diff options
| author | Jake Mannens <jake@asger.xyz> | 2023-10-04 15:59:52 +1100 |
|---|---|---|
| committer | Jake Mannens <jake@asger.xyz> | 2023-10-04 15:59:52 +1100 |
| commit | aa0b68f7648bd5a7c14b64737a4f8d3e402bfce5 (patch) | |
| tree | f058842f77cfbd6e2a21abd3e4f8ad4f8ad1ed9a | |
| parent | 33438ac951430fa370965b42a3d98a54e704ab01 (diff) | |
Fix SID equality and WellKnownSid mappings
| -rw-r--r-- | HBContext.cs | 2 | ||||
| -rw-r--r-- | HBObject.cs | 2 | ||||
| -rw-r--r-- | Pages/Component/AclDialog.razor | 57 | ||||
| -rw-r--r-- | Pages/Component/AclDialog.razor.css | 30 | ||||
| -rw-r--r-- | Pages/Component/Dialog.razor | 14 | ||||
| -rw-r--r-- | Pages/Component/Switch.razor.css | 8 | ||||
| -rw-r--r-- | PrincipalProviders/LocalPrincipalProvider.cs | 8 | ||||
| -rw-r--r-- | SecurityIdentifier.cs | 79 | ||||
| -rw-r--r-- | Services/PrincipalProvider.cs | 17 |
9 files changed, 168 insertions, 49 deletions
diff --git a/HBContext.cs b/HBContext.cs index 2e78b5a..dee100d 100644 --- a/HBContext.cs +++ b/HBContext.cs @@ -57,7 +57,7 @@ public class HBContext : DbContext { modelBuilder.Entity<HBObject>() .Property(o => o.Owner) - .HasDefaultValue(new SecurityIdentifier(WellKnownSidType.WorldSid)); + .HasDefaultValue(WellKnownSid.WorldSid); // Seed internal tag definitions // These should NEVER change diff --git a/HBObject.cs b/HBObject.cs index df60ed0..eecb3f5 100644 --- a/HBObject.cs +++ b/HBObject.cs @@ -15,5 +15,5 @@ public class HBObject { [ForeignKey("AclId")] public Acl? Acl { get; set; } public SecurityIdentifier Owner { get; set; } = - new SecurityIdentifier(WellKnownSidType.WorldSid); + WellKnownSid.WorldSid; }
\ No newline at end of file diff --git a/Pages/Component/AclDialog.razor b/Pages/Component/AclDialog.razor index 8116f04..87fbd6e 100644 --- a/Pages/Component/AclDialog.razor +++ b/Pages/Component/AclDialog.razor @@ -2,35 +2,46 @@ @inject IDbContextFactory<HBContext> dbFactory; @implements IDialog -<Dialog Title="Edit permissions" @ref=dialog> - @if(obj?.Acl is not null) { - <table class="data-table"> - <tr> - <th>Action</th> - <th>Subject</th> - <th>Permissions</th> - <th></th> - </tr> - @foreach(var rule in obj.Acl.Rules.OrderByDescending(r => r.Action)) { - <tr> - <td><div><AclActionSwitch InitialValue=@(rule.Action == AclRuleAction.Allow)/></div></td> - <td>@rule.Principal.ToString()</td> - <td>@GetActivePermissions(rule)</td> - <td> - <a title="Edit" href="javascript:;">🖉</a> - <a title="Delete" href="javascript:;">✖</a> - </td> - </tr> +<Dialog WidthPixels=900 Title="Edit permissions" @ref=dialog> + <div class="container"> + <div> + @if(obj?.Acl is not null) { + <table class="data-table"> + <tr> + <th>Action</th> + <th>Subject</th> + <th colspan="2">Permissions</th> + </tr> + @foreach(var rule in obj.Acl.Rules.OrderByDescending(r => r.Action)) { + <tr> + <td><div><AclActionSwitch InitialValue=@(rule.Action == AclRuleAction.Allow)/></div></td> + <td> + <a class="nondecorated" href="javascript:;">@(WellKnownSid.TranslateSid(rule.Principal) ?? rule.Principal.ToString())</a> + </td> + <td>@GetActivePermissions(rule)</td> + <td> + <a title="Edit" href="javascript:;">🖉</a> + <a title="Delete" href="javascript:;">✖</a> + </td> + </tr> + } + </table> + <br/> + <center><a href="javascript:;">Add new</a></center> + } else { + <center><i>This item does not have any permissions set!</i></center> } - </table> - <br/> - <center><a href="javascript:;">Add new</a></center> + </div> + <div> + <p><i>Click Edit next to an ACL to edit it's permissions</i></p> + </div> + </div> + @if(obj?.Acl is not null) { <ButtonContainer> <button class="secondary" @onclick=Hide>Cancel</button> <button data-keyboard-shortcut="a" @onclick=Hide><u>A</u>pply</button> </ButtonContainer> } else { - <center><i>This item does not have any permissions set!