/// <summary>
/// 设置队列存取权限
/// </summary>
/// <param name="user"></param>
/// <param name="rights"></param>
public void SetPermission(string user, MessageQueueAccessRights rights)
{
using (MessageQueue queue = new MessageQueue(path))
{
queue.SetPermissions(user, rights);
}
}
public RemoteMsmqGrantAccessRightsTask(PhysicalServer server, QueueAddress address, string user, MessageQueueAccessRights accessRights)
{
_server = server;
_address = address;
_user = user;
_accessRights = accessRights;
}
public RemoteMsmqGrantAccessRightsTask(PhysicalServer server, QueueAddress address, string user, MessageQueueAccessRights accessRights)
{
_server = server;
_address = address;
_user = user;
_accessRights = accessRights;
}
private void SetPermissions()
{
if (System.Messaging.MessageQueue.Exists(this.Path))
{
this.LogTaskMessage(string.Format(CultureInfo.CurrentCulture, "Setting permissions on queue: {0}", this.Path));
using (System.Messaging.MessageQueue queue = new System.Messaging.MessageQueue(this.Path))
{
if (this.Allow != null)
{
foreach (ITaskItem i in this.Allow)
{
MessageQueueAccessRights permission = (MessageQueueAccessRights)Enum.Parse(typeof(MessageQueueAccessRights), i.GetMetadata("Permissions"), true);
this.LogTaskMessage(MessageImportance.Low, string.Format(CultureInfo.CurrentCulture, "Allow permission for user {0} - {1}", i.ItemSpec, i.GetMetadata("Permissions")));
queue.SetPermissions(i.ItemSpec, permission, AccessControlEntryType.Allow);
}
}
if (this.Deny != null)
{
foreach (ITaskItem i in this.Deny)
{
MessageQueueAccessRights permission = (MessageQueueAccessRights)Enum.Parse(typeof(MessageQueueAccessRights), i.GetMetadata("Permissions"), true);
this.LogTaskMessage(MessageImportance.Low, string.Format(CultureInfo.CurrentCulture, "Deny permission for user {0} - {1}", i.ItemSpec, i.GetMetadata("Permissions")));
queue.SetPermissions(i.ItemSpec, permission, AccessControlEntryType.Deny);
}
}
if (this.Set != null)
{
foreach (ITaskItem i in this.Set)
{
MessageQueueAccessRights permission = (MessageQueueAccessRights)Enum.Parse(typeof(MessageQueueAccessRights), i.GetMetadata("Permissions"), true);
this.LogTaskMessage(MessageImportance.Low, string.Format(CultureInfo.CurrentCulture, "Set permission for user {0} - {1}", i.ItemSpec, i.GetMetadata("Permissions")));
queue.SetPermissions(i.ItemSpec, permission, AccessControlEntryType.Set);
}
}
if (this.Revoke != null)
{
foreach (ITaskItem i in this.Revoke)
{
MessageQueueAccessRights permission = (MessageQueueAccessRights)Enum.Parse(typeof(MessageQueueAccessRights), i.GetMetadata("Permissions"), true);
this.LogTaskMessage(MessageImportance.Low, string.Format(CultureInfo.CurrentCulture, "Revoke permission for user {0} - {1}", i.ItemSpec, i.GetMetadata("Permissions")));
queue.SetPermissions(i.ItemSpec, permission, AccessControlEntryType.Revoke);
}
}
}
}
else
{
this.Log.LogError(string.Format(CultureInfo.CurrentCulture, "Queue not found: {0}", this.Path));
return;
}
}
public void Should_warn_if_queue_has_public_access(MessageQueueAccessRights rights, WellKnownSidType sidType)
{
var groupName = new SecurityIdentifier(sidType, null).Translate(typeof(NTAccount)).ToString();
using (var queue = MessageQueue.Create(@".\private$\" + testQueueName, false))
{
queue.SetPermissions(groupName, rights);
}
QueuePermissions.CheckQueue(testQueueName);
Assert.That(logOutput.ToString(), Does.Contain("Consider setting appropriate permissions"));
}
public TRunner CreateMessageQueue(
string messageQueuePath,
bool isTransactional,
CreateMessageQueueMode mode,
string userName,
MessageQueueAccessRights accessRights)
