public void SyncronizeFileSystem(SecurityTemplate securityTemplate)
{
string fullPath = securityTemplate.GetFullPath(ServerConfig.WebsiteDirectory);
WindowsUser windowsUser = getWindowsUser(securityTemplate.Username);
FileInfo fileInfo = new FileInfo(fullPath);
DirectoryInfo directoryInfo = new DirectoryInfo(fullPath);
if (fileInfo.Exists)
{
FileSecurity security = fileInfo.GetAccessControl();
applySecurityAccessRule(securityTemplate, windowsUser, security);
fileInfo.SetAccessControl(security);
}
else if (directoryInfo.Exists)
{
DirectorySecurity security = directoryInfo.GetAccessControl();
applySecurityAccessRule(securityTemplate, windowsUser, security);
directoryInfo.SetAccessControl(security);
}
else
{
throw new Exception(
"Cannot set security rule because the path '" + fullPath + "' does not exist.");
}
}
public ActionResult ChangeStatus(long?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
SecurityTemplate secTemp = db.SecurityTemplates.Where(st => st.ID == id && st.ID > 12).SingleOrDefault();
if (secTemp == null)
{
return(HttpNotFound());
}
bool tempVar = true;
if (secTemp.IsActive)
{
tempVar = false;
}
secTemp.IsActive = tempVar;
db.Entry(secTemp).State = EntityState.Modified;
db.SaveChanges();
Session["siteMsgTyp"] = "success";
Session["siteMsg"] = "The selected option status changed successfully.";
return(RedirectToAction("Index", "SecurityTemplates"));
}
private string getFullPath(RhspDataID websiteID, string relativePath)
{
return(SecurityTemplate.GetFullPath(
ServerConfig.WebsiteDirectory,
CreateManager <WebsiteManager>().Get(websiteID),
relativePath));
}
public FileSystemAccessRule GetFileSystemAccessRule <TSecurity>(
SecurityTemplate template,
WindowsUser windowsUser)
where TSecurity : FileSystemSecurity
{
if (typeof(TSecurity) == typeof(DirectorySecurity))
{
// Directory security with default inheritance (files and subfolders).
return(new FileSystemAccessRule(
windowsUser.Sid,
template.GetFileSystemRights(),
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
template.GetAccessControlType()));
}
else if (typeof(TSecurity) == typeof(FileSecurity))
{
// Files must not have inheritance specified.
return(new FileSystemAccessRule(
windowsUser.Sid,
template.GetFileSystemRights(),
template.GetAccessControlType()));
}
else
{
throw new NotSupportedException(
"File system security type '" + typeof(TSecurity).FullName + "' is not supported.");
}
}
protected void RemoveMatchingRules <TSecurity>(
TSecurity security,
SecurityIdentifier sid,
SecurityTemplate template)
where TSecurity : FileSystemSecurity
{
RemoveMatchingRules <TSecurity>(security, sid, template.GetAccessControlType());
}
private bool relativePathAndUserExists(SecurityTemplate st, DirectoryInfo websiteDirectory)
{
SecurityTemplateManager stm = CreateManager <SecurityTemplateManager>();
WindowsUserManager wum = new WindowsUserManager(ServerConfig.WindowsServerName);
return(!stm.RelativePathExists(websiteDirectory, st.RelativePath) ||
(!wum.Exists(st.Username) && !st.UseIisIdentity));
}
public void MediumTrustAllowsCopyingBetweenTypesFromSameModule()
{
SampleBaseClass i1 = new SampleDerivedClass("1st config val");
SampleBaseClass i2 = new SampleFurtherDerivedClass("2nd config val");
SecurityTemplate.MediumTrustInvoke(new ThreadStart(new CopyCommand(i2, i1).Execute));
Assert.AreEqual(i1, i2);
}
private IEnumerable <SecurityTemplate> getQuery()
{
return(from r in HostingConfig.GetArray <SecurityTemplate>()
join w in HostingConfig.GetArray <Website>()
on r.WebsiteID equals w.DataID
join c in HostingConfig.GetArray <Customer>()
on w.CustomerID equals c.DataID
select SecurityTemplate.Combine(r, Website.Combine(w, c)));
}
public void MediumTrustThrowsSecurityExceptionWhenCopyingBetweenTypesFromDifferentModules()
{
Exception e1 = new Exception("my name is e1");
HttpException e2 = new HttpException("my name is e2");
// I know, I am a bit paranoid about that basic assumption
Assert.AreNotEqual(e1.GetType().Assembly, e2.GetType().Assembly);
SecurityTemplate.MediumTrustInvoke(new ThreadStart(new CopyCommand(e2, e1).Execute));
Assert.AreEqual(e1.Message, e2.Message);
}
public void Update(SecurityTemplate securityTemplate)
{
SecurityTemplate existing = Get(securityTemplate.DataID);
if (existing.Access != securityTemplate.Access)
{
throw new Exception("Access mode cannot be changed once set.");
}
enforceConstraints(securityTemplate);
HostingConfig.Update(securityTemplate);
}
private void dataGridView_CellValueChanged(object sender, DataGridViewCellEventArgs e)
{
if (e.RowIndex != -1)
{
SecurityTemplate rule = (SecurityTemplate)dataGridView.Rows[e.RowIndex].DataBoundItem;
if (rule.PendingAction != ChildPendingAction.Create)
{
rule.PendingAction = ChildPendingAction.Update;
}
ChangeMade();
}
}
private void removeRule(SecurityTemplate rule)
{
if (rule.PendingAction == ChildPendingAction.Create)
{
// Not yet created, so remove from results.
