示例#1
0
 private void AddConnectionStringsToWrapperFromPolicy(AuditingPolicy wrapper, DatabaseSecurityPolicyProperties properties)
 {
     wrapper.ConnectionStrings.AdoNetConnectionString = properties.AdoNetConnectionString;
     wrapper.ConnectionStrings.OdbcConnectionString = properties.OdbcConnectionString;
     wrapper.ConnectionStrings.JdbcConnectionString = properties.JdbcConnectionString;
     wrapper.ConnectionStrings.PhpConnectionString = properties.PhpConnectionString;
 }
 /// <summary>
 /// Initializes a new instance of the
 /// DatabaseSecurityPolicyUpdateParameters class with required
 /// arguments.
 /// </summary>
 public DatabaseSecurityPolicyUpdateParameters(DatabaseSecurityPolicyProperties properties)
     : this()
 {
     if (properties == null)
     {
         throw new ArgumentNullException("properties");
     }
     this.Properties = properties;
 }
 /// <summary>
 /// Initializes a new instance of the
 /// DatabaseSecurityPolicyUpdateParameters class with required
 /// arguments.
 /// </summary>
 public DatabaseSecurityPolicyUpdateParameters(DatabaseSecurityPolicyProperties properties)
     : this()
 {
     if (properties == null)
     {
         throw new ArgumentNullException("properties");
     }
     this.Properties = properties;
 }
示例#4
0
 private void AddEventTypesToWrapperFromPolicy(AuditingPolicy wrapper, DatabaseSecurityPolicyProperties properties)
 {
     HashSet<string> events = new HashSet<string>();
     if (properties.IsEventTypeDataAccessEnabled) events.Add(Constants.Access);
     if (properties.IsEventTypeDataChangesEnabled) events.Add(Constants.Data);
     if (properties.IsEventTypeSchemaChangeEnabled) events.Add(Constants.Schema);
     if (properties.IsEventTypeGrantRevokePermissionsEnabled) events.Add(Constants.RevokePermissions);
     if (properties.IsEventTypeSecurityExceptionsEnabled) events.Add(Constants.Security);
     wrapper.EventType = events.ToArray();
 }
示例#5
0
 private AuditingPolicy WrapPolicy(DatabaseSecurityPolicy policy)
 {
     AuditingPolicy wrapper = new AuditingPolicy();
     DatabaseSecurityPolicyProperties properties = policy.Properties;
     wrapper.UseServerDefault = properties.UseServerDefault;
     wrapper.IsEnabled = properties.IsAuditingEnabled;
     wrapper.StorageAccountName = properties.StorageAccountName;
     AddEventTypesToWrapperFromPolicy(wrapper, properties);
     this.FetchedProperties = properties;           
     return wrapper;
 }
 private void addStorageInfoToWrapperFromPolicy(AuditingPolicy wrapper, DatabaseSecurityPolicyProperties properties)
 {
     wrapper.StorageAccountName = properties.StorageAccountName;
     if (properties.StorageAccountKey != null) 
         wrapper.StorageKeyType = Constants.StorageKeyTypes.Primary; // TODO - until we have in prodcution the secondary field - handle as alway primary
     if (properties.SecondaryStorageAccountKey != null) 
         wrapper.StorageKeyType = Constants.StorageKeyTypes.Secondary;
 }
 private AuditingPolicy WrapPolicy(DatabaseSecurityPolicy policy)
 {
     AuditingPolicy wrapper = new AuditingPolicy();
     DatabaseSecurityPolicyProperties properties = policy.Properties;
     wrapper.UseServerDefault = properties.UseServerDefault;
     wrapper.IsEnabled = properties.IsAuditingEnabled;
     wrapper.DirectAccessEnabled = !properties.IsBlockDirectAccessEnabled;
     addStorageInfoToWrapperFromPolicy(wrapper, properties);
     AddEventTypesToWrapperFromPolicy(wrapper, properties);
     this.FetchedProperties = properties;           
     return wrapper;
 }
        /// <summary>
        /// Updates the storage properties of the policy that this object operates on
        /// </summary>
        private void UpdateStorage(AuditingPolicy policy, DatabaseSecurityPolicyProperties properties)
        {
            string storageAccountName = policy.StorageAccountName;
            if (storageAccountName != null)
                properties.StorageAccountName = storageAccountName;

            if (string.IsNullOrEmpty(properties.StorageAccountName) && (!IgnoreStorage)) // can happen if the user didn't provide account name for a policy that lacked it 
            {
                throw new Exception(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.NoStorageAccountWhenConfiguringAuditingPolicy));
            }

