private fileeffectiverights_item CloneItemType(fileeffectiverights_item sourceItem)
{
return(new fileeffectiverights_item()
{
status = sourceItem.status,
message = CloneItemMessages(sourceItem.message),
filepath = CloneStringEntity(sourceItem.filepath),
path = CloneStringEntity(sourceItem.path),
filename = CloneStringEntity(sourceItem.filename),
trustee_sid = CloneStringEntity(sourceItem.trustee_sid),
trustee_name = CloneStringEntity(sourceItem.trustee_name),
access_system_security = CloneEntity(sourceItem.access_system_security),
file_append_data = CloneEntity(sourceItem.file_append_data),
file_delete_child = CloneEntity(sourceItem.file_delete_child),
file_execute = CloneEntity(sourceItem.file_execute),
file_read_attributes = CloneEntity(sourceItem.file_read_attributes),
file_read_data = CloneEntity(sourceItem.file_read_data),
file_read_ea = CloneEntity(sourceItem.file_read_ea),
file_write_attributes = CloneEntity(sourceItem.file_write_attributes),
file_write_data = CloneEntity(sourceItem.file_write_data),
file_write_ea = CloneEntity(sourceItem.file_write_ea),
generic_all = CloneEntity(sourceItem.generic_all),
generic_execute = CloneEntity(sourceItem.generic_execute),
generic_read = CloneEntity(sourceItem.generic_read),
generic_write = CloneEntity(sourceItem.generic_write),
standard_delete = CloneEntity(sourceItem.standard_delete),
standard_read_control = CloneEntity(sourceItem.standard_read_control),
standard_synchronize = CloneEntity(sourceItem.standard_synchronize),
standard_write_dac = CloneEntity(sourceItem.standard_write_dac),
standard_write_owner = CloneEntity(sourceItem.standard_write_owner)
});
}
private void assertFileEffectiveRightsCollectedItems(CollectedItem expectedItem, ItemType collectedItem)
{
fileeffectiverights_item expectedFileItem = (fileeffectiverights_item)expectedItem.ItemType;
fileeffectiverights_item collectedFileItem = (fileeffectiverights_item)collectedItem;
Assert.AreEqual(expectedFileItem.trustee_sid.Value, collectedFileItem.trustee_sid.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ENTITY_VALUE, "trustee_sid"));
}
private void FillCollectedItem(fileeffectiverights_item item, IEnumerable <WMIWinACE> userDACLs)
{
try
{
FillCollectedItemFromUserWinACEs(item, userDACLs);
item.status = StatusEnumeration.exists;
}
catch (InvalidInvokeMethodFilterException)
{
item.status = StatusEnumeration.doesnotexist;
}
catch (ACLNotFoundException)
{
item.status = StatusEnumeration.doesnotexist;
}
catch (UserNotFoundException)
{
item.status = StatusEnumeration.doesnotexist;
}
catch (InvalidInvokeMethodException)
{
item.status = StatusEnumeration.doesnotexist;
}
catch (Exception ex)
{
// ConfigureItemWithError(itemToCollect, ex.Message);
}
}
private void AddToFlatCache(string filepath, string trustee, fileeffectiverights_item collectedItem)
{
var cacheItemKey = String.Format("{0}#{1}", filepath, trustee);
if (!this.FlatCache.ContainsKey(cacheItemKey))
{
this.FlatCache.Add(cacheItemKey, collectedItem);
}
}
private void AssertCreatedItemType(fileeffectiverights_item itemToAssert, string filepath, string trusteeSID)
{
var path = System.IO.Path.GetDirectoryName(filepath);
var filename = System.IO.Path.GetFileName(filepath);
Assert.AreEqual(filepath, itemToAssert.filepath.Value, string.Format(UNEXPECTED_ENTITY_VALUE_FOUND, "filepath"));
Assert.AreEqual(path, itemToAssert.path.Value, string.Format(UNEXPECTED_ENTITY_VALUE_FOUND, "path"));
Assert.AreEqual(filename, itemToAssert.filename.Value, string.Format(UNEXPECTED_ENTITY_VALUE_FOUND, "filename"));
Assert.AreEqual(trusteeSID, itemToAssert.trustee_sid.Value, string.Format(UNEXPECTED_ENTITY_VALUE_FOUND, "trustee_sid"));
}
public FileEffectiveRightsProberTests()
{
var fakeItemType = new fileeffectiverights_item();
this.FakeItemsToBeGenerateByItemTypeGenerator = new ItemType[] { fakeItemType };
this.FakeCollectedItemsToBeReturnedByObjectCollector = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItemType) };
this.OvalDefinitionsSample = ProbeHelper.GetFakeOvalDefinitions("definitionsSimple");
var objectSample = OvalDefinitionsSample.objects.OfType <fileeffectiverights53_object>().Where(obj => obj.Items.Count() > 1).First();