ruleResultList.Remove(rule);
}
else
{
rule.PendingAction = ChildPendingAction.Delete;
}
ruleBindingList.Remove(rule);
}
private void applySecurityAccessRule <TSecurity>(
SecurityTemplate securityTemplate,
WindowsUser windowsUser,
TSecurity security)
where TSecurity : FileSystemSecurity
{
RemoveMatchingRules <TSecurity>(
security,
windowsUser.Sid,
securityTemplate.GetAccessControlType());
// Add new rule (effectively replace if removed) to apply security.
security.AddAccessRule(GetFileSystemAccessRule <TSecurity>(securityTemplate, windowsUser));
}
private void dataGridView_CellBeginEdit(object sender, DataGridViewCellCancelEventArgs e)
{
DataGridViewRow row = dataGridView.Rows[e.RowIndex];
SecurityTemplate rule = (SecurityTemplate)row.DataBoundItem;
if (rule.PendingAction != ChildPendingAction.Create)
{
if ((e.ColumnIndex == dataGridView.Columns[RelativePathColumn.Name].Index) ||
(e.ColumnIndex == dataGridView.Columns[AccessColumn.Name].Index))
{
// Only allow path and access edit if not created.
e.Cancel = true;
}
}
}
public ActionResult Edit(long?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
SecurityTemplate securityTemplate = db.SecurityTemplates.Where(st => st.ID == id && st.ID > 1).SingleOrDefault();
if (securityTemplate == null)
{
return(HttpNotFound());
}
//Get Permissions
var v = from b in db.Permissions
select new
{
b.ID,
b.GroupName,
Name = b.ControllerName + " - " + b.ActionName,
b.OnlyAdminHidden,
Checked = ((from bou in db.SecurityTemplatePermissions
where (bou.SecurityTemplateID == id) & (bou.PermissionID == b.ID)
select bou).Count() > 0)
};
v = v.Where(b => b.OnlyAdminHidden == false);
v = v.OrderBy("Name asc");
var Permissions = v.ToList();
var PermissionCheckBoxList = new List <CheckBoxViewModel>();
foreach (var item in Permissions)
{
PermissionCheckBoxList.Add(new CheckBoxViewModel {
ID = item.ID, GroupName = item.GroupName, Name = item.Name, Checked = item.Checked
});
}
//Add data to the SecurityTemplateViewModel
SecurityTemplateViewModel stvm = new SecurityTemplateViewModel
{
SecurityTemplateName = securityTemplate.SecurityTemplateName,
IsActive = securityTemplate.IsActive,
Permissions = PermissionCheckBoxList
};
return(View(stvm));
}
public void Delete(RhspDataID dataID)
{
SecurityTemplate securityTemplate = Get(dataID);
if (!string.IsNullOrEmpty(securityTemplate.Username))
{
// Only try to delete the physical rule if the user is specified.
WindowsUser windowsUser = findWindowsUser(securityTemplate.Username);
if (windowsUser != null)
{
// Only try to delete when the user is still on the system.