{
CreateMessageQueueTask task = new CreateMessageQueueTask(messageQueuePath, isTransactional, mode)
{
UserName = userName,
AccessRights = accessRights
};
return(RunTask(task));
}
private static MessageQueue CreateMessageQueue(
string path,
bool isTransactional)
{
const MessageQueueAccessRights ReadAccessRight = MessageQueueAccessRights.ReceiveMessage;
const MessageQueueAccessRights WriteAccessRight = MessageQueueAccessRights.WriteMessage;
var User = Thread.CurrentPrincipal.Identity.Name; // Let's pretend is a constant
var queue = MessageQueue.Create(path, isTransactional);
queue.SetPermissions(User, ReadAccessRight);
queue.SetPermissions(User, WriteAccessRight);
return(queue);
}
public static void Execute(
ITaskContext context,
string messageQueuePath,
bool isTransactional,
CreateMessageQueueMode mode,
string userName,
MessageQueueAccessRights accessRights)
{
CreateMessageQueueTask task = new CreateMessageQueueTask(messageQueuePath, isTransactional, mode)
{
UserName = userName,
AccessRights = accessRights
};
task.Execute(context);
}
public static bool TryGetPermissions(this MessageQueue queue, string user, out MessageQueueAccessRights? rights)
{
if (!administerGranted)
{
var permission = new MessageQueuePermission(MessageQueuePermissionAccess.Administer, PREFIX_FORMAT_NAME + queue.FormatName);
permission.Demand();
administerGranted = true;
}
var sid = GetSidForUser(user);
try
{
rights = GetPermissions(queue.FormatName, sid);
return true;
}
catch
{
rights = null;
return false;
}
}
public void Should_not_warn_if_queue_has_public_access_set_to_deny(MessageQueueAccessRights accessRights)
{
// Set up a queue with the specified access for everyone/anonymous explicitly set to DENY.
var everyoneGroupName = new SecurityIdentifier(WellKnownSidType.WorldSid, null).Translate(typeof(NTAccount)).ToString();
var anonymousGroupName = new SecurityIdentifier(WellKnownSidType.AnonymousSid, null).Translate(typeof(NTAccount)).ToString();
using (var queue = MessageQueue.Create(@".\private$\" + testQueueName, false))
{
queue.SetPermissions(everyoneGroupName, accessRights, AccessControlEntryType.Deny);
queue.SetPermissions(anonymousGroupName, accessRights, AccessControlEntryType.Deny);
}
QueuePermissions.CheckQueue(testQueueName);
Assert.IsFalse(logOutput.ToString().Contains("Consider setting appropriate permissions"));
// Resetting the queue permission to delete the queue to enable the cleanup of the unit test
var path = @".\private$\" + testQueueName;
using (var queueToModify = new MessageQueue(path))
{
queueToModify.SetPermissions(everyoneGroupName, MessageQueueAccessRights.DeleteQueue, AccessControlEntryType.Allow);
}
}
public MessageQueueAccessControlEntry(Trustee trustee, MessageQueueAccessRights rights, AccessControlEntryType entryType)
{
}
public LocalMsmqGrantAccessRightsTask(QueueAddress address, string user, MessageQueueAccessRights accessRights)
{
_accessRights = accessRights;
_address = address;
_user = user;
}
public void SetPermissions (string user, MessageQueueAccessRights rights)
{
throw new NotImplementedException ();
}
/// <include file='doc\MessageQueueAccessControlEntry.uex' path='docs/doc[@for="MessageQueueAccessControlEntry.MessageQueueAccessControlEntry"]/*' />
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
public MessageQueueAccessControlEntry(Trustee trustee, MessageQueueAccessRights rights)
: base(trustee)
{
CustomAccessRights |= (int)rights;
}
public void SetPermissions(string user, MessageQueueAccessRights rights, AccessControlEntryType entryType) {}