this.FakeCollectInfo = ProbeHelper.CreateFakeCollectInfo(new OVAL.Definitions.ObjectType[] { objectSample }, null, null);
}
public void Should_be_possible_to_collect_FileEffectiveRights()
{
// Arrange
WmiObject fakeWmiObject = new WmiObject();
fakeWmiObject.Add("Descriptor.DACL.AccessMask", (uint)128);
fakeWmiObject.Add("Descriptor.DACL.AceFlags", (uint)123);
fakeWmiObject.Add("Descriptor.DACL.Trustee.SID", "{500}");
fakeWmiObject.Add("Descriptor.DACL.Trustee.Domain", "mss");
fakeWmiObject.Add("Descriptor.DACL.Trustee.Name", "lfernandes");
MockRepository mocks = new MockRepository();
WmiDataProvider fakeWmiDataProvider = mocks.DynamicMock <WmiDataProvider>();
Expect.Call(fakeWmiDataProvider.InvokeMethodByWmiPath(null)).IgnoreArguments().Return(new WmiObject[] { fakeWmiObject });
FileEffectiveRightsObjectCollector fileEffectiveRightsSysDataSource = new FileEffectiveRightsObjectCollector();
fileEffectiveRightsSysDataSource.WmiDataProvider = fakeWmiDataProvider;
mocks.ReplayAll();
// Act
IEnumerable <CollectedItem> collectedItem = fileEffectiveRightsSysDataSource.CollectDataForSystemItem(this.getFakeFileItem());
Assert.IsNotNull(collectedItem, "The return of collect data cannot be null");
Assert.AreEqual(1, collectedItem.Count(), "Unexpected collected items count.");
Assert.IsNotNull(collectedItem.ElementAt(0).ItemType, "The file item cannot be null.");
Assert.IsInstanceOfType(collectedItem.ElementAt(0).ItemType, typeof(fileeffectiverights_item), "The item of collected item must be file_item");
fileeffectiverights_item collectedFileEffectiveRights = (fileeffectiverights_item)collectedItem.ElementAt(0).ItemType;
Assert.AreEqual("{500}", collectedFileEffectiveRights.trustee_sid.Value, "Unexpected item value.");
Assert.AreEqual("1", collectedFileEffectiveRights.file_read_attributes.Value, "Unexpected file attribute found.");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_append_data, false, "file_append_data");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_delete_child, false, "file_delete_child");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_execute, false, "file_execute");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_read_data, false, "file_read_data");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_read_ea, false, "file_read_ea");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_attributes, false, "file_write_attributes");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_data, false, "file_write_data");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.file_write_ea, false, "file_write_ea");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_all, true, "generic_all");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_execute, true, "generic_execute");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_read, true, "generic_read");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.generic_write, false, "generic_write");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_delete, false, "standard_delete");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_read_control, false, "standard_delete");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_synchronize, false, "standard_sync");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_write_dac, false, "standard_write_dac");
this.AssertFileEffectiveRight(collectedFileEffectiveRights.standard_write_owner, false, "standard_write_owner");
}
private void AssertCreatedItemTypeAgainstSourceObjectType(
fileeffectiverights53_object sourceObjectType, fileeffectiverights_item createdItemType)
{
var sourceFilePath = sourceObjectType.GetAllObjectEntities()[fileeffectiverights53_object_ItemsChoices.filepath.ToString()];
var sourcePath = sourceObjectType.GetAllObjectEntities()[fileeffectiverights53_object_ItemsChoices.path.ToString()];
var sourceFileName = sourceObjectType.GetAllObjectEntities()[fileeffectiverights53_object_ItemsChoices.filename.ToString()];
var sourceTrusteeSID = sourceObjectType.GetAllObjectEntities()[fileeffectiverights53_object_ItemsChoices.trustee_sid.ToString()];
