/// <summary> /// Authorizes a user /// For authorized users, it returns the WindowsIdentity in which context commands need to be executed /// </summary> /// <param name="userInfo">User information</param> /// <param name="quota">User quota value</param> /// <returns>WindowsIdentiy in which context commands need to be executed</returns> public WindowsIdentity AuthorizeUser(RbacUser.RbacUserInfo userInfo, out Microsoft.Management.Odata.UserQuota quota) { RbacUser user = this.FindUser(userInfo); quota = new Microsoft.Management.Odata.UserQuota(user.Quota.MaxConcurrentRequests, user.Quota.MaxRequestsPerTimeSlot, user.Quota.Timeslot); return(user.Group.GetWindowsIdentity(userInfo.WindowsIdentity)); }
/// <summary> /// Finds a user in the RbacSytem /// </summary> /// <param name="userInfo">User information</param> /// <returns>User from RbacSystem which was searched</returns> private RbacUser FindUser(RbacUser.RbacUserInfo userInfo) { RbacUser user = this.Users.Find(item => item.UserInfo.Equals(userInfo)); if (user == null) { throw new ArgumentException("User not found. Name = " + userInfo.Name + " Authentication Type = " + userInfo.AuthenticationType); } return(user); }
/// <summary> /// Finds group for a PSPrincipal /// </summary> /// <param name="principal">PSPrincipal instance</param> /// <returns>Group associated with the identity</returns> private RbacGroup FindGroup(PSPrincipal principal) { if (principal == null) { throw new ArgumentNullException("principal"); } if (principal.Identity == null) { throw new ArgumentException("Null identity passed"); } if (principal.Identity.IsAuthenticated == false) { throw new UnauthorizedAccessException(); } PSIdentity powerShellIdentity = principal.Identity; GenericIdentity identity = new GenericIdentity(powerShellIdentity.Name, powerShellIdentity.AuthenticationType); RbacUser.RbacUserInfo userInfo = new RbacUser.RbacUserInfo(identity, powerShellIdentity.CertificateDetails); RbacUser user = this.Users.Find(item => item.UserInfo.Equals(userInfo)); if (user == null) { throw new ArgumentException("User not found: name=" + userInfo.Name + ", authentication=" + userInfo.AuthenticationType); } RbacGroup group = this.Groups.Find(item => item.Name == user.Group.Name); if (group == null) { throw new ArgumentException("group not found = " + user.Group.Name); } return(group); }
/// <summary> /// Authorizes a user /// </summary> /// <param name="senderInfo">User information</param> /// <param name="quota">Returns user quota</param> /// <returns>WindowsIdentity, if the user is authorized else throws an exception</returns> public override WindowsIdentity AuthorizeUser(SenderInfo senderInfo, out UserQuota quota) { if ((senderInfo == null) || (senderInfo.Principal == null) || (senderInfo.Principal.Identity == null)) { throw new ArgumentNullException("senderInfo"); } if (senderInfo.Principal.Identity.IsAuthenticated == false) { throw new ArgumentException("User is not authenticated"); } RbacUser.RbacUserInfo userInfo = null; if (senderInfo.Principal.WindowsIdentity != null) { userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.WindowsIdentity); } else { userInfo = new RbacUser.RbacUserInfo(senderInfo.Principal.Identity); } return(RbacSystem.Current.AuthorizeUser(userInfo, out quota)); }
/// <summary> /// Gets management system execution state membershipId for a user /// </summary> /// <param name="userInfo">User information</param> /// <returns>Managment system execution state membershipId</returns> public string GetMembershipId(RbacUser.RbacUserInfo userInfo) { return(this.FindUser(userInfo).GetMembershipId()); }