deleteFromFileSystem(securityTemplate, windowsUser.Sid);
}
}
HostingConfig.Delete <SecurityTemplate>(dataID);
}
private void addButton_Click(object sender, EventArgs e)
{
SecurityTemplate rule = new SecurityTemplate(RhspDataID.Generate());
rule.PendingAction = ChildPendingAction.Create;
//rule.Username = usernameBindingList.FirstOrDefault();
ruleResultList.Add(rule);
ruleBindingList.Add(rule);
ruleBindingList.ResetBindings();
ChangeMade();
selectGridViewRow(dataGridView.Rows.Cast <DataGridViewRow>().Last().Index);
dataGridView.BeginEdit(false);
}
private void dataGridView_RowPrePaint(object sender, DataGridViewRowPrePaintEventArgs e)
{
DataGridViewRow row = dataGridView.Rows[e.RowIndex];
SecurityTemplate rule = (SecurityTemplate)row.DataBoundItem;
DataGridViewTextBoxCell relativePathCell = (DataGridViewTextBoxCell)row.Cells[RelativePathColumn.Name];
//DataGridViewComboBoxCell usernameCell = (DataGridViewComboBoxCell)row.Cells[UsernameColumn.Name];
DataGridViewComboBoxCell accessCell = (DataGridViewComboBoxCell)row.Cells[AccessColumn.Name];
if (rule.PendingAction != ChildPendingAction.Create)
{
relativePathCell.Style.BackColor = SystemColors.Control;
//usernameCell.Style.BackColor = SystemColors.Control;
//usernameCell.DisplayStyle = DataGridViewComboBoxDisplayStyle.Nothing;
accessCell.Style.BackColor = SystemColors.Control;
accessCell.DisplayStyle = DataGridViewComboBoxDisplayStyle.Nothing;
}
}
public void CannotReadPrivateReadOnlyFieldIfNoReflectionPermission()
{
FieldInfo fieldInfo = typeof(MyStaticClass).GetField("myPrivateReadonlyField", BindingFlags.Static | BindingFlags.NonPublic);
try
{
SecurityTemplate.MediumTrustInvoke(delegate
{
IDynamicField myPrivateReadonlyField2 = Create(fieldInfo);
});
Assert.Fail("private field must not be accessible in medium trust: " + fieldInfo);
}
catch (SecurityException sex)
{
Assert.IsTrue(sex.Message.IndexOf("ReflectionPermission") > -1);
}
}
public void Process(SecurityTemplate securityRule)
{
switch (securityRule.PendingAction)
{
case ChildPendingAction.Create: Create(securityRule); break;
case ChildPendingAction.Update: Update(securityRule); break;
case ChildPendingAction.Delete: Delete(securityRule.DataID); break;
}
// Path may have been deleted outside of the application.
if (securityRule.RelativePathExists(ServerConfig.WebsiteDirectory) &&
!securityRule.UsingIisIdenityWhileIisSiteDisabled())
{
// Syncronise even if action is none (fs may be out of date).
SyncronizeFileSystem(securityRule);
}
}
private void deleteFromFileSystem(SecurityTemplate securityTemplate, SecurityIdentifier sid)
{
string fullPath = securityTemplate.GetFullPath(ServerConfig.WebsiteDirectory);
FileInfo fileInfo = new FileInfo(fullPath);
DirectoryInfo directoryInfo = new DirectoryInfo(fullPath);
// If it exists, delete it, if not, ignore the delete request.
if (fileInfo.Exists)
{
FileSecurity security = File.GetAccessControl(fileInfo.FullName);
RemoveMatchingRules(security, sid, securityTemplate.GetAccessControlType());
File.SetAccessControl(directoryInfo.FullName, security);
}
else if (directoryInfo.Exists)
{
DirectorySecurity security = Directory.GetAccessControl(directoryInfo.FullName);
RemoveMatchingRules(security, sid, securityTemplate.GetAccessControlType());
Directory.SetAccessControl(fileInfo.FullName, security);
}
}
private void enforceConstraints(SecurityTemplate securityTemplate)
{
if (!RelativePathExists(securityTemplate.WebsiteID, securityTemplate.RelativePath))
{
string fullPath = getFullPath(
securityTemplate.WebsiteID,
securityTemplate.RelativePath);
throw new Exception(
"The Windows file system path '" + fullPath + "' does not exist.");
}
if (!securityTemplate.UsingIisIdenityWhileIisSiteDisabled())
{
if (string.IsNullOrEmpty(securityTemplate.Username))
{
if (securityTemplate.UseIisIdentity)
{
throw new Exception(
"Security template is set to use IIS identity, but " +
"the username for this identity is null or empty.");
}
else
{
throw new Exception(
"The username property of the security template cannot be null.");
}
}
if (!UserExists(securityTemplate.Username))
{
throw new Exception(
