/// <summary>
/// Authorizes a user
/// For authorized users, it returns the WindowsIdentity in which context commands need to be executed
/// </summary>
/// <param name="userInfo">User information</param>
/// <param name="quota">User quota value</param>
/// <returns>WindowsIdentiy in which context commands need to be executed</returns>
public WindowsIdentity AuthorizeUser(RbacUser.RbacUserInfo userInfo, out Microsoft.Management.Odata.UserQuota quota)
{
RbacUser user = this.FindUser(userInfo);
quota = new Microsoft.Management.Odata.UserQuota(user.Quota.MaxConcurrentRequests, user.Quota.MaxRequestsPerTimeSlot, user.Quota.Timeslot);
return(user.Group.GetWindowsIdentity(userInfo.WindowsIdentity));
}
/// <summary>
/// Finds a user in the RbacSytem
/// </summary>
/// <param name="userInfo">User information</param>
/// <returns>User from RbacSystem which was searched</returns>
private RbacUser FindUser(RbacUser.RbacUserInfo userInfo)
{
RbacUser user = this.Users.Find(item => item.UserInfo.Equals(userInfo));
if (user == null)
{
throw new ArgumentException("User not found. Name = " + userInfo.Name + " Authentication Type = " + userInfo.AuthenticationType);
}
return(user);
}
/// <summary>
/// Finds group for a PSPrincipal
/// </summary>
/// <param name="principal">PSPrincipal instance</param>
/// <returns>Group associated with the identity</returns>
private RbacGroup FindGroup(PSPrincipal principal)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (principal.Identity == null)
{
throw new ArgumentException("Null identity passed");
}
if (principal.Identity.IsAuthenticated == false)
{
throw new UnauthorizedAccessException();
}
PSIdentity powerShellIdentity = principal.Identity;
GenericIdentity identity = new GenericIdentity(powerShellIdentity.Name, powerShellIdentity.AuthenticationType);
RbacUser.RbacUserInfo userInfo = new RbacUser.RbacUserInfo(identity, powerShellIdentity.CertificateDetails);
RbacUser user = this.Users.Find(item => item.UserInfo.Equals(userInfo));
if (user == null)
{
throw new ArgumentException("User not found: name=" + userInfo.Name + ", authentication=" + userInfo.AuthenticationType);
}
RbacGroup group = this.Groups.Find(item => item.Name == user.Group.Name);
if (group == null)
{
throw new ArgumentException("group not found = " + user.Group.Name);
}
return(group);
}
/// <summary>
/// Authorizes a user
/// </summary>
/// <param name="senderInfo">User information</param>
/// <param name="quota">Returns user quota</param>
/// <returns>WindowsIdentity, if the user is authorized else throws an exception</returns>
public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota quota)
{
if ((senderInfo == null) || (senderInfo.Principal == null) || (senderInfo.Principal.Identity == null))
{
throw new ArgumentNullException("senderInfo");
}
if (senderInfo.Principal.Identity.IsAuthenticated == false)
{
throw new ArgumentException("User is not authenticated");
}
RbacUser.RbacUserInfo userInfo = null;
if (senderInfo.Principal.WindowsIdentity != null)
{
userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.WindowsIdentity);
}
else
{
userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.Identity);
}
return(RbacSystem.Current.AuthorizeUser(userInfo, out quota));
}
/// <summary>
/// Gets management system execution state membershipId for a user
/// </summary>
/// <param name="userInfo">User information</param>
/// <returns>Managment system execution state membershipId</returns>
public string GetMembershipId(RbacUser.RbacUserInfo userInfo)
{
return(this.FindUser(userInfo).GetMembershipId());
}