            // no need to do time consuming http inteaction to fetch these properties if the storage account was not changed
            if (properties.StorageAccountName == this.FetchedProperties.StorageAccountName)
            {
                properties.StorageAccountResourceGroupName = this.FetchedProperties.StorageAccountResourceGroupName;
                properties.StorageAccountSubscriptionId = this.FetchedProperties.StorageAccountSubscriptionId;
                properties.StorageTableEndpoint = this.FetchedProperties.StorageTableEndpoint;
            }
            else
            {
                properties.StorageAccountSubscriptionId = Subscription.Id.ToString();
                properties.StorageAccountResourceGroupName = Communicator.GetStorageResourceGroup(properties.StorageAccountName);
                properties.StorageTableEndpoint = Communicator.GetStorageTableEndpoint(properties.StorageAccountName);
            }

            if (!IgnoreStorage)
            {
                // storage keys are not sent when fetching the policy, so if they are needed, they should be fetched 
                Dictionary<Constants.StorageKeyTypes, string> keys = Communicator.GetStorageKeys(properties.StorageAccountResourceGroupName, properties.StorageAccountName);
                if (policy.StorageKeyType == Constants.StorageKeyTypes.Primary)
                    properties.StorageAccountKey = keys[Constants.StorageKeyTypes.Primary];
                else
                    properties.SecondaryStorageAccountKey = keys[Constants.StorageKeyTypes.Secondary];
            }
        }
        /// <summary>
        /// Updates the storage properties of the policy that this object operates on
        /// </summary>
        private void UpdateEventTypes(AuditingPolicy wrappedPolicy, DatabaseSecurityPolicyProperties properties)
        {
            string[] userEnteredEventType = wrappedPolicy.EventType;
            if (userEnteredEventType == null || userEnteredEventType.Length == 0)
                return;
            HashSet<String> eventTypes = new HashSet<String>(userEnteredEventType);

            if (!ValidateShortcutUsage(eventTypes, Constants.All))
                throw new Exception(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.InvalidEventTypeSet, Constants.All));
            if (!ValidateShortcutUsage(eventTypes, Constants.None))
                throw new Exception(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.InvalidEventTypeSet, Constants.None));
            
            properties.IsEventTypeDataAccessEnabled = ValueOfProperty(eventTypes, Constants.Access);
            properties.IsEventTypeSchemaChangeEnabled = ValueOfProperty(eventTypes, Constants.Schema);
            properties.IsEventTypeDataChangesEnabled = ValueOfProperty(eventTypes, Constants.Data);
            properties.IsEventTypeSecurityExceptionsEnabled = ValueOfProperty(eventTypes, Constants.Security);
            properties.IsEventTypeGrantRevokePermissionsEnabled = ValueOfProperty(eventTypes, Constants.RevokePermissions);
            