"There is no Windows user with username '" + securityTemplate.Username + "'.");
}
}
}
private bool relativePathIsRoot(SecurityTemplate st)
{
return(string.IsNullOrEmpty(st.RelativePath) ||
(st.RelativePath == @"\") ||
(st.RelativePath == "/"));
}
public void Create(SecurityTemplate securityTemplate)
{
enforceConstraints(securityTemplate);
HostingConfig.Create(securityTemplate);
}
public void CanCreateWithRestrictedPermissions()
{
SecurityTemplate.MediumTrustInvoke(new ThreadStart(CanCreateWithRestrictedPermissionsImpl));
}
public void CanCreatePrivateMethodButThrowsOnInvoke()
{
SecurityTemplate.MediumTrustInvoke(new ThreadStart(CanCreatePrivateMethodButThrowsOnInvokeImpl));
}
private string getFullPath(DirectoryInfo websiteDirectory, string relativePath)
{
return(SecurityTemplate.GetFullPath(
websiteDirectory,
relativePath));
}
public virtual void SetUp()
{
Security = new SecurityTemplate(true);
LogManager.Reset();
LogManager.Adapter = GetLoggerFactoryAdapter();
}
void SettingsPage_AfterNextAsync(object sender, RunWorkerCompletedEventArgs e)
{
List <SecurityTemplate> stList = new List <SecurityTemplate>();
List <WebsiteHost> hostList = new List <WebsiteHost>();
List <DnsZone> dnsZoneList = new List <DnsZone>();
string iisRedirectUrl = string.Empty;
//Website.Name = hostNameTextBox.Text;
if (iisEnableCheckBox.Checked)
{
if (iisStandardRadioButton.Checked)
{
Website.IisSite.Mode = WebsiteIisMode.Standard;
}
if (iisRedirectRadioButton.Checked)
{
Website.IisSite.Mode = WebsiteIisMode.Redirect;
iisRedirectUrl = iisRedirectTextBox.Text;
}
// Only create security template when there will be a directory to use.
SecurityTemplate securityTemplate = new SecurityTemplate(RhspDataID.Generate());
securityTemplate.PendingAction = ChildPendingAction.Create;
securityTemplate.RelativePath = "\\";
securityTemplate.Read = true;
securityTemplate.Access = SecurityTemplateAccess.Allow;
securityTemplate.UseIisIdentity = true;
stList.Add(securityTemplate);
}
else
{
Website.IisSite.Mode = WebsiteIisMode.Disabled;
}
WebsiteHost primaryHost = new WebsiteHost(RhspDataID.Generate());
primaryHost.PendingAction = ChildPendingAction.Create;
primaryHost.Port = getIisPort();
primaryHost.Name = hostNameTextBox.Text;
primaryHost.IpAddress = (string)iisIpBindingSource.Current;
//primaryHost.Primary = true;
Website.PrimaryHostID = primaryHost.DataID;
hostList.Add(primaryHost);
if (wwwHostNameCheckBox.Checked)
{
WebsiteHost wwwHost = new WebsiteHost(RhspDataID.Generate());
wwwHost.PendingAction = ChildPendingAction.Create;
wwwHost.Port = getIisPort();
wwwHost.Name = "www." + primaryHost.Name;
wwwHost.IpAddress = primaryHost.IpAddress;
hostList.Add(wwwHost);
}
if (dnsCreateRadioButton.Checked)
{
List <DnsRecord> recordList = new List <DnsRecord>();
DnsZone zone = new DnsZone(RhspDataID.Generate());
zone.PendingAction = ChildPendingAction.Create;
zone.Name = hostNameTextBox.Text;
zone.DefaultTtl = "1h";
dnsZoneList.Add(zone);
foreach (string dnsServer in dnsServerArray)
{
DnsRecord nsRecord = new DnsRecord(RhspDataID.Generate());
nsRecord.PendingAction = ChildPendingAction.Create;
nsRecord.Name = "@";
nsRecord.RecordType = DnsRecordType.NS;
nsRecord.Value = dnsServer;
recordList.Add(nsRecord);
}
DnsRecord rootRecord = new DnsRecord(RhspDataID.Generate());
rootRecord.PendingAction = ChildPendingAction.Create;
rootRecord.Name = "@";
rootRecord.RecordType = DnsRecordType.A;
rootRecord.Value = (string)dnsIpBindingSource.Current;
recordList.Add(rootRecord);
if (wwwHostNameCheckBox.Checked)
{
DnsRecord wwwRecord = new DnsRecord(RhspDataID.Generate());
wwwRecord.PendingAction = ChildPendingAction.Create;
wwwRecord.Name = "www";
wwwRecord.RecordType = DnsRecordType.CNAME;
wwwRecord.Value = "@";
recordList.Add(wwwRecord);
}
zone.RecordArray = recordList.ToArray();
}
Website.HostArray = hostList.ToArray();
Website.SecurityArray = stList.ToArray();
Website.DnsZoneArray = dnsZoneList.ToArray();
Website.IisSite.RedirectUrl = iisRedirectUrl;
}
private void deleteSecurityTemplate(SecurityTemplate st)
{
CreateManager <SecurityTemplateManager>().Delete(st.DataID);
}
