public FileEffectiveRights53ObjectCollector(WmiDataProvider wmiDataProvider)
{
this.WmiProvider = wmiDataProvider;
this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
this.Cache = new Dictionary <string, IEnumerable <fileeffectiverights_item> >();
this.FlatCache = new Dictionary <string, fileeffectiverights_item>();
}
public FileEffectiveRights53ObjectCollector(WmiDataProvider wmiDataProvider)
{
this.WmiProvider = wmiDataProvider;
this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
this.Cache = new Dictionary<string, IEnumerable<fileeffectiverights_item>>();
this.FlatCache = new Dictionary<string, fileeffectiverights_item>();
}
private WMIWinACE GetRegistryKeyACLForUser(string hive, string key, string trusteeSID)
{
var hiveID = (RegistryHive)RegistryHelper.GetHiveKeyIdFromHiveName(hive);
var collectedUserDACL =
AccessControlListProvider
.GetRegistryKeyEffectiveRights(this.TargetInfo, hiveID, key, trusteeSID);
var daclDissambler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
return(daclDissambler.GetSecurityDescriptorFromAccessMask(collectedUserDACL));
}
private void CheckWmiDataProviderInstance()
{
if (this.WmiDataProvider == null)
{
var newConnectionScope = this.CreateConnectedManagementScope();
this.WmiDataProvider = new WmiDataProvider(newConnectionScope);
}
if (this.WindowsSecurityDescriptorDisassembler == null)
{
this.WindowsSecurityDescriptorDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.SACL);
}
}
public void Should_be_possible_to_disassembly_windows_security_descriptor()
{
var winACLDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
var winACE = winACLDisassembler.GetSecurityDescriptorFromAccessMask(KEY_CREATE_LINK_PERMISSION);
Assert.IsTrue(winACE.KEY_CREATE_LINK, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_LINK"));
Assert.IsFalse(winACE.KEY_CREATE_SUB_KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_SUB_KEY"));
Assert.IsFalse(winACE.KEY_ENUMERATE_SUB_KEYS, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_ENUMERATE_SUB_KEYS"));
Assert.IsFalse(winACE.KEY_NOTIFY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_NOTIFY"));
Assert.IsFalse(winACE.KEY_QUERY_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_QUERY_VALUE"));
Assert.IsFalse(winACE.KEY_SET_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_SET_VALUE"));
Assert.IsFalse(winACE.KEY_WOW64_32KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_32KEY"));
Assert.IsFalse(winACE.KEY_WOW64_64KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_64KEY"));
}
private void FillCollectedItemFromUserWinACEs(
fileeffectiverights_item fileEffectiveRightsItem,
object managementWinACEs)
{
var userTrusteeName = fileEffectiveRightsItem.trustee_name.Value;
var daclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
var userDACLs = daclDisassembler.GetSecurityDescriptorsFromManagementObject(managementWinACEs, userTrusteeName, this.WmiDataProvider);
var userEffectiveRights = this.CalculateUserEffectiveRightsForItem(userDACLs);
if (userEffectiveRights == null)
{
throw new UserNotFoundException();
}
this.AdjustGenericRights(userEffectiveRights);
fileEffectiveRightsItem.trustee_name = null;
fileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(userEffectiveRights.Trustee.SIDString);
#region Setting File Effective Rights Entities
fileEffectiveRightsItem.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.ACCESS_SYSTEM_SECURITY);
fileEffectiveRightsItem.file_append_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_APPEND_DATA);
fileEffectiveRightsItem.file_delete_child = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_DELETE_CHILD);
fileEffectiveRightsItem.file_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_EXECUTE);
fileEffectiveRightsItem.file_read_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_ATTRIBUTES);
fileEffectiveRightsItem.file_read_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_DATA);
fileEffectiveRightsItem.file_read_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_EA);
fileEffectiveRightsItem.file_write_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_ATTRIBUTES);
fileEffectiveRightsItem.file_write_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_DATA);
fileEffectiveRightsItem.file_write_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_EA);
fileEffectiveRightsItem.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_ALL);
fileEffectiveRightsItem.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_EXECUTE);
fileEffectiveRightsItem.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_READ);
fileEffectiveRightsItem.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_WRITE);
fileEffectiveRightsItem.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.DELETE);
fileEffectiveRightsItem.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.READ_CONTROL);
fileEffectiveRightsItem.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.SYNCHRONIZE);
