public static JObject ParseSddlString(string rawSddl, SecurableObjectType type) { var sddl = new Sddl(rawSddl, type); return(sddl.ToJObject()); //return new JObject(); }
static void Main(string[] args) { SecurableObjectType type = SecurableObjectType.Unknown; string sddlString; switch (args.Length) { case 2: if (Enum.TryParse(typeof(SecurableObjectType), args[1], out var value)) { type = (SecurableObjectType)value; goto case 1; } else { goto default; } case 1: sddlString = args[0]; break; default: Usage(); return; } var sddl = new Sddl(sddlString, type); Console.WriteLine(sddl.ToString()); }
public void Save(SecurableObjectType securableObjectType) { if(securableObjectType.Id == 0) this.securableObjectTypeDao.Add(securableObjectType); else this.securableObjectTypeDao.Update(securableObjectType); }
public Sddl(string sddl, SecurableObjectType type = SecurableObjectType.Unknown) { Raw = sddl; Dictionary <char, string> components = new Dictionary <char, string>(); int i = 0; int idx = 0; int len = 0; while (i != -1) { i = sddl.IndexOf(DelimiterToken, idx + 1); if (idx > 0) { len = i > 0 ? i - idx - 2 : sddl.Length - (idx + 1); components.Add(sddl[idx - 1], sddl.Substring(idx + 1, len)); } idx = i; } if (components.TryGetValue(OwnerToken, out var owner)) { Owner = new Sid(owner); components.Remove(OwnerToken); } if (components.TryGetValue(GroupToken, out var group)) { Group = new Sid(group); components.Remove(GroupToken); } if (components.TryGetValue(DaclToken, out var dacl)) { Dacl = new Acl(dacl, type); components.Remove(DaclToken); } if (components.TryGetValue(SaclToken, out var sacl)) { Sacl = new Acl(sacl, type); components.Remove(SaclToken); } if (components.Any()) { if (GlobalVar.DebugMode) { Utility.DebugWrite("encountered some weird extra data in Sddl.Parse"); Utility.DebugWrite(components.ToString()); // ERROR Unknown components encountered. } } }
public static JObject ParseSddlString(string rawSddl, SecurableObjectType type) { Sddl sddl = new Sddl(rawSddl, type); JObject sddlJObject = sddl.ToJObject(); return(sddlJObject); }
public Sddl(string sddl, SecurableObjectType type = SecurableObjectType.Unknown) { Raw = sddl; Dictionary <char, string> components = new Dictionary <char, string>(); int i = 0; int idx = 0; int len = 0; while (i != -1) { i = sddl.IndexOf(DeliminatorToken, idx + 1); if (idx > 0) { len = i > 0 ? i - idx - 2 : sddl.Length - (idx + 1); components.Add(sddl[idx - 1], sddl.Substring(idx + 1, len)); } idx = i; } if (components.TryGetValue(OwnerToken, out var owner)) { Owner = new Sid(owner); components.Remove(OwnerToken); } if (components.TryGetValue(GroupToken, out var group)) { Group = new Sid(group); components.Remove(GroupToken); } if (components.TryGetValue(DaclToken, out var dacl)) { Dacl = new Acl(dacl, type); components.Remove(DaclToken); } if (components.TryGetValue(SaclToken, out var sacl)) { Sacl = new Acl(sacl, type); components.Remove(SaclToken); } if (components.Any()) { Report(Error.SDP007.Format()); } }
public Ace(string ace, SecurableObjectType type = SecurableObjectType.Unknown) { Raw = ace; var parts = Raw.Split(SeparatorToken); if (parts.Length < 6) { Report(Error.SDP003.Format(parts.Length.ToString())); } // ace_type if (parts.Length > 0 && parts[0].Length > 0) { string aceType = Match.OneByPrefix(parts[0], AceTypesDict, out var reminder); if (aceType == null || !string.IsNullOrEmpty(reminder)) { aceType = Format.Unknown(parts[0]); } AceType = aceType; } // ace_flags if (parts.Length > 1 && parts[1].Length > 0) { var flags = Match.ManyByPrefix(parts[1], AceFlagsDict, out var reminder); if (!string.IsNullOrEmpty(reminder)) { flags.AddLast(Format.Unknown(reminder)); } AceFlags = flags.ToArray(); } // rights if (parts.Length > 2 && parts[2].Length > 0) { if (TryParseHex(parts[2], out uint accessMask)) { IEnumerable <string> rights = Enumerable.Empty <string>(); if (AceUintSpecificRightsDict.TryGetValue(type, out var aceUintSpecificRightsForType)) { rights = rights.Concat(Match.ManyByUint(accessMask, aceUintSpecificRightsForType, out accessMask)); } rights = rights.Concat(Match.ManyByUint(accessMask, AceUintRightsDict, out accessMask)); if (accessMask > 0) { rights = rights.Concat(new[] { Format.Unknown($"0x{accessMask:X}") }); } Rights = rights.ToArray(); } else { var rights = Match.ManyByPrefix(parts[2], AceAliasRightsDict, out var reminder); if (!string.IsNullOrEmpty(reminder)) { rights.AddLast(Format.Unknown(reminder)); } Rights = rights.ToArray(); } } // object_guid if (parts.Length > 3 && parts[3].Length > 0) { ObjectGuid = parts[3]; } // inherit_object_guid if (parts.Length > 4 && parts[4].Length > 0) { InheritObjectGuid = parts[4]; } // account_sid if (parts.Length > 5 && parts[5].Length > 0) { AceSid = new Sid(parts[5]); } // resource_attribute if (parts.Length > 6) { // unsupported } }