</i></center> <ButtonContainer> <button class="secondary" @onclick=Hide>Cancel</button> </ButtonContainer> diff --git a/Pages/Component/AclDialog.razor.css b/Pages/Component/AclDialog.razor.css index f1b7931..b98cc6d 100644 --- a/Pages/Component/AclDialog.razor.css +++ b/Pages/Component/AclDialog.razor.css @@ -1,4 +1,28 @@ -table p { +div.container { + display: flex; + flex-direction: row; +} + +div.container > div { + width: 50%; +} + +div.container > div:first-child { + border-right: 1px solid white; + padding-right: 15px; +} + +div.container > div:last-child { + padding-left: 15px; + height: stretch; +} + +div.container > div:last-child p { + vertical-align: middle; + text-align: center; +} + +table p { margin: 8px 0 8px 0; } @@ -17,6 +41,10 @@ table td:last-child { font-size: 12pt; } +table td:nth-last-child(2) { + border-right: none !important; +} + table tr:nth-child(2n+1) td:not(:first-child) { background: rgba(255, 255, 255, 0.1); } diff --git a/Pages/Component/Dialog.razor b/Pages/Component/Dialog.razor index 673ec2f..8e8ddca 100644 --- a/Pages/Component/Dialog.razor +++ b/Pages/Component/Dialog.razor @@ -4,7 +4,7 @@ <div class="dialog" onmousedown="dialogMouseDown(event)" - style="opacity:0;visibility:hidden;@(heightStyle)" + style="opacity:0;visibility:hidden;@(sizeStyle)" @ref=dialogDiv> @if(Title is not null) { <div class="titlebar" onmousedown="dialogTitleMouseDown(event)"> @@ -25,6 +25,8 @@ public RenderFragment ChildContent { get; set; } [Parameter] + public int WidthPixels { set => width = $"{value}px"; } + [Parameter] public int HeightPixels { set => height = $"{value}px"; } [Parameter] public int HeightPercent { set => height = $"{value}%"; } @@ -41,6 +43,7 @@ private bool visible = false; + private string? width; private string? height; private ElementReference dialogDiv; @@ -53,7 +56,7 @@ await jsRuntime.InvokeVoidAsync("dialogAddObjectReference", new object[] { dialogDiv, DotNetObjectReference.Create(this) - }); + }); } } @@ -65,6 +68,11 @@ } } + private string sizeStyle => widthStyle + heightStyle; + + private string widthStyle => + $"{(width is null ? "" : $"width:{width};")}"; + private string heightStyle => - $"{(height is null ? "" : $"max-height:{height};")}"; + $"{(height is null ? "" : $"max-height:{height};")}"; } diff --git a/Pages/Component/Switch.razor.css b/Pages/Component/Switch.razor.css index 6b1f5d5..4c2d3a5 100644 --- a/Pages/Component/Switch.razor.css +++ b/Pages/Component/Switch.razor.css @@ -11,9 +11,11 @@ div.switch-inner { background: var(--col-switch-fg); border-radius: 20px; - height: 20px; + height: 18px; transition: margin-left 0.1s linear; - width: 20px; + width: 18px; + margin-top: 1px; + margin-left: 1px; } input:checked + div.switch-outer { @@ -21,5 +23,5 @@ input:checked + div.switch-outer { } input:checked + div.switch-outer > div.switch-inner { - margin-left: 20px; + margin-left: 21px; } diff --git a/PrincipalProviders/LocalPrincipalProvider.cs b/PrincipalProviders/LocalPrincipalProvider.cs index d480633..5c27518 100644 --- a/PrincipalProviders/LocalPrincipalProvider.cs +++ b/PrincipalProviders/LocalPrincipalProvider.cs @@ -15,6 +15,14 @@ public class LocalPrincipalProvider : PrincipalProvider { return db.Principals.FirstOrDefault(p => p.Name == name); } + public override IPrincipal[]? SearchPrincipals(string name) { + using var db = dbFactory.CreateDbContext(); + return db.Principals + .Where(p => p.Name.ToLower().Contains(name)) + .Cast<IPrincipal>() + .ToArray(); + } + public override IUser? GetUser(string name) { using var db = dbFactory.CreateDbContext(); return db.Users.FirstOrDefault(p => p.Name == name); diff --git a/SecurityIdentifier.cs b/SecurityIdentifier.cs index c3f11ef..075788d 100644 --- a/SecurityIdentifier.cs +++ b/SecurityIdentifier.cs @@ -1,16 +1,43 @@ using Microsoft.EntityFrameworkCore.Storage.ValueConversion; +using System.Diagnostics.CodeAnalysis; using System.Numerics; using System.Runtime.InteropServices; +using System.Security.Cryptography.X509Certificates; using System.Text.RegularExpressions; namespace HyperBooru; -public enum WellKnownSidType { - NullSid, - WorldSid, - LocalSid, - CreatorOwnerSid, - CreatorGroupSid +public static class WellKnownSid { + public static readonly SecurityIdentifier NullSid = new("S-1-0-0"); + public static readonly SecurityIdentifier WorldSid = new("S-1-1-0"); + public static readonly SecurityIdentifier LocalSid = new("S-1-2-0"); + public static readonly SecurityIdentifier CreatorOwnerSid = new("S-1-3-0"); + public static readonly SecurityIdentifier CreatorGroupSid = new("S-1-3-1"); + + private static readonly (string name, SecurityIdentifier sid)[] nameMap = new[] { + ( "Everyone", WorldSid ), + ( "LOCAL", LocalSid ), + ( "CREATOR OWNER", CreatorGroupSid ), + ( "CREATOR GROUP", CreatorGroupSid ) + }; + + public static SecurityIdentifier? TranslateName(string name) { + try { + return nameMap + .First(x => x.name.ToLower() == name.ToLower().Trim()) + .sid; + } catch(InvalidOperationException) { + return null; + } + } + + public static string? TranslateSid(SecurityIdentifier sid) { + try { + return nameMap.First(x => x.sid == sid).name; + } catch(InvalidOperationException) { + return null; + } + } } public class SecurityIdentifier { @@ -19,17 +46,6 @@ public class SecurityIdentifier { private static readonly Regex SddlRegex = new(@"^S(-[0-9]+){2,}$", RegexOptions.Compiled); - private static readonly Dictionary<WellKnownSidType, string> wellKnownSidTypes = new() { - { HyperBooru.WellKnownSidType.NullSid, "S-1-0-0" }, - { HyperBooru.WellKnownSidType.WorldSid, "S-1-1-0" }, - { HyperBooru.WellKnownSidType.LocalSid, "S-1-2-0" }, - { HyperBooru.WellKnownSidType.CreatorOwnerSid, "S-1-3-0" }, - { HyperBooru.WellKnownSidType.CreatorGroupSid, "S-1-3-1" } - }; - - public SecurityIdentifier(WellKnownSidType wellKnownSidType) - : this(wellKnownSidTypes[wellKnownSidType]) {} - public SecurityIdentifier(string sddlForm) { var match = SddlRegex.Match(sddlForm); if(!match.Success) @@ -119,6 +135,35 @@ public struct SidStruct { public byte[] IdentifierAuthority; [MarshalAs(UnmanagedType.ByValArray)] public uint[] SubAuthorities; + + public static bool operator ==(SidStruct? x, SidStruct? y) => + x?.Equals(y) ?? false; + + public static bool operator !=(SidStruct? x, SidStruct? y) => + !(x == y); + + public override bool Equals([NotNullWhen(true)] object? obj) { + if(obj is null || obj is not SidStruct) + return false; + + var sid = (SidStruct) obj; + + return + Revision == sid.Revision && + SubAuthorityCount == sid.SubAuthorityCount && + Enumerable.SequenceEqual(IdentifierAuthority, sid.IdentifierAuthority) && + Enumerable.SequenceEqual(SubAuthorities, sid.SubAuthorities); + } + + public override int GetHashCode() => ( + Revision, + SubAuthorityCount, + IdentifierAuthority + .Select(v => (uint) v) + .Aggregate(0, (a, v) => HashCode.Combine(a, v)), + SubAuthorities + .Aggregate(0, (a, v) => HashCode.Combine(a, v))) + .GetHashCode(); } public class SecurityIdentifierConverter : ValueConverter<SecurityIdentifier, byte[]> { diff --git a/Services/PrincipalProvider.cs b/Services/PrincipalProvider.cs index d37e8c0..4b2cf42 100644 --- a/Services/PrincipalProvider.cs +++ b/Services/PrincipalProvider.cs @@ -5,6 +5,16 @@ public interface IPrincipalProvider { public IUser? GetUser(string name); public IGroup? GetGroup(string name); + /// <summary> + /// Perform a search for any principals whose account name + /// matches the search term specified by <c>name</c>. + /// </summary> + /// <returns> + /// A list of matching principals or <c>null</c> if the + /// provider does not support search functionality. + /// </returns> + public IPrincipal[]? SearchPrincipals(string name); + public IGroup[] GetGroups(IPrincipal principal); public IGroup[] GetGroups(IPrincipal principal, bool recurse); @@ -19,6 +29,8 @@ public abstract class PrincipalProvider : IPrincipalProvider { public abstract IUser? GetUser(string name); public abstract IGroup? GetGroup(string name); + public abstract IPrincipal[]? SearchPrincipals(string name); + public IGroup[] GetGroups(IPrincipal principal) => GetGroups(principal.Sid, false); public IGroup[] GetGroups(IPrincipal principal, bool recurse) => @@ -28,4 +40,9 @@ public abstract class PrincipalProvider : IPrincipalProvider { public abstract IGroup[] GetGroups(SecurityIdentifier sid, bool recurse); public abstract bool ValidatePassword(IUser user, string password); + + public void Test() { + var ret = SearchPrincipals("lol"); + Console.WriteLine(ret); + } } |