this.assertGeneratedEntityItem(createdItemType.filepath, sourceFilePath, "filepath");
this.assertGeneratedEntityItem(createdItemType.path, sourcePath, "path");
this.assertGeneratedEntityItem(createdItemType.filename, sourceFileName, "filename");
this.assertGeneratedEntityItem(createdItemType.trustee_sid, sourceTrusteeSID, "trusteeSID");
}
private void assertFileEffectiveRightsInitialEntities(Definitions.ObjectType sourceObject, SystemCharacteristics.ItemType collectedItem)
{
fileeffectiverights_item collectedFileEffectiveRightsItem = (fileeffectiverights_item)collectedItem;
var allExpectedEntities = OvalHelper.GetFileEffectiveRightsFromObjectType((fileeffectiverights_object)sourceObject);
string expectedPath = allExpectedEntities[fileeffectiverights_object_ItemsChoices.path.ToString()].Value;
string expectedFileName = allExpectedEntities[fileeffectiverights_object_ItemsChoices.filename.ToString()].Value;
string expectedTrusteeName = allExpectedEntities[fileeffectiverights_object_ItemsChoices.trustee_name.ToString()].Value;
Assert.AreEqual(expectedPath, collectedFileEffectiveRightsItem.path.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ITEM_VALUE, "path"));
Assert.AreEqual(expectedFileName, collectedFileEffectiveRightsItem.filename.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ITEM_VALUE, "filename"));
Assert.AreEqual(expectedTrusteeName, collectedFileEffectiveRightsItem.trustee_name.Value, string.Format(MSG_UNEXPECTED_COLLECTED_ITEM_VALUE, "trustee_name"));
}
private void AssertGeneratedFileEffectiveRightsItem(ItemType generatedItem, string expectedFilePath, string expectedPath, string expectedFileName, string expectedTrusteeName)
{
Assert.IsInstanceOfType(generatedItem, typeof(fileeffectiverights_item), "The type of generated file effective rights item must be 'fileeffectiverights_item'");
fileeffectiverights_item fileItem = (fileeffectiverights_item)generatedItem;
Assert.AreEqual(expectedTrusteeName, fileItem.trustee_name.Value, "A generated file effective rights item with an unexpected 'trustee_name' value was found.");
if (string.IsNullOrEmpty(expectedFilePath))
{
Assert.AreEqual(expectedPath, fileItem.path.Value, "A generated file effective rights item with an unexpected 'path' value was found.");
Assert.AreEqual(expectedFileName, fileItem.filename.Value, "A generated file effective rights item with an unexpected 'filename' value was found.");
return;
}
Assert.AreEqual(expectedFilePath, fileItem.filepath.Value, "A generated file effective rights item with an unexpected 'filepath' value was found.");
}
private void AssertGeneratedItem(
fileeffectiverights_item itemToAssert,
string expectedFilepath,
string expectedPath,
string expectedFilename,
string expectedTrusteeSID)
{
ItemTypeEntityChecker.AssertItemTypeEntity(itemToAssert.filepath, expectedFilepath, "filepath");
ItemTypeEntityChecker.AssertItemTypeEntity(itemToAssert.path, expectedPath, "path");
if (expectedFilename != null)
{
ItemTypeEntityChecker.AssertItemTypeEntity(itemToAssert.filename, expectedFilename, "filename");
}
ItemTypeEntityChecker.AssertItemTypeEntity(itemToAssert.trustee_sid, expectedTrusteeSID, "trustee_sid");
}
private CollectedItem createFakeCollectedItem(Definitions::ObjectType fileEffectiveRightsObject)
{
var allEntities = OvalHelper.GetFileEffectiveRightsFromObjectType((fileeffectiverights_object)fileEffectiveRightsObject);
fileeffectiverights_item newItem = new fileeffectiverights_item()
{
id = fileEffectiveRightsObject.id,
path = this.createInitialItemEntity(allEntities, fileeffectiverights_object_ItemsChoices.path.ToString()),
filename = this.createInitialItemEntity(allEntities, fileeffectiverights_object_ItemsChoices.filename.ToString()),
trustee_name = this.createInitialItemEntity(allEntities, fileeffectiverights_object_ItemsChoices.trustee_name.ToString()),
trustee_sid = this.createItemEntityWithStringValue("12345"),
standard_delete = this.createItemEntityWithBooleanValue("1"),
generic_read = this.createItemEntityWithBooleanValue("0")
};
return(ProbeHelper.CreateFakeCollectedItem(newItem));
}
private void FillCollectedItemFromUserWinACEs(