/// <summary> /// Gets all the rights of a specified securable object type,it returns a collection of rights. /// </summary> /// <param name="securableObjectType">Type of the securable object.</param> /// <returns></returns> public RightCollection Get(SecurableObjectType securableObjectType) { return this.rightDao.Get(securableObjectType); }
public Ace(string ace, SecurableObjectType type = SecurableObjectType.Unknown) { string[] parts = ace.Split(SeparatorToken); if (parts.Length < 6) { Utility.Output.DebugWrite("Incorrect ACE format?"); Utility.Output.DebugWrite(ace.ToString()); // ERROR Ace have incorrect format - less parts than 6. } // ace_type if (parts.Length > 0 && parts[0].Length > 0) { string aceType = Match.OneByPrefix(parts[0], AceTypesDict, out string reminder); if (aceType == null || !string.IsNullOrEmpty(reminder)) { aceType = Format.Unknown(parts[0]); } AceType = aceType; } // ace_flags if (parts.Length > 1 && parts[1].Length > 0) { LinkedList <string> flags = Match.ManyByPrefix(parts[1], AceFlagsDict, out string reminder); if (!string.IsNullOrEmpty(reminder)) { flags.AddLast(Format.Unknown(reminder)); } AceFlags = flags.ToArray(); } // rights if (parts.Length > 2 && parts[2].Length > 0) { if (TryParseHex(parts[2], out uint accessMask)) { IEnumerable <string> rights = Enumerable.Empty <string>(); if (AceUintSpecificRightsDict.TryGetValue(type, out Dictionary <uint, string> aceUintSpecificRightsForType)) { rights = rights.Concat(Match.ManyByUint(accessMask, aceUintSpecificRightsForType, out accessMask)); } rights = rights.Concat(Match.ManyByUint(accessMask, AceUintRightsDict, out accessMask)); if (accessMask > 0) { rights = rights.Concat(new[] { Format.Unknown($"0x{accessMask:X}") }); } Rights = rights.ToArray(); } else { LinkedList <string> rights = Match.ManyByPrefix(parts[2], AceAliasRightsDict, out string reminder); if (!string.IsNullOrEmpty(reminder)) { rights.AddLast(Format.Unknown(reminder)); } Rights = rights.ToArray(); } } // object_guid if (parts.Length > 3 && parts[3].Length > 0) { ObjectGuid = parts[3]; } // inherit_object_guid if (parts.Length > 4 && parts[4].Length > 0) { InheritObjectGuid = parts[4]; } // account_sid if (parts.Length > 5 && parts[5].Length > 0) { AceSid = new Sid(parts[5]); } // resource_attribute if (parts.Length > 6) { // unsupported } }
/// <summary> /// Deletes the specified securable object type. /// </summary> /// <param name="securableObjectType">Type of the securable object.</param> public void Delete(SecurableObjectType securableObjectType) { this.securableObjectTypeDao.Delete(securableObjectType); }
private void InitializeApplication(Application application) { var securableApplication = new SecurableApplication(); securableApplication.CopyFrom(application); // adding the system securable object type. SecurableObjectType systemObjectType = new SecurableObjectType() { Id = 0, Application = securableApplication, Name = "system", Description = "System Securable Object Type" }; // adding the systemObjectType as a securable object type. GatekeeperFactory.SecurableObjectTypeSvc.Add(systemObjectType); securableApplication.SecurableObjectType = systemObjectType; // adding the application as a securable object. GatekeeperFactory.SecurableObjectSvc.Add(securableApplication as ISecurableObject); // defining the system administrator role. Role systemAdministerRole = new Role() { Application = securableApplication, Name = "system_admin", Description = "Administers the System", SecurableObjectType = systemObjectType }; // adding the system administrator and the system user roles. IRoleSvc roleSvc = GatekeeperFactory.RoleSvc; roleSvc.Add(systemAdministerRole);//adding the systemAdministerRole as a role. // defining the Administer_System right. Right administerSystemRight = new Right() { Application = securableApplication, Name = "administer_system", Description = "Administers the System", SecurableObjectType = systemObjectType }; // defining the View_System right. Right viewSystemRight = new Right() { Application = securableApplication, Name = "view_system", Description = "Views the System", SecurableObjectType = systemObjectType }; // adding the Administer_System and the View_System rights. IRightSvc rightSvc = GatekeeperFactory.RightSvc; rightSvc.Add(administerSystemRight);//adding the administerSystemRight as a right. rightSvc.Add(viewSystemRight);//adding the viewSystemRight as a right. // adding the role-right assignment (System Admin - Administer_System) RoleRightAssignment admin_administer = new RoleRightAssignment() { Application = securableApplication, Role = systemAdministerRole, Right = administerSystemRight, SecurableObjectType = systemObjectType }; // adding the role-right assignment (System Admin - View_System) RoleRightAssignment admin_view = new RoleRightAssignment() { Application = securableApplication, Role = systemAdministerRole, Right = viewSystemRight, SecurableObjectType = systemObjectType }; IRoleRightAssignmentSvc rraSvc = GatekeeperFactory.RoleRightAssignmentSvc; rraSvc.Add(admin_administer); rraSvc.Add(admin_view); var adminUser = GatekeeperFactory.UserSvc.GetByLoginName("admin"); IApplicationUserSvc appUserSvc = GatekeeperFactory.ApplicationUserSvc; appUserSvc.Save(new ApplicationUser(){Application = securableApplication, User = adminUser, Role = systemAdministerRole}); }
void ImportSecurableObjectType(Application application, XmlNode node) { var name = node.Attributes["name"].Value; var desc = node.Attributes["description"].Value; Console.WriteLine("Adding Securable Object Type '{0}'", name); SecurableObjectType item = new SecurableObjectType() { Application = application, Name = name, Description = desc }; try { GatekeeperFactory.SecurableObjectTypeSvc.Add(item); Console.WriteLine("Completed adding Securable Object Type '{0}'", name); } catch(Exception ex) { Console.WriteLine("Error occurred while adding Securable Object Type '{0}'", name); Console.WriteLine(ex.ToString()); } }
/// <summary> /// Initializes a new instance of the <see cref="PermissionSet"/> class. /// </summary> /// <param name="securableObjectType">assetType of the securable object.</param> /// <param name="objectId">The object identifier.</param> /// <param name="permissions">The permissions.</param> public PermissionSet(SecurableObjectType securableObjectType, Guid objectId, ulong permissions) { this.Permissions = permissions; this.ObjectId = objectId; this.SecurableObjectType = securableObjectType; }
/// <summary> /// Updates the specified securable object type. /// </summary> /// <param name="securableObjectType">Type of the securable object.</param> public void Update(SecurableObjectType securableObjectType) { this.securableObjectTypeDao.Update(securableObjectType); }
public Acl(string acl, SecurableObjectType type = SecurableObjectType.Unknown) { Raw = acl; int begin = acl.IndexOf(Ace.BeginToken); // Flags var flags = begin == -1 ? acl : acl.Substring(0, begin); var flagsLabels = Match.ManyByPrefix(flags, SdControlsDict, out var reminder); if (reminder != null) { // ERROR Flags part can not be fully parsed. flagsLabels.AddLast(Format.Unknown(reminder)); } Flags = flagsLabels.ToArray(); // Aces if (begin != -1) { LinkedList <Ace> aces = new LinkedList <Ace>(); // brackets balance: '(' = +1, ')' = -1 int balance = 0; for (int end = begin; end < acl.Length; end++) { if (acl[end] == Ace.BeginToken) { if (balance == 0) { begin = end; } balance += 1; } else if (acl[end] == Ace.EndToken) { balance -= 1; int length = end - begin - 1; if (length < 0) { // ERROR Ace is empty. continue; } if (balance == 0) { aces.AddLast(new Ace(acl.Substring(begin + 1, length), type)); } } else if (balance <= 0) { // ERROR Acl contains unexpected AceEnd characters. balance = 0; } } Aces = aces.ToArray(); } }
public Acl(string acl, SecurableObjectType type = SecurableObjectType.Unknown) { Raw = acl; int begin = acl.IndexOf(Ace.BeginToken); // Flags var flags = begin == -1 ? acl : acl.Substring(0, begin); var flagsLabels = Match.ManyByPrefix(flags, SdControlsDict, out var reminder); if (reminder != null) { Report(Error.SDP004.Format(reminder)); } Flags = flagsLabels.ToArray(); // Aces if (begin != -1) { LinkedList <Ace> aces = new LinkedList <Ace>(); // brackets balance: '(' = +1, ')' = -1 int balance = 0; for (int end = begin; end < acl.Length; end++) { int length = end - begin - 1; if (acl[end] == Ace.BeginToken) { if (balance == 0) { begin = end; } balance += 1; } else if (acl[end] == Ace.EndToken) { balance -= 1; if (length < 0) { Report(Error.SDP005.Format(begin.ToString())); continue; } if (balance == 0) { aces.AddLast(new Ace(acl.Substring(begin + 1, length), type)); } } else if (balance <= 0) { Report(Error.SDP006.Format(acl.Substring(begin + 1, length))); balance = 0; } } Aces = aces.ToArray(); } }
/// <summary> /// Adds the specified securable object type,inserts SecurableObjectType object into the system . /// </summary> /// <param name="securableObjectType">Type of the securable object.</param> public void Add(SecurableObjectType securableObjectType) { this.securableObjectTypeDao.Add(securableObjectType); }