public SetDiscretionaryAclProtection ( bool isProtected, bool preserveInheritance ) : void | ||
isProtected | bool | |
preserveInheritance | bool | |
return | void |
public void GetBinaryForm () { CommonSecurityDescriptor csd = new CommonSecurityDescriptor (false, false, ControlFlags.None, null, null, null, null); Assert.AreEqual (20, csd.BinaryLength); byte[] binaryForm = new byte[csd.BinaryLength]; csd.GetBinaryForm (binaryForm, 0); Assert.AreEqual (ControlFlags.DiscretionaryAclPresent | ControlFlags.SelfRelative, csd.ControlFlags); // The default 'Allow Everyone Full Access' serializes as NOT having a // DiscretionaryAcl, as the above demonstrates (byte 3 is 0 not 4). Assert.AreEqual (new byte[20] { 1, 0, 0, 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, binaryForm); // Changing SystemAcl protection does nothing special. csd.SetSystemAclProtection (true, true); Assert.AreEqual (20, csd.BinaryLength); // Modifying the DiscretionaryAcl (even effective no-ops like this) causes serialization. csd.SetDiscretionaryAclProtection (false, true); Assert.AreEqual (48, csd.BinaryLength); }
public void SetAccessRuleProtection(bool isProtected, bool preserveInheritance) { WriteLock(); try { descriptor.SetDiscretionaryAclProtection(isProtected, preserveInheritance); } finally { WriteUnlock(); } }
public override byte[] GetAllowAllNodeAcl(string repositoryName, Guid domainId, Guid rootMapId) { // Return an empty Windows node ACL. SecurityIdentifier farmAccountSid = SPFarm.Local.DefaultServiceAccount.SecurityIdentifier; CommonSecurityDescriptor securityDescriptor = new CommonSecurityDescriptor(false, false, ControlFlags.None, farmAccountSid, null, null, null); securityDescriptor.SetDiscretionaryAclProtection(true, false); byte[] itemAcl = new byte[securityDescriptor.BinaryLength]; securityDescriptor.GetBinaryForm(itemAcl, 0); return itemAcl; }
public void SetAccessRuleProtection(bool isProtected, bool preserveInheritance) { WriteLock(); try { _securityDescriptor.SetDiscretionaryAclProtection(isProtected, preserveInheritance); _daclModified = true; } finally { WriteUnlock(); } }
public void AefaModifiedFlagIsStoredOnDiscretionaryAcl () { CommonSecurityDescriptor csd1, csd2; // Incidentally this shows the DiscretionaryAcl is NOT cloned. csd1 = new CommonSecurityDescriptor (false, false, ControlFlags.None, null, null, null, null); csd2 = new CommonSecurityDescriptor (false, false, ControlFlags.None, null, null, null, csd1.DiscretionaryAcl); Assert.AreSame (csd1.DiscretionaryAcl, csd2.DiscretionaryAcl); Assert.AreEqual ("", csd1.GetSddlForm (AccessControlSections.Access)); csd2.SetDiscretionaryAclProtection (false, true); Assert.AreEqual ("D:(A;;0xffffffff;;;WD)", csd1.GetSddlForm (AccessControlSections.Access)); Assert.AreEqual ("D:(A;;0xffffffff;;;WD)", csd2.GetSddlForm (AccessControlSections.Access)); }
protected byte[] GetNodeAclWorker(string mapDatabaseName, string repositoryName, Guid domainId, Guid rootMapId, bool isCacheEnabled) { SecurityIdentifier farmAccountSid = SPFarm.Local.DefaultServiceAccount.SecurityIdentifier; CommonSecurityDescriptor securityDescriptor = new CommonSecurityDescriptor(false, false, ControlFlags.None, farmAccountSid, null, null, null); securityDescriptor.SetDiscretionaryAclProtection(true, false); // Deny access to all users. SecurityIdentifier everyoneSid = new SecurityIdentifier(WellKnownSidType.WorldSid, null); securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, everyoneSid, unchecked((int)0xffffffffL), InheritanceFlags.None, PropagationFlags.None); // Grant