fileeffectiverights_item fileEffectiveRightsItem,
object managementWinACEs)
{
var userTrusteeName = fileEffectiveRightsItem.trustee_name.Value;
var daclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
var userDACLs = daclDisassembler.GetSecurityDescriptorsFromManagementObject(managementWinACEs, userTrusteeName, this.WmiDataProvider);
var userEffectiveRights = this.CalculateUserEffectiveRightsForItem(userDACLs);
if (userEffectiveRights == null)
{
throw new UserNotFoundException();
}
this.AdjustGenericRights(userEffectiveRights);
fileEffectiveRightsItem.trustee_name = null;
fileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(userEffectiveRights.Trustee.SIDString);
#region Setting File Effective Rights Entities
fileEffectiveRightsItem.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.ACCESS_SYSTEM_SECURITY);
fileEffectiveRightsItem.file_append_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_APPEND_DATA);
fileEffectiveRightsItem.file_delete_child = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_DELETE_CHILD);
fileEffectiveRightsItem.file_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_EXECUTE);
fileEffectiveRightsItem.file_read_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_ATTRIBUTES);
fileEffectiveRightsItem.file_read_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_DATA);
fileEffectiveRightsItem.file_read_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_EA);
fileEffectiveRightsItem.file_write_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_ATTRIBUTES);
fileEffectiveRightsItem.file_write_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_DATA);
fileEffectiveRightsItem.file_write_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_EA);
fileEffectiveRightsItem.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_ALL);
fileEffectiveRightsItem.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_EXECUTE);
fileEffectiveRightsItem.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_READ);
fileEffectiveRightsItem.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_WRITE);
fileEffectiveRightsItem.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.DELETE);
fileEffectiveRightsItem.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.READ_CONTROL);
fileEffectiveRightsItem.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.SYNCHRONIZE);
fileEffectiveRightsItem.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_DAC);
fileEffectiveRightsItem.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_OWNER);
#endregion
}
public virtual bool IsThereUserACLInFileSecurityDescriptor(string path, string filename, string userSID)
{
var filepath = Path.Combine(path, filename);
var invokeMethodInfo = CreateInvokeMethodInfo(filepath);
object managementACEs = null;
try
{
managementACEs = this.WmiDataProvider.InvokeMethodByWmiPath(invokeMethodInfo);
}
catch
{
return(false);
}
if (managementACEs == null)
{
return(false);
}
var item = new fileeffectiverights_item()
{
trustee_name = OvalHelper.CreateItemEntityWithStringValue(userSID)
};
try
{
FillCollectedItemFromUserWinACEs(item, managementACEs);
return(true);
}
catch (ACLNotFoundException)
{
return(false);
}
catch (UserNotFoundException)
{
return(false);
}
}
private ItemType CreateItemTypeForCollect(string path, string fileName, string trustee)
{
var newFileEffectiveRightsItem = new fileeffectiverights_item();
newFileEffectiveRightsItem.path = OvalHelper.CreateItemEntityWithStringValue(path);
newFileEffectiveRightsItem.filename = OvalHelper.CreateItemEntityWithStringValue(fileName);
var completeFilepath = string.Format(@"{0}\{1}", path, fileName);
newFileEffectiveRightsItem.filepath = OvalHelper.CreateItemEntityWithStringValue(completeFilepath);
if (this.SourceObjectType == SourceObjectTypes.FileEffectiveRights)
{
newFileEffectiveRightsItem.trustee_name = OvalHelper.CreateItemEntityWithStringValue(trustee);
}
else
{
newFileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(trustee);
newFileEffectiveRightsItem.trustee_name = OvalHelper.CreateItemEntityWithStringValue(newFileEffectiveRightsItem.trustee_sid.Value);
}
return(newFileEffectiveRightsItem);
}
