public static JObject ParseSddlString(string rawSddl, SecurableObjectType type)
{
var sddl = new Sddl(rawSddl, type);
return(sddl.ToJObject());
//return new JObject();
}
static void Main(string[] args)
{
SecurableObjectType type = SecurableObjectType.Unknown;
string sddlString;
switch (args.Length)
{
case 2:
if (Enum.TryParse(typeof(SecurableObjectType), args[1], out var value))
{
type = (SecurableObjectType)value;
goto case 1;
}
else
{
goto default;
}
case 1:
sddlString = args[0];
break;
default:
Usage();
return;
}
var sddl = new Sddl(sddlString, type);
Console.WriteLine(sddl.ToString());
}
public void Save(SecurableObjectType securableObjectType)
{
if(securableObjectType.Id == 0)
this.securableObjectTypeDao.Add(securableObjectType);
else
this.securableObjectTypeDao.Update(securableObjectType);
}
public Sddl(string sddl, SecurableObjectType type = SecurableObjectType.Unknown)
{
Raw = sddl;
Dictionary <char, string> components = new Dictionary <char, string>();
int i = 0;
int idx = 0;
int len = 0;
while (i != -1)
{
i = sddl.IndexOf(DelimiterToken, idx + 1);
if (idx > 0)
{
len = i > 0
? i - idx - 2
: sddl.Length - (idx + 1);
components.Add(sddl[idx - 1], sddl.Substring(idx + 1, len));
}
idx = i;
}
if (components.TryGetValue(OwnerToken, out var owner))
{
Owner = new Sid(owner);
components.Remove(OwnerToken);
}
if (components.TryGetValue(GroupToken, out var group))
{
Group = new Sid(group);
components.Remove(GroupToken);
}
if (components.TryGetValue(DaclToken, out var dacl))
{
Dacl = new Acl(dacl, type);
components.Remove(DaclToken);
}
if (components.TryGetValue(SaclToken, out var sacl))
{
Sacl = new Acl(sacl, type);
components.Remove(SaclToken);
}
if (components.Any())
{
if (GlobalVar.DebugMode)
{
Utility.DebugWrite("encountered some weird extra data in Sddl.Parse");
Utility.DebugWrite(components.ToString());
// ERROR Unknown components encountered.
}
}
}
public static JObject ParseSddlString(string rawSddl, SecurableObjectType type)
{
Sddl sddl = new Sddl(rawSddl, type);
JObject sddlJObject = sddl.ToJObject();
return(sddlJObject);
}
public Sddl(string sddl, SecurableObjectType type = SecurableObjectType.Unknown)
{
Raw = sddl;
Dictionary <char, string> components = new Dictionary <char, string>();
int i = 0;
int idx = 0;
int len = 0;
while (i != -1)
{
i = sddl.IndexOf(DeliminatorToken, idx + 1);
if (idx > 0)
{
len = i > 0
? i - idx - 2
: sddl.Length - (idx + 1);
components.Add(sddl[idx - 1], sddl.Substring(idx + 1, len));
}
idx = i;
}
if (components.TryGetValue(OwnerToken, out var owner))
{
Owner = new Sid(owner);
components.Remove(OwnerToken);
}
if (components.TryGetValue(GroupToken, out var group))
{
Group = new Sid(group);
components.Remove(GroupToken);
}
if (components.TryGetValue(DaclToken, out var dacl))
{
Dacl = new Acl(dacl, type);
components.Remove(DaclToken);
}
if (components.TryGetValue(SaclToken, out var sacl))
{
Sacl = new Acl(sacl, type);
components.Remove(SaclToken);
}
if (components.Any())
{
Report(Error.SDP007.Format());
}
}
public Ace(string ace, SecurableObjectType type = SecurableObjectType.Unknown)
{
Raw = ace;
var parts = Raw.Split(SeparatorToken);
if (parts.Length < 6)
{
Report(Error.SDP003.Format(parts.Length.ToString()));
}
// ace_type
if (parts.Length > 0 && parts[0].Length > 0)
{
string aceType = Match.OneByPrefix(parts[0], AceTypesDict, out var reminder);
if (aceType == null || !string.IsNullOrEmpty(reminder))
{
aceType = Format.Unknown(parts[0]);
}
AceType = aceType;
}
// ace_flags
if (parts.Length > 1 && parts[1].Length > 0)
{
var flags = Match.ManyByPrefix(parts[1], AceFlagsDict, out var reminder);
