private fileeffectiverights_item CloneItemType(fileeffectiverights_item sourceItem) { return(new fileeffectiverights_item() { status = sourceItem.status, message = CloneItemMessages(sourceItem.message), filepath = CloneStringEntity(sourceItem.filepath), path = CloneStringEntity(sourceItem.path), filename = CloneStringEntity(sourceItem.filename), trustee_sid = CloneStringEntity(sourceItem.trustee_sid), trustee_name = CloneStringEntity(sourceItem.trustee_name), access_system_security = CloneEntity(sourceItem.access_system_security), file_append_data = CloneEntity(sourceItem.file_append_data), file_delete_child = CloneEntity(sourceItem.file_delete_child), file_execute = CloneEntity(sourceItem.file_execute), file_read_attributes = CloneEntity(sourceItem.file_read_attributes), file_read_data = CloneEntity(sourceItem.file_read_data), file_read_ea = CloneEntity(sourceItem.file_read_ea), file_write_attributes = CloneEntity(sourceItem.file_write_attributes), file_write_data = CloneEntity(sourceItem.file_write_data), file_write_ea = CloneEntity(sourceItem.file_write_ea), generic_all = CloneEntity(sourceItem.generic_all), generic_execute = CloneEntity(sourceItem.generic_execute), generic_read = CloneEntity(sourceItem.generic_read), generic_write = CloneEntity(sourceItem.generic_write), standard_delete = CloneEntity(sourceItem.standard_delete), standard_read_control = CloneEntity(sourceItem.standard_read_control), standard_synchronize = CloneEntity(sourceItem.standard_synchronize), standard_write_dac = CloneEntity(sourceItem.standard_write_dac), standard_write_owner = CloneEntity(sourceItem.standard_write_owner) }); }
private void assertFileEffectiveRightsCollectedItems(CollectedItem expectedItem, ItemType collectedItem) { fileeffectiverights_item expectedFileItem = (fileeffectiverights_item)expectedItem.ItemType; fileeffectiverights_item collectedFileItem = (fileeffectiverights_item)collectedItem; Assert.AreEqual(expectedFileItem.trustee_sid.Value, collectedFileItem.trustee_sid.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ENTITY_VALUE, "trustee_sid")); }
private void FillCollectedItem(fileeffectiverights_item item, IEnumerable <WMIWinACE> userDACLs) { try { FillCollectedItemFromUserWinACEs(item, userDACLs); item.status = StatusEnumeration.exists; } catch (InvalidInvokeMethodFilterException) { item.status = StatusEnumeration.doesnotexist; } catch (ACLNotFoundException) { item.status = StatusEnumeration.doesnotexist; } catch (UserNotFoundException) { item.status = StatusEnumeration.doesnotexist; } catch (InvalidInvokeMethodException) { item.status = StatusEnumeration.doesnotexist; } catch (Exception ex) { // ConfigureItemWithError(itemToCollect, ex.Message); } }
private void AddToFlatCache(string filepath, string trustee, fileeffectiverights_item collectedItem) { var cacheItemKey = String.Format("{0}#{1}", filepath, trustee); if (!this.FlatCache.ContainsKey(cacheItemKey)) { this.FlatCache.Add(cacheItemKey, collectedItem); } }
private void AssertCreatedItemType(fileeffectiverights_item itemToAssert, string filepath, string trusteeSID) { var path = System.IO.Path.GetDirectoryName(filepath); var filename = System.IO.Path.GetFileName(filepath); Assert.AreEqual(filepath, itemToAssert.filepath.Value, string.Format(UNEXPECTED_ENTITY_VALUE_FOUND, "filepath")); Assert.AreEqual(path, itemToAssert.path.Value, string.Format(UNEXPECTED_ENTITY_VALUE_FOUND, "path")); Assert.AreEqual(filename, itemToAssert.filename.Value, string.Format(UNEXPECTED_ENTITY_VALUE_FOUND, "filename")); Assert.AreEqual(trusteeSID, itemToAssert.trustee_sid.Value, string.Format(UNEXPECTED_ENTITY_VALUE_FOUND, "trustee_sid")); }
public FileEffectiveRightsProberTests() { var fakeItemType = new fileeffectiverights_item(); this.FakeItemsToBeGenerateByItemTypeGenerator = new ItemType[] { fakeItemType }; this.FakeCollectedItemsToBeReturnedByObjectCollector = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItemType) }; this.OvalDefinitionsSample = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple"); var objectSample = OvalDefinitionsSample.objects.OfType <fileeffectiverights53_object>().Where(obj => obj.Items.Count() > 1).First(); this.FakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(new OVAL.Definitions.ObjectType[] { objectSample }, null, null); }