            // we need to re-add the event types to the AuditingPolicy object to replace the All / None with the real values 
            if (userEnteredEventType.Contains(Constants.All) || userEnteredEventType.Contains(Constants.None))
                AddEventTypesToWrapperFromPolicy(wrappedPolicy, properties);
        }
示例#10
0
 /// <summary>
 /// Unwrap the cmdlets model object and transform it to the communication model object
 /// </summary>
 /// <param name="policy">The AuditingPolicy object</param>
 /// <returns>The communication model object</returns>
 private DatabaseSecurityPolicyUpdateParameters UnwrapPolicy(AuditingPolicy policy)
 {
     DatabaseSecurityPolicyUpdateParameters updateParameters = new DatabaseSecurityPolicyUpdateParameters();
     DatabaseSecurityPolicyProperties properties = new DatabaseSecurityPolicyProperties();
     updateParameters.Properties = properties;
     properties.RetentionDays = 90;
     properties.IsAuditingEnabled = policy.IsEnabled;
     properties.UseServerDefault = policy.UseServerDefault;
     properties.IsBlockDirectAccessEnabled = !policy.DirectAccessEnabled;
     UpdateEventTypes(policy, properties);
     UpdateStorage(policy, properties);
     return updateParameters;
 }
示例#11
0
 private string ConstructAdoNetConnectionString(AuditingPolicy wrapper,DatabaseSecurityPolicyProperties properties)
 {
     string enterUser = Microsoft.Azure.Commands.Sql.Properties.Resources.EnterUserId;
     string enterPassword = Microsoft.Azure.Commands.Sql.Properties.Resources.EnterPassword;
     return string.Format("Server=tcp:{0},{1};Database={2};User ID={3}@{4};Password={5};Trusted_Connection=False;Encrypt=True;Connection Timeout=30", 
         properties.ProxyDnsName, properties.ProxyPort, wrapper.DatabaseName, enterUser, wrapper.ServerName, enterPassword);
 }
示例#12
0
 private string ConstructJdbcConnectionString(AuditingPolicy wrapper, DatabaseSecurityPolicyProperties properties)
 {
     string enterUser = Microsoft.Azure.Commands.Sql.Properties.Resources.EnterUserId;
     string enterPassword = Microsoft.Azure.Commands.Sql.Properties.Resources.EnterPassword;
     return string.Format("jdbc:sqlserver://{0}:{1};database={2};user={3}@{4};password={5};encrypt=true;hostNameInCertificate=*.database.secure.windows.net;loginTimeout=30;",
         properties.ProxyDnsName, properties.ProxyPort, wrapper.DatabaseName, enterUser, wrapper.ServerName, enterPassword);
 }
示例#13
0
 private string ConstructOdbcConnectionString(AuditingPolicy wrapper, DatabaseSecurityPolicyProperties properties)
 {
     string enterUser = Microsoft.Azure.Commands.Sql.Properties.Resources.EnterUserId;
     string enterPassword = Microsoft.Azure.Commands.Sql.Properties.Resources.EnterPassword;
     StringBuilder sb = new StringBuilder();
     sb.Append("Driver={SQL Server Native Client 11.0};");
     sb.Append(string.Format("Server=tcp:{0},{1};", properties.ProxyDnsName, properties.ProxyPort));
     sb.Append(string.Format("Database={0};", wrapper.DatabaseName));
     sb.Append(string.Format("Uid={0}@{1};", enterUser, wrapper.ServerName));
     sb.Append(string.Format("Pwd={0};", enterPassword));
     sb.Append("Encrypt=yes;Connection Timeout=30;");
     return sb.ToString();
 }
示例#14
0
 private string ConstructPhpConnectionString(AuditingPolicy wrapper, DatabaseSecurityPolicyProperties properties)
 {
     string enterUser = Microsoft.Azure.Commands.Sql.Properties.Resources.EnterUserId;
     string enterPassword = Microsoft.Azure.Commands.Sql.Properties.Resources.EnterPassword;
     string pdoTitle = Microsoft.Azure.Commands.Sql.Properties.Resources.PdoTitle;
     string sqlServerSampleTitle = Microsoft.Azure.Commands.Sql.Properties.Resources.sqlSampleTitle;
     string connectionError = Microsoft.Azure.Commands.Sql.Properties.Resources.PhpConnectionError;
     StringBuilder sb = new StringBuilder();
     sb.Append(string.Format("Server: {0}, {1}", properties.ProxyDnsName, properties.ProxyPort)).Append(Environment.NewLine);
     sb.Append(string.Format("SQL Database: {0}",  wrapper.DatabaseName)).Append(Environment.NewLine);
     sb.Append(string.Format("User Name: {0}", enterUser)).Append(Environment.NewLine).Append(Environment.NewLine);
     sb.Append(pdoTitle).Append(Environment.NewLine);
     sb.Append("try{").Append(Environment.NewLine);
     sb.Append(string.Format("$conn = new PDO ( \"sqlsrv:server = tcp:{0},{1}; Database = \"{2}\", \"{3}\", \"{4}\");", 
                                         properties.ProxyDnsName, properties.ProxyPort, wrapper.DatabaseName, enterUser, enterPassword)).Append(Environment.NewLine);
     sb.Append("$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );").Append(Environment.NewLine);
     sb.Append("}").Append(Environment.NewLine);
     sb.Append("catch ( PDOException $e ) {").Append(Environment.NewLine);
     sb.Append(string.Format("print( \"{0}\" );", connectionError)).Append(Environment.NewLine);
     sb.Append("die(print_r($e));").Append(Environment.NewLine);
     sb.Append("}").Append(Environment.NewLine);
     sb.Append(sqlServerSampleTitle).Append(Environment.NewLine).Append(Environment.NewLine);
     sb.Append(string.Format("connectionInfo = array(\"UID\" => \"{0}@{1}\", \"pwd\" => \"{2}\", \"Database\" => \"{3}\", \"LoginTimeout\" => 30, \"Encrypt\" => 1);", 
                                         enterUser, wrapper.ServerName, enterPassword, wrapper.DatabaseName)).Append(Environment.NewLine);
     sb.Append(string.Format("$serverName = \"tcp:{0},{1}\";", properties.ProxyDnsName, properties.ProxyPort)).Append(Environment.NewLine);
     sb.Append("$conn = sqlsrv_connect($serverName, $connectionInfo);");
     return sb.ToString();
 }