if (!string.IsNullOrEmpty(reminder))
{
flags.AddLast(Format.Unknown(reminder));
}
AceFlags = flags.ToArray();
}
// rights
if (parts.Length > 2 && parts[2].Length > 0)
{
if (TryParseHex(parts[2], out uint accessMask))
{
IEnumerable <string> rights = Enumerable.Empty <string>();
if (AceUintSpecificRightsDict.TryGetValue(type, out var aceUintSpecificRightsForType))
{
rights = rights.Concat(Match.ManyByUint(accessMask, aceUintSpecificRightsForType, out accessMask));
}
rights = rights.Concat(Match.ManyByUint(accessMask, AceUintRightsDict, out accessMask));
if (accessMask > 0)
{
rights = rights.Concat(new[] { Format.Unknown($"0x{accessMask:X}") });
}
Rights = rights.ToArray();
}
else
{
var rights = Match.ManyByPrefix(parts[2], AceAliasRightsDict, out var reminder);
if (!string.IsNullOrEmpty(reminder))
{
rights.AddLast(Format.Unknown(reminder));
}
Rights = rights.ToArray();
}
}
// object_guid
if (parts.Length > 3 && parts[3].Length > 0)
{
ObjectGuid = parts[3];
}
// inherit_object_guid
if (parts.Length > 4 && parts[4].Length > 0)
{
InheritObjectGuid = parts[4];
}
// account_sid
if (parts.Length > 5 && parts[5].Length > 0)
{
AceSid = new Sid(parts[5]);
}
// resource_attribute
if (parts.Length > 6)
{
// unsupported
}
}
/// <summary>
/// Gets all the rights of a specified securable object type,it returns a collection of rights.
/// </summary>
/// <param name="securableObjectType">Type of the securable object.</param>
/// <returns></returns>
public RightCollection Get(SecurableObjectType securableObjectType)
{
return this.rightDao.Get(securableObjectType);
}
public Ace(string ace, SecurableObjectType type = SecurableObjectType.Unknown)
{
string[] parts = ace.Split(SeparatorToken);
if (parts.Length < 6)
{
Utility.Output.DebugWrite("Incorrect ACE format?");
Utility.Output.DebugWrite(ace.ToString());
// ERROR Ace have incorrect format - less parts than 6.
}
// ace_type
if (parts.Length > 0 && parts[0].Length > 0)
{
string aceType = Match.OneByPrefix(parts[0], AceTypesDict, out string reminder);
if (aceType == null || !string.IsNullOrEmpty(reminder))
{
aceType = Format.Unknown(parts[0]);
}
AceType = aceType;
}
// ace_flags
if (parts.Length > 1 && parts[1].Length > 0)
{
LinkedList <string> flags = Match.ManyByPrefix(parts[1], AceFlagsDict, out string reminder);
if (!string.IsNullOrEmpty(reminder))
{
flags.AddLast(Format.Unknown(reminder));
}
AceFlags = flags.ToArray();
}
// rights
if (parts.Length > 2 && parts[2].Length > 0)
{
if (TryParseHex(parts[2], out uint accessMask))
{
IEnumerable <string> rights = Enumerable.Empty <string>();
if (AceUintSpecificRightsDict.TryGetValue(type, out Dictionary <uint, string> aceUintSpecificRightsForType))
{
rights = rights.Concat(Match.ManyByUint(accessMask, aceUintSpecificRightsForType, out accessMask));
}
rights = rights.Concat(Match.ManyByUint(accessMask, AceUintRightsDict, out accessMask));
if (accessMask > 0)
{
rights = rights.Concat(new[] { Format.Unknown($"0x{accessMask:X}") });
}
Rights = rights.ToArray();
}
else
{
LinkedList <string> rights = Match.ManyByPrefix(parts[2], AceAliasRightsDict, out string reminder);
if (!string.IsNullOrEmpty(reminder))
{
rights.AddLast(Format.Unknown(reminder));
}
Rights = rights.ToArray();
}
}
// object_guid
if (parts.Length > 3 && parts[3].Length > 0)
{
ObjectGuid = parts[3];
}
// inherit_object_guid
if (parts.Length > 4 && parts[4].Length > 0)
{
InheritObjectGuid = parts[4];
}
// account_sid
if (parts.Length > 5 && parts[5].Length > 0)
{
AceSid = new Sid(parts[5]);
}
// resource_attribute
if (parts.Length > 6)
{
// unsupported
}
}
/// <summary>
/// Deletes the specified securable object type.