public void Should_be_possible_to_collect_FileEffectiveRights() { // Arrange WmiObject fakeWmiObject = new WmiObject(); fakeWmiObject.Add("Descriptor.DACL.AccessMask", (uint)128); fakeWmiObject.Add("Descriptor.DACL.AceFlags", (uint)123); fakeWmiObject.Add("Descriptor.DACL.Trustee.SID", "{500}"); fakeWmiObject.Add("Descriptor.DACL.Trustee.Domain", "mss"); fakeWmiObject.Add("Descriptor.DACL.Trustee.Name", "lfernandes"); MockRepository mocks = new MockRepository(); WmiDataProvider fakeWmiDataProvider = mocks.DynamicMock <WmiDataProvider>(); Expect.Call(fakeWmiDataProvider.InvokeMethodByWmiPath(null)).IgnoreArguments().Return(new WmiObject[] { fakeWmiObject }); FileEffectiveRightsObjectCollector fileEffectiveRightsSysDataSource = new FileEffectiveRightsObjectCollector(); fileEffectiveRightsSysDataSource.WmiDataProvider = fakeWmiDataProvider; mocks.ReplayAll(); // Act IEnumerable <CollectedItem> collectedItem = fileEffectiveRightsSysDataSource.CollectDataForSystemItem(this.getFakeFileItem()); Assert.IsNotNull(collectedItem, "The return of collect data cannot be null"); Assert.AreEqual(1, collectedItem.Count(), "Unexpected collected items count."); Assert.IsNotNull(collectedItem.ElementAt(0).ItemType, "The file item cannot be null."); Assert.IsInstanceOfType(collectedItem.ElementAt(0).ItemType, typeof(fileeffectiverights_item), "The item of collected item must be file_item"); fileeffectiverights_item collectedFileEffectiveRights = (fileeffectiverights_item)collectedItem.ElementAt(0).ItemType; Assert.AreEqual("{500}", collectedFileEffectiveRights.trustee_sid.Value, "Unexpected item value."); Assert.AreEqual("1", collectedFileEffectiveRights.file_read_attributes.Value, "Unexpected file attribute found."); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_append_data, false, "file_append_data"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_delete_child, false, "file_delete_child"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_execute, false, "file_execute"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_read_data, false, "file_read_data"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_read_ea, false, "file_read_ea"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_attributes, false, "file_write_attributes"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_data, false, "file_write_data"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_ea, false, "file_write_ea"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_all, true, "generic_all"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_execute, true, "generic_execute"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_read, true, "generic_read"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_write, false, "generic_write"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_delete, false, "standard_delete"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_read_control, false, "standard_delete"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_synchronize, false, "standard_sync"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_write_dac, false, "standard_write_dac"); this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_write_owner, false, "standard_write_owner"); }
private void AssertCreatedItemTypeAgainstSourceObjectType( fileeffectiverights53_object sourceObjectType, fileeffectiverights_item createdItemType) { var sourceFilePath = sourceObjectType.GetAllObjectEntities()[fileeffectiverights53_object_ItemsChoices.filepath.ToString()]; var sourcePath = sourceObjectType.GetAllObjectEntities()[fileeffectiverights53_object_ItemsChoices.path.ToString()]; var sourceFileName = sourceObjectType.GetAllObjectEntities()[fileeffectiverights53_object_ItemsChoices.filename.ToString()]; var sourceTrusteeSID = sourceObjectType.GetAllObjectEntities()[fileeffectiverights53_object_ItemsChoices.trustee_sid.ToString()]; this.assertGeneratedEntityItem(createdItemType.filepath, sourceFilePath, "filepath"); this.assertGeneratedEntityItem(createdItemType.path, sourcePath, "path"); this.assertGeneratedEntityItem(createdItemType.filename, sourceFileName, "filename"); this.assertGeneratedEntityItem(createdItemType.trustee_sid, sourceTrusteeSID, "trusteeSID"); }
