MinValue; }