/// </summary>
/// <param name="securableObjectType">Type of the securable object.</param>
public void Delete(SecurableObjectType securableObjectType)
{
this.securableObjectTypeDao.Delete(securableObjectType);
}
private void InitializeApplication(Application application)
{
var securableApplication = new SecurableApplication();
securableApplication.CopyFrom(application);
// adding the system securable object type.
SecurableObjectType systemObjectType = new SecurableObjectType()
{
Id = 0,
Application = securableApplication,
Name = "system",
Description = "System Securable Object Type"
};
// adding the systemObjectType as a securable object type.
GatekeeperFactory.SecurableObjectTypeSvc.Add(systemObjectType);
securableApplication.SecurableObjectType = systemObjectType;
// adding the application as a securable object.
GatekeeperFactory.SecurableObjectSvc.Add(securableApplication as ISecurableObject);
// defining the system administrator role.
Role systemAdministerRole = new Role()
{
Application = securableApplication,
Name = "system_admin",
Description = "Administers the System",
SecurableObjectType = systemObjectType
};
// adding the system administrator and the system user roles.
IRoleSvc roleSvc = GatekeeperFactory.RoleSvc;
roleSvc.Add(systemAdministerRole);//adding the systemAdministerRole as a role.
// defining the Administer_System right.
Right administerSystemRight = new Right()
{
Application = securableApplication,
Name = "administer_system",
Description = "Administers the System",
SecurableObjectType = systemObjectType
};
// defining the View_System right.
Right viewSystemRight = new Right()
{
Application = securableApplication,
Name = "view_system",
Description = "Views the System",
SecurableObjectType = systemObjectType
};
// adding the Administer_System and the View_System rights.
IRightSvc rightSvc = GatekeeperFactory.RightSvc;
rightSvc.Add(administerSystemRight);//adding the administerSystemRight as a right.
rightSvc.Add(viewSystemRight);//adding the viewSystemRight as a right.
// adding the role-right assignment (System Admin - Administer_System)
RoleRightAssignment admin_administer = new RoleRightAssignment()
{
Application = securableApplication,
Role = systemAdministerRole,
Right = administerSystemRight,
SecurableObjectType = systemObjectType
};
// adding the role-right assignment (System Admin - View_System)
RoleRightAssignment admin_view = new RoleRightAssignment()
{
Application = securableApplication,
Role = systemAdministerRole,
Right = viewSystemRight,
SecurableObjectType = systemObjectType
};
IRoleRightAssignmentSvc rraSvc = GatekeeperFactory.RoleRightAssignmentSvc;
rraSvc.Add(admin_administer);
rraSvc.Add(admin_view);
var adminUser = GatekeeperFactory.UserSvc.GetByLoginName("admin");
IApplicationUserSvc appUserSvc = GatekeeperFactory.ApplicationUserSvc;
appUserSvc.Save(new ApplicationUser(){Application = securableApplication, User = adminUser, Role = systemAdministerRole});
}
void ImportSecurableObjectType(Application application, XmlNode node)
{
var name = node.Attributes["name"].Value;
var desc = node.Attributes["description"].Value;
Console.WriteLine("Adding Securable Object Type '{0}'", name);
SecurableObjectType item = new SecurableObjectType()
{
Application = application,
Name = name,
Description = desc
};
try
{
GatekeeperFactory.SecurableObjectTypeSvc.Add(item);
Console.WriteLine("Completed adding Securable Object Type '{0}'", name);
}
catch(Exception ex)
{
Console.WriteLine("Error occurred while adding Securable Object Type '{0}'", name);
Console.WriteLine(ex.ToString());
}
}
/// <summary>
/// Initializes a new instance of the <see cref="PermissionSet"/> class.