private void assertFileEffectiveRightsInitialEntities(Definitions.ObjectType sourceObject, SystemCharacteristics.ItemType collectedItem) { fileeffectiverights_item collectedFileEffectiveRightsItem = (fileeffectiverights_item)collectedItem; var allExpectedEntities = OvalHelper.GetFileEffectiveRightsFromObjectType((fileeffectiverights_object)sourceObject); string expectedPath = allExpectedEntities[fileeffectiverights_object_ItemsChoices.path.ToString()].Value; string expectedFileName = allExpectedEntities[fileeffectiverights_object_ItemsChoices.filename.ToString()].Value; string expectedTrusteeName = allExpectedEntities[fileeffectiverights_object_ItemsChoices.trustee_name.ToString()].Value; Assert.AreEqual(expectedPath, collectedFileEffectiveRightsItem.path.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ITEM_VALUE, "path")); Assert.AreEqual(expectedFileName, collectedFileEffectiveRightsItem.filename.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ITEM_VALUE, "filename")); Assert.AreEqual(expectedTrusteeName, collectedFileEffectiveRightsItem.trustee_name.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ITEM_VALUE, "trustee_name")); }
private void AssertGeneratedFileEffectiveRightsItem(ItemType generatedItem, string expectedFilePath, string expectedPath, string expectedFileName, string expectedTrusteeName) { Assert.IsInstanceOfType(generatedItem, typeof(fileeffectiverights_item), "The type of generated file effective rights item must be 'fileeffectiverights_item'"); fileeffectiverights_item fileItem = (fileeffectiverights_item)generatedItem; Assert.AreEqual(expectedTrusteeName, fileItem.trustee_name.Value, "A generated file effective rights item with an unexpected 'trustee_name' value was found."); if (string.IsNullOrEmpty(expectedFilePath)) { Assert.AreEqual(expectedPath, fileItem.path.Value, "A generated file effective rights item with an unexpected 'path' value was found."); Assert.AreEqual(expectedFileName, fileItem.filename.Value, "A generated file effective rights item with an unexpected 'filename' value was found."); return; } Assert.AreEqual(expectedFilePath, fileItem.filepath.Value, "A generated file effective rights item with an unexpected 'filepath' value was found."); }
private void AssertGeneratedItem( fileeffectiverights_item itemToAssert, string expectedFilepath, string expectedPath, string expectedFilename, string expectedTrusteeSID) { ItemTypeEntityChecker.AssertItemTypeEntity(itemToAssert.filepath, expectedFilepath, "filepath"); ItemTypeEntityChecker.AssertItemTypeEntity(itemToAssert.path, expectedPath, "path"); if (expectedFilename != null) { ItemTypeEntityChecker.AssertItemTypeEntity(itemToAssert.filename, expectedFilename, "filename"); } ItemTypeEntityChecker.AssertItemTypeEntity(itemToAssert.trustee_sid, expectedTrusteeSID, "trustee_sid"); }
private CollectedItem createFakeCollectedItem(Definitions::ObjectType fileEffectiveRightsObject) { var allEntities = OvalHelper.GetFileEffectiveRightsFromObjectType((fileeffectiverights_object)fileEffectiveRightsObject); fileeffectiverights_item newItem = new fileeffectiverights_item() { id = fileEffectiveRightsObject.id, path = this.createInitialItemEntity(allEntities, fileeffectiverights_object_ItemsChoices.path.ToString()), filename = this.createInitialItemEntity(allEntities, fileeffectiverights_object_ItemsChoices.filename.ToString()), trustee_name = this.createInitialItemEntity(allEntities, fileeffectiverights_object_ItemsChoices.trustee_name.ToString()), trustee_sid = this.createItemEntityWithStringValue("12345"), standard_delete = this.createItemEntityWithBooleanValue("1"), generic_read = this.createItemEntityWithBooleanValue("0") }; return(ProbeHelper.CreateFakeCollectedItem(newItem)); }
