Esempio n. 1
0
        private static bool TestPurge(DiscretionaryAcl discretionaryAcl, SecurityIdentifier sid, int aceCount)
        {

            KnownAce ace = null;

            discretionaryAcl.Purge(sid);
            if (aceCount != discretionaryAcl.Count)
                return false;
            for (int i = 0; i < discretionaryAcl.Count; i++)
            {
                ace = discretionaryAcl[i] as KnownAce;
                if (ace != null && ((ace.AceFlags & AceFlags.Inherited) == 0))
                {
                    if (ace.SecurityIdentifier == sid)
                        return false;
                }
            }
            return true;
        }
Esempio n. 2
0
        private static bool TestPurge(DiscretionaryAcl discretionaryAcl, SecurityIdentifier sid, int aceCount)
        {
            KnownAce ace = null;

            discretionaryAcl.Purge(sid);
            if (aceCount != discretionaryAcl.Count)
            {
                return(false);
            }
            for (int i = 0; i < discretionaryAcl.Count; i++)
            {
                ace = discretionaryAcl[i] as KnownAce;
                if (ace != null && ((ace.AceFlags & AceFlags.Inherited) == 0))
                {
                    if (ace.SecurityIdentifier == sid)
                    {
                        return(false);
                    }
                }
            }
            return(true);
        }
Esempio n. 3
0
        public void DetectsCanonicalMergesAndRemovesInheritedAces()
        {
            SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);

            RawAcl acl = MakeRawAcl(new GenericAce[] {
                new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 4, sid, false, null),
                new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 8, sid, false, null),
                new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, sid, false, null),
                new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 2, sid, false, null),
                new CommonAce(AceFlags.Inherited, AceQualifier.AccessAllowed, 4, sid, false, null),
                new CommonAce(AceFlags.Inherited, AceQualifier.AccessAllowed, 4, sid, false, null)
            });

            Assert.AreEqual(6, acl.Count);

            DiscretionaryAcl dacl = new DiscretionaryAcl(false, false, acl);

            Assert.IsTrue(dacl.IsCanonical);
            Assert.AreEqual(4, dacl.Count);

            Assert.AreEqual(AceFlags.None, ((CommonAce)dacl [0]).AceFlags);
            Assert.AreEqual(AceFlags.None, ((CommonAce)dacl [1]).AceFlags);
            Assert.AreEqual(AceFlags.Inherited, ((CommonAce)dacl [2]).AceFlags);
            Assert.AreEqual(AceFlags.Inherited, ((CommonAce)dacl [3]).AceFlags);
            Assert.AreEqual(AceQualifier.AccessDenied, ((CommonAce)dacl [0]).AceQualifier);
            Assert.AreEqual(AceQualifier.AccessAllowed, ((CommonAce)dacl [1]).AceQualifier);
            Assert.AreEqual(AceQualifier.AccessAllowed, ((CommonAce)dacl [2]).AceQualifier);
            Assert.AreEqual(AceQualifier.AccessAllowed, ((CommonAce)dacl [3]).AceQualifier);
            GenericAce ace7 = dacl[0];

            Assert.IsInstanceOfType(typeof(CommonAce), ace7);

            dacl.RemoveInheritedAces();
            Assert.AreEqual(2, dacl.Count);

            dacl.Purge(sid);
            Assert.AreEqual(0, dacl.Count);
        }
Esempio n. 4
0
        public static void Purge_AdditionalTestCases()
        {
            bool isContainer = false;
            bool isDS        = false;

            RawAcl           rawAcl           = null;
            DiscretionaryAcl discretionaryAcl = null;

            byte revision = 0;
            int  capacity = 0;

            //case 1, null Sid
            Assert.Throws <ArgumentNullException>(() =>
            {
                revision         = 127;
                capacity         = 1;
                rawAcl           = new RawAcl(revision, capacity);
                isContainer      = true;
                isDS             = false;
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                discretionaryAcl.Purge(null);
            });
        }
Esempio n. 5
0
        internal override void AdjustRegKeyPermission()
        {
            const uint maxSecurityDescriptorSize = 40960;

            byte[] binarySecurityDescriptor;
            CommonSecurityDescriptor securityDescriptor = null;
            int  ret;
            uint dwSize = 256;

            do
            {
                binarySecurityDescriptor = new byte[dwSize];
                ret = SafeNativeMethods.ClusterRegGetKeySecurity(hKey, SecurityInfos.DiscretionaryAcl, binarySecurityDescriptor, ref dwSize);
                if (ret == SafeNativeMethods.ERROR_SUCCESS)
                {
                    break;
                }
                else if (ret == SafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
                {
                    dwSize *= 2;
                }
                else
                {
                    throw registryExceptionHelper.CreateRegistryWriteException(null);
                }
            } while (dwSize <= maxSecurityDescriptorSize);

            if (dwSize > maxSecurityDescriptorSize)
            {
                throw registryExceptionHelper.CreateRegistryWriteException(null);
            }

            try
            {
                securityDescriptor = new CommonSecurityDescriptor(false, false, binarySecurityDescriptor, 0);
                DiscretionaryAcl dacl = securityDescriptor.DiscretionaryAcl;
                if (dacl.Count == 1)
                {
                    CommonAce ace = dacl[0] as CommonAce;
                    if (ace != null && ace.AceType == AceType.AccessAllowed && ace.SecurityIdentifier.IsWellKnown(WellKnownSidType.WorldSid))
                    {
                        // This is the Allowed for everyone full access ACE that's automatically added by
                        // CommonSecurityDescriptor ctor; we should remove it
                        dacl.Purge(new SecurityIdentifier(WellKnownSidType.WorldSid, null));
                    }
                }

                // Add Read access for Authenticated Users account and Network Service account
                dacl.AddAccess(AccessControlType.Allow, new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null),
                               unchecked ((int)0x80000000), InheritanceFlags.None, PropagationFlags.None);
                dacl.AddAccess(AccessControlType.Allow, new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null),
                               unchecked ((int)0x80000000), InheritanceFlags.None, PropagationFlags.None);
            }
            #pragma warning suppress 56500
            catch (Exception e)
            {
                // MSDN does not have a spec of possible exceptions for the APIs used above.
                // To be safe, we should be a bit more generic in catching exceptions
                if (Utilities.IsCriticalException(e))
                {
                    throw;
                }
                throw registryExceptionHelper.CreateRegistryWriteException(e);
            }

            int    dsNewSecDescSize            = securityDescriptor.BinaryLength;
            byte[] newBinarySecurityDescriptor = new byte[dsNewSecDescSize];
            securityDescriptor.GetBinaryForm(newBinarySecurityDescriptor, 0);

            ret = SafeNativeMethods.ClusterRegSetKeySecurity(hKey, SecurityInfos.DiscretionaryAcl, newBinarySecurityDescriptor);
            if (ret != SafeNativeMethods.ERROR_SUCCESS)
            {
                throw registryExceptionHelper.CreateRegistryWriteException(null);
            }
        }
Esempio n. 6
0
        public static void Purge_AdditionalTestCases()
        {
            bool isContainer = false;
            bool isDS = false;

            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;

            byte revision = 0;
            int capacity = 0;

            //case 1, null Sid
            Assert.Throws<ArgumentNullException>(() =>
            {
                revision = 127;
                capacity = 1;
                rawAcl = new RawAcl(revision, capacity);
                isContainer = true;
                isDS = false;
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                discretionaryAcl.Purge(null);
            });
        }