access to specified users. securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, farmAccountSid, unchecked((int)0xffffffffL), InheritanceFlags.None, PropagationFlags.None); List<SpUserDetail> allowedUsers = GetAllowedUsers(mapDatabaseName, repositoryName, domainId, rootMapId); List<string> addedSids = new List<string>(); foreach (SpUserDetail user in allowedUsers) { SecurityIdentifier userSid = null; if (!string.IsNullOrEmpty(user.Sid)) { userSid = new SecurityIdentifier(user.Sid); } else { userSid = GetSidFromClaim(user.LoginName); } if (userSid != null && !addedSids.Contains(userSid.Value)) { securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, userSid, unchecked((int)0xffffffffL), InheritanceFlags.None, PropagationFlags.None); addedSids.Add(userSid.Value); } } byte[] itemAcl = new byte[securityDescriptor.BinaryLength]; securityDescriptor.GetBinaryForm(itemAcl, 0); return itemAcl; }
public void ProtectionChangesFlags () { SecurityIdentifier userSid = new SecurityIdentifier (WellKnownSidType.LocalSystemSid, null); SecurityIdentifier groupSid = new SecurityIdentifier (WellKnownSidType.BuiltinAdministratorsSid, null); CommonSecurityDescriptor csd; csd = new CommonSecurityDescriptor (false, false, ControlFlags.None, userSid, groupSid, null, null); Assert.AreEqual (ControlFlags.DiscretionaryAclPresent | ControlFlags.SelfRelative, csd.ControlFlags); csd.SetDiscretionaryAclProtection (true, false); Assert.AreEqual (ControlFlags.DiscretionaryAclPresent | ControlFlags.DiscretionaryAclProtected | ControlFlags.SelfRelative, csd.ControlFlags); csd.SetSystemAclProtection (true, false); // despite not being *present* Assert.AreEqual (ControlFlags.DiscretionaryAclPresent | ControlFlags.DiscretionaryAclProtected | ControlFlags.SystemAclProtected | ControlFlags.SelfRelative, csd.ControlFlags); }
public void GetSddlFormAefaRemovesDacl () { CommonSecurityDescriptor csd = new CommonSecurityDescriptor (false, false, ControlFlags.None, null, null, null, null); Assert.AreEqual (1, csd.DiscretionaryAcl.Count); Assert.AreEqual ("", csd.GetSddlForm (AccessControlSections.Access)); Assert.AreEqual (ControlFlags.DiscretionaryAclPresent | ControlFlags.SelfRelative, csd.ControlFlags); Assert.AreSame (csd.DiscretionaryAcl, csd.DiscretionaryAcl); Assert.AreNotSame (csd.DiscretionaryAcl[0], csd.DiscretionaryAcl[0]); Assert.AreEqual ("", csd.GetSddlForm (AccessControlSections.Access)); csd.SetDiscretionaryAclProtection (false, true); Assert.AreEqual ("D:(A;;0xffffffff;;;WD)", csd.GetSddlForm (AccessControlSections.Access)); Assert.AreSame (csd.DiscretionaryAcl, csd.DiscretionaryAcl); Assert.AreNotSame (csd.DiscretionaryAcl[0], csd.DiscretionaryAcl[0]); Assert.AreEqual (ControlFlags.DiscretionaryAclPresent | ControlFlags.SelfRelative, csd.ControlFlags); csd.SetDiscretionaryAclProtection (true, true); Assert.AreEqual (1, csd.DiscretionaryAcl.Count); Assert.AreEqual ("D:P(A;;0xffffffff;;;WD)", csd.GetSddlForm (AccessControlSections.Access)); Assert.AreEqual (ControlFlags.DiscretionaryAclPresent | ControlFlags.DiscretionaryAclProtected | ControlFlags.SelfRelative, csd.ControlFlags); csd.SetDiscretionaryAclProtection (false, false); Assert.AreEqual (1, csd.DiscretionaryAcl.Count); Assert.AreEqual ("D:(A;;0xffffffff;;;WD)", csd.GetSddlForm (AccessControlSections.Access)); Assert.AreEqual (ControlFlags.DiscretionaryAclPresent | ControlFlags.SelfRelative, csd.ControlFlags); }