private void FillCollectedItemFromUserWinACEs( fileeffectiverights_item fileEffectiveRightsItem, object managementWinACEs) { var userTrusteeName = fileEffectiveRightsItem.trustee_name.Value; var daclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); var userDACLs = daclDisassembler.GetSecurityDescriptorsFromManagementObject(managementWinACEs, userTrusteeName, this.WmiDataProvider); var userEffectiveRights = this.CalculateUserEffectiveRightsForItem(userDACLs); if (userEffectiveRights == null) { throw new UserNotFoundException(); } this.AdjustGenericRights(userEffectiveRights); fileEffectiveRightsItem.trustee_name = null; fileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(userEffectiveRights.Trustee.SIDString); #region Setting File Effective Rights Entities fileEffectiveRightsItem.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.ACCESS_SYSTEM_SECURITY); fileEffectiveRightsItem.file_append_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_APPEND_DATA); fileEffectiveRightsItem.file_delete_child = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_DELETE_CHILD); fileEffectiveRightsItem.file_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_EXECUTE); fileEffectiveRightsItem.file_read_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_ATTRIBUTES); fileEffectiveRightsItem.file_read_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_DATA); fileEffectiveRightsItem.file_read_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_EA); fileEffectiveRightsItem.file_write_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_ATTRIBUTES); fileEffectiveRightsItem.file_write_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_DATA); fileEffectiveRightsItem.file_write_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_EA); fileEffectiveRightsItem.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_ALL); fileEffectiveRightsItem.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_EXECUTE); fileEffectiveRightsItem.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_READ); fileEffectiveRightsItem.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_WRITE); fileEffectiveRightsItem.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.DELETE); fileEffectiveRightsItem.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.READ_CONTROL); fileEffectiveRightsItem.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.SYNCHRONIZE); fileEffectiveRightsItem.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_DAC); fileEffectiveRightsItem.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_OWNER); #endregion }
public virtual bool IsThereUserACLInFileSecurityDescriptor(string path, string filename, string userSID) { var filepath = Path.Combine(path, filename); var invokeMethodInfo = CreateInvokeMethodInfo(filepath); object managementACEs = null; try { managementACEs = this.WmiDataProvider.InvokeMethodByWmiPath(invokeMethodInfo); } catch { return(false); } if (managementACEs == null) { return(false); } var item = new fileeffectiverights_item() { trustee_name = OvalHelper.CreateItemEntityWithStringValue(userSID) }; try { FillCollectedItemFromUserWinACEs(item, managementACEs); return(true); } catch (ACLNotFoundException) { return(false); } catch (UserNotFoundException) { return(false); } }
private ItemType CreateItemTypeForCollect(string path, string fileName, string trustee) { var newFileEffectiveRightsItem = new fileeffectiverights_item(); newFileEffectiveRightsItem.path = OvalHelper.CreateItemEntityWithStringValue(path); newFileEffectiveRightsItem.filename = OvalHelper.CreateItemEntityWithStringValue(fileName); var completeFilepath = string.Format(@"{0}\{1}", path, fileName); newFileEffectiveRightsItem.filepath = OvalHelper.CreateItemEntityWithStringValue(completeFilepath); if (this.SourceObjectType == SourceObjectTypes.FileEffectiveRights) { newFileEffectiveRightsItem.trustee_name = OvalHelper.CreateItemEntityWithStringValue(trustee); } else { newFileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(trustee); newFileEffectiveRightsItem.trustee_name = OvalHelper.CreateItemEntityWithStringValue(newFileEffectiveRightsItem.trustee_sid.Value); } return(newFileEffectiveRightsItem); }