fileEffectiveRightsItem.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_DAC);
fileEffectiveRightsItem.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_OWNER);
#endregion
}
public RegKeyEffectiveRightsObjectCollector()
{
this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
}
private WMIWinACE GetRegistryKeyACLForUser(string hive, string key, string trusteeSID)
{
var hiveID = (RegistryHive)RegistryHelper.GetHiveKeyIdFromHiveName(hive);
var collectedUserDACL =
AccessControlListProvider
.GetRegistryKeyEffectiveRights(this.TargetInfo, hiveID, key, trusteeSID);
var daclDissambler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
return daclDissambler.GetSecurityDescriptorFromAccessMask(collectedUserDACL);
}
public RegKeyEffectiveRightsObjectCollector()
{
this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
}
public void Should_be_possible_to_disassembly_windows_security_descriptor()
{
var winACLDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
var winACE = winACLDisassembler.GetSecurityDescriptorFromAccessMask(KEY_CREATE_LINK_PERMISSION);
Assert.IsTrue(winACE.KEY_CREATE_LINK, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_LINK"));
Assert.IsFalse(winACE.KEY_CREATE_SUB_KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_SUB_KEY"));
Assert.IsFalse(winACE.KEY_ENUMERATE_SUB_KEYS, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_ENUMERATE_SUB_KEYS"));
Assert.IsFalse(winACE.KEY_NOTIFY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_NOTIFY"));
Assert.IsFalse(winACE.KEY_QUERY_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_QUERY_VALUE"));
Assert.IsFalse(winACE.KEY_SET_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_SET_VALUE"));
Assert.IsFalse(winACE.KEY_WOW64_32KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_32KEY"));
Assert.IsFalse(winACE.KEY_WOW64_64KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_64KEY"));
}
private void CheckWmiDataProviderInstance()
{
if (this.WmiDataProvider == null)
{
var newConnectionScope = this.CreateConnectedManagementScope();
this.WmiDataProvider = new WmiDataProvider(newConnectionScope);
}
if (this.WindowsSecurityDescriptorDisassembler == null)
this.WindowsSecurityDescriptorDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.SACL);
}
private void FillCollectedItemFromUserWinACEs(
fileeffectiverights_item fileEffectiveRightsItem,
object managementWinACEs)
{
var userTrusteeName = fileEffectiveRightsItem.trustee_name.Value;
var daclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
var userDACLs = daclDisassembler.GetSecurityDescriptorsFromManagementObject(managementWinACEs, userTrusteeName, this.WmiDataProvider);
var userEffectiveRights = this.CalculateUserEffectiveRightsForItem(userDACLs);
if (userEffectiveRights == null)
throw new UserNotFoundException();
this.AdjustGenericRights(userEffectiveRights);
fileEffectiveRightsItem.trustee_name = null;
fileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(userEffectiveRights.Trustee.SIDString);
#region Setting File Effective Rights Entities
fileEffectiveRightsItem.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.ACCESS_SYSTEM_SECURITY);
fileEffectiveRightsItem.file_append_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_APPEND_DATA);
fileEffectiveRightsItem.file_delete_child = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_DELETE_CHILD);
fileEffectiveRightsItem.file_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_EXECUTE);
fileEffectiveRightsItem.file_read_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_ATTRIBUTES);
fileEffectiveRightsItem.file_read_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_DATA);
fileEffectiveRightsItem.file_read_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_EA);
fileEffectiveRightsItem.file_write_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_ATTRIBUTES);
fileEffectiveRightsItem.file_write_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_DATA);
fileEffectiveRightsItem.file_write_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_EA);
fileEffectiveRightsItem.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_ALL);
fileEffectiveRightsItem.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_EXECUTE);
fileEffectiveRightsItem.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_READ);
fileEffectiveRightsItem.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_WRITE);
fileEffectiveRightsItem.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.DELETE);
fileEffectiveRightsItem.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.READ_CONTROL);
fileEffectiveRightsItem.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.SYNCHRONIZE);
fileEffectiveRightsItem.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_DAC);
fileEffectiveRightsItem.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_OWNER);
#endregion
}
