Example #1
0
        public void AddAuditRule_Succeeds()
        {
            var descriptor           = new CommonSecurityDescriptor(true, true, string.Empty);
            var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);

            var customAuditRuleRead = new CustomAuditRule(
                new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null).Translate(typeof(NTAccount)), ReadAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AuditFlags.Success
                );

            var customAuditRuleReadAttribute = new CustomAuditRule(
                new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), ReadAttributeAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AuditFlags.Success
                );

            customObjectSecurity.AddAuditRule(customAuditRuleRead);
            customObjectSecurity.AddAuditRule(customAuditRuleReadAttribute);
            AuthorizationRuleCollection ruleCollection = customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));

            Assert.NotNull(ruleCollection);
            List <CustomAuditRule> addedRules = ruleCollection.Cast <CustomAuditRule>().ToList();

            Assert.Contains(customAuditRuleRead, addedRules);
            Assert.Contains(customAuditRuleReadAttribute, addedRules);
        }
Example #2
0
        public void RemoveAuditRuleAll_Succeeds()
        {
            var descriptor           = new CommonSecurityDescriptor(true, true, string.Empty);
            var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
            var objectTypeGuid       = Guid.NewGuid();

            var customAuditRuleReadWrite = new CustomAuditRule
                                           (
                Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                                           );
            var customAuditRuleSynchronize = new CustomAuditRule
                                             (
                Helpers.s_LocalSystemNTAccount, SynchronizeAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                                             );

            customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
            customObjectSecurity.AddAuditRule(customAuditRuleSynchronize);
            customObjectSecurity.RemoveAuditRuleAll(customAuditRuleReadWrite);

            AuthorizationRuleCollection ruleCollection =
                customObjectSecurity
                .GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));

            List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();

            Assert.Empty(existingRules);
        }
Example #3
0
        public void RemoveAuditRule_Succeeds()
        {
            var descriptor           = new CommonSecurityDescriptor(true, true, string.Empty);
            var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
            var objectType           = Guid.NewGuid();

            var customAuditRuleWrite = new CustomAuditRule(
                Helpers.s_LocalSystemNTAccount, WriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectType, Guid.NewGuid(), AuditFlags.Success
                );

            var customAuditRuleReadWrite = new CustomAuditRule(
                Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectType, Guid.NewGuid(), AuditFlags.Success
                );

            customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
            customObjectSecurity.RemoveAuditRule(customAuditRuleWrite);

            AuthorizationRuleCollection ruleCollection =
                customObjectSecurity
                .GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));

            Assert.NotNull(ruleCollection);
            List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();

            Assert.True(existingRules.Count > 0);
            Assert.True(
                existingRules.Any(
                    x => x.AccessMaskValue == ReadAccessMask &&
                    x.AuditFlags == AuditFlags.Success &&
                    x.IdentityReference == Helpers.s_LocalSystemNTAccount
                    )
                );
        }
Example #4
0
        public void AddAuditRule_Succeeds()
        {
            var descriptor           = new CommonSecurityDescriptor(true, true, string.Empty);
            var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);

            var customAuditRuleRead = new CustomAuditRule(
                new NTAccount(@"NT AUTHORITY\Network Service"), ReadAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AuditFlags.Success
                );

            var customAuditRuleReadAttribute = new CustomAuditRule(
                new NTAccount(@"NT AUTHORITY\SYSTEM"), ReadAttributeAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AuditFlags.Success
                );

            customObjectSecurity.AddAuditRule(customAuditRuleRead);
            customObjectSecurity.AddAuditRule(customAuditRuleReadAttribute);
            AuthorizationRuleCollection ruleCollection =
                customObjectSecurity
                .GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));

            Assert.NotNull(ruleCollection);
            List <CustomAuditRule> addedRules = ruleCollection.Cast <CustomAuditRule>().ToList();

            Assert.True(addedRules.Contains(customAuditRuleRead));
            Assert.True(addedRules.Contains(customAuditRuleReadAttribute));
        }
Example #5
0
        public void SetAuditRule_Succeeds()
        {
            var descriptor           = new CommonSecurityDescriptor(true, true, string.Empty);
            var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);

            var objectTypeGuid           = Guid.NewGuid();
            var identityReference        = new NTAccount(@"NT AUTHORITY\SYSTEM");
            var customAuditRuleReadWrite = new CustomAuditRule(
                identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                );

            var customAuditRuleRead = new CustomAuditRule(
                new NTAccount(@"NT AUTHORITY\SYSTEM"), ReadAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                );

            customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
            customObjectSecurity.SetAuditRule(customAuditRuleRead);

            AuthorizationRuleCollection ruleCollection =
                customObjectSecurity
                .GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));

            List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();

            Assert.False(existingRules.Contains(customAuditRuleReadWrite));
            Assert.True(existingRules.Contains(customAuditRuleRead));
        }
        public void SetAuditRule_Succeeds()
        {
            var descriptor           = new CommonSecurityDescriptor(true, true, string.Empty);
            var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);

            var objectTypeGuid           = Guid.NewGuid();
            var identityReference        = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount));
            var customAuditRuleReadWrite = new CustomAuditRule(
                identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                );

            var customAuditRuleRead = new CustomAuditRule(
                new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), ReadAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                );

            customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
            customObjectSecurity.SetAuditRule(customAuditRuleRead);

            var existingRules = customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>().ToList();

            Assert.DoesNotContain(customAuditRuleReadWrite, existingRules);
            Assert.Contains(customAuditRuleRead, existingRules);
        }
Example #7
0
 private bool IsEqual(CustomAuditRule auditRule)
 {
     return(IdentityReference.Equals(auditRule.IdentityReference) &&
            AccessMask.Equals(auditRule.AccessMask) &&
            AuditFlags.Equals(auditRule.AuditFlags) &&
            InheritanceFlags.Equals(auditRule.InheritanceFlags) &&
            PropagationFlags.Equals(auditRule.PropagationFlags));
 }
Example #8
0
        public void RemoveAuditRuleSpecific_NoMatchableRuleFound()
        {
            var descriptor           = new CommonSecurityDescriptor(true, true, string.Empty);
            var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
            var objectTypeGuid       = Guid.NewGuid();

            var customAuditRuleReadWrite = new CustomAuditRule(
                Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                );

            var customAuditRuleWrite = new CustomAuditRule(
                Helpers.s_LocalSystemNTAccount, WriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                );

            customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
            Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());

            customObjectSecurity.RemoveAuditRuleSpecific(customAuditRuleWrite);
            Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
        }
        public void RemoveAuditRuleSpecific_NoMatchableRuleFound()
        {
            var descriptor           = new CommonSecurityDescriptor(true, true, string.Empty);
            var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);

            var objectTypeGuid           = Guid.NewGuid();
            var identityReference        = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount));
            var customAuditRuleReadWrite = new CustomAuditRule(
                identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                );

            var customAuditRuleWrite = new CustomAuditRule(
                identityReference, WriteAccessMask, true, InheritanceFlags.None,
                PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
                );

            customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
            Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());

            customObjectSecurity.RemoveAuditRuleSpecific(customAuditRuleWrite);
            Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
        }