/// </summary>
/// <param name="securableObjectType">assetType of the securable object.</param>
/// <param name="objectId">The object identifier.</param>
/// <param name="permissions">The permissions.</param>
public PermissionSet(SecurableObjectType securableObjectType, Guid objectId, ulong permissions)
{
this.Permissions = permissions;
this.ObjectId = objectId;
this.SecurableObjectType = securableObjectType;
}
/// <summary>
/// Updates the specified securable object type.
/// </summary>
/// <param name="securableObjectType">Type of the securable object.</param>
public void Update(SecurableObjectType securableObjectType)
{
this.securableObjectTypeDao.Update(securableObjectType);
}
public Acl(string acl, SecurableObjectType type = SecurableObjectType.Unknown)
{
Raw = acl;
int begin = acl.IndexOf(Ace.BeginToken);
// Flags
var flags = begin == -1 ? acl : acl.Substring(0, begin);
var flagsLabels = Match.ManyByPrefix(flags, SdControlsDict, out var reminder);
if (reminder != null)
{
// ERROR Flags part can not be fully parsed.
flagsLabels.AddLast(Format.Unknown(reminder));
}
Flags = flagsLabels.ToArray();
// Aces
if (begin != -1)
{
LinkedList <Ace> aces = new LinkedList <Ace>();
// brackets balance: '(' = +1, ')' = -1
int balance = 0;
for (int end = begin; end < acl.Length; end++)
{
if (acl[end] == Ace.BeginToken)
{
if (balance == 0)
{
begin = end;
}
balance += 1;
}
else if (acl[end] == Ace.EndToken)
{
balance -= 1;
int length = end - begin - 1;
if (length < 0)
{
// ERROR Ace is empty.
continue;
}
if (balance == 0)
{
aces.AddLast(new Ace(acl.Substring(begin + 1, length), type));
}
}
else if (balance <= 0)
{
// ERROR Acl contains unexpected AceEnd characters.
balance = 0;
}
}
Aces = aces.ToArray();
}
}
public Acl(string acl, SecurableObjectType type = SecurableObjectType.Unknown)
{
Raw = acl;
int begin = acl.IndexOf(Ace.BeginToken);
// Flags
var flags = begin == -1 ? acl : acl.Substring(0, begin);
var flagsLabels = Match.ManyByPrefix(flags, SdControlsDict, out var reminder);
if (reminder != null)
{
Report(Error.SDP004.Format(reminder));
}
Flags = flagsLabels.ToArray();
// Aces
if (begin != -1)
{
LinkedList <Ace> aces = new LinkedList <Ace>();
// brackets balance: '(' = +1, ')' = -1
int balance = 0;
for (int end = begin; end < acl.Length; end++)
{
int length = end - begin - 1;
if (acl[end] == Ace.BeginToken)
{
if (balance == 0)
{
begin = end;
}
balance += 1;
}
else if (acl[end] == Ace.EndToken)
{
balance -= 1;
if (length < 0)
{
Report(Error.SDP005.Format(begin.ToString()));
continue;
}
if (balance == 0)
{
aces.AddLast(new Ace(acl.Substring(begin + 1, length), type));
}
}
else if (balance <= 0)
{
Report(Error.SDP006.Format(acl.Substring(begin + 1, length)));
balance = 0;
}
}
Aces = aces.ToArray();
}
}
/// <summary>
/// Adds the specified securable object type,inserts SecurableObjectType object into the system .
/// </summary>
/// <param name="securableObjectType">Type of the securable object.</param>
public void Add(SecurableObjectType securableObjectType)
{
this.securableObjectTypeDao.Add(securableObjectType);
}