public ProtoMsmqGrantAccessRightsTask(string queue, string group, MessageQueueAccessRights accessRights)
{
_accessRights = accessRights;
_queue = ReplaceTokens(queue);
_group = ReplaceTokens(group);
}
/// <include file='doc\MessageQueueAccessControlEntry.uex' path='docs/doc[@for="MessageQueueAccessControlEntry.MessageQueueAccessControlEntry"]/*' />
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
public MessageQueueAccessControlEntry(Trustee trustee, MessageQueueAccessRights rights)
: base(trustee)
{
CustomAccessRights |= (int)rights;
}
public void GrantAccessRights(string group, MessageQueueAccessRights accessRights)
{
var proto = new ProtoMsmqGrantAccessRightsTask(_queue, group, accessRights);
_server.RegisterProtoTask(proto);
}
public ProtoMsmqGrantAccessRightsTask(string queue, string group, MessageQueueAccessRights accessRights)
{
_accessRights = accessRights;
_queue = ReplaceTokens(queue);
_group = ReplaceTokens(group);
}
public LocalMsmqGrantAccessRightsTask(QueueAddress address, string user, MessageQueueAccessRights accessRights)
{
_accessRights = accessRights;
_address = address;
_user = user;
}
public void SetPermissions(string user, MessageQueueAccessRights rights)
{
CheckDisposed();
_wrapped.SetPermissions(user, rights);
}
public void SetPermissions(string user, MessageQueueAccessRights rights)
{
throw new NotImplementedException();
}
public void SetPermissions(string user, MessageQueueAccessRights rights, AccessControlEntryType entryType)
{
throw new NotImplementedException();
}
/// <include file='doc\MessageQueueAccessControlEntry.uex' path='docs/doc[@for="MessageQueueAccessControlEntry.MessageQueueAccessControlEntry1"]/*' />
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
public MessageQueueAccessControlEntry(Trustee trustee, MessageQueueAccessRights rights, AccessControlEntryType entryType)
: base(trustee)
{
CustomAccessRights |= (int)rights;
EntryType = entryType;
}
internal void SetPermissions(string administratorsGroupName, MessageQueueAccessRights messageQueueAccessRights, AccessControlEntryType accessControlEntryType)
{
throw new System.NotImplementedException();
}
public void SetPermissions(string user, MessageQueueAccessRights rights) {}
public void SetPermissions(string user, MessageQueueAccessRights rights)
{
}
public static DeploymentResult GrantMsmqAccessRights(this RemoteDropkickExecutionTask remoteTask, MessageQueueAccessRights accessRights, QueueAddress address, string @group)
{
var t = remoteTask.SetUpRemote("grant_queue {0} \"{1}\" {2}".FormatWith((int)accessRights, @group, address.ActualUri));
return(remoteTask.ExecuteAndGetResults(t));
}
public void SetPermissions(string user, MessageQueueAccessRights rights, AccessControlEntryType entryType)
{
}
/// <include file='doc\MessageQueueAccessControlEntry.uex' path='docs/doc[@for="MessageQueueAccessControlEntry.MessageQueueAccessControlEntry1"]/*' />
/// <devdoc>
/// <para>[To be supplied.]</para>
/// </devdoc>
public MessageQueueAccessControlEntry(Trustee trustee, MessageQueueAccessRights rights, AccessControlEntryType entryType)
: base(trustee)
{
CustomAccessRights |= (int)rights;
EntryType = entryType;
}
public MessageQueueAccessControlEntry(Trustee trustee, MessageQueueAccessRights rights, AccessControlEntryType entryType)
{
}
public void SetPermissions (string user, MessageQueueAccessRights rights, AccessControlEntryType entryType)
{
throw new NotImplementedException ();
}
public void SetPermissions(string user, MessageQueueAccessRights rights, AccessControlEntryType entryType)
{
CheckDisposed();
_wrapped.SetPermissions(user, rights, entryType);
}
