public static async Task <JsonDocument> SetACEforRepoAsync(Url organization, string token, string groupSecDescriptor, long allowMask, long denyMask, string pat) { var ace = new ACE() { token = token, merge = true, accessControlEntries = new Accesscontrolentry[] { new Accesscontrolentry() { allow = allowMask, deny = denyMask, descriptor = groupSecDescriptor, extendedInfo = new Extendedinfo() { effectiveAllow = allowMask, effectiveDeny = denyMask, inheritedAllow = allowMask, inheritedDeny = denyMask } } } }; // https://{{coreServer}}/{{organization}}/_apis/AccessControlEntries/{{securityNamespaceId}}api-version={{api-version}} var queryResponse = await $"{organization}" .AppendPathSegment($"_apis/AccessControlEntries") .AppendPathSegment(Constants.SecurityNamespaceGitRepo) .SetQueryParam("api-version", Constants.APIVERSION) .WithBasicAuth(string.Empty, pat) .PostJsonAsync(ace); return(JsonDocument.Parse(await queryResponse.ResponseMessage.Content.ReadAsStringAsync())); }
public static void SelectionChangedRightsCombobox() { var selected = ((ComboBoxItem)MW.CmbxRightsType.SelectedItem).Content as string; MW.RightsList.Clear(); foreach (var r in new List <string> { "GA", "GX", "GW", "GR", "SD", "RC", "WD", "WO" }) { MW.RightsList.Add(new BoolStringClass(ACE.RigthToLong(r), r)); } switch (selected) { case "Service Access Rights": foreach (var r in new List <string> { "CC", "DC", "LC", "DW", "RP", "WP", "DT", "LO", "CR" }) { MW.RightsList.Add(new BoolStringClass(ACE.RigthToLong(r, 0), r)); } break; case "Directory Access Rights": foreach (var r in new List <string> { "CC", "DC", "LC", "SW", "RP", "WP", "DT", "LO", "CR" }) { MW.RightsList.Add(new BoolStringClass(ACE.RigthToLong(r, 1), r)); } break; case "File Access Rights": foreach (var r in new List <string> { "CC", "DC", "LC", "SW", "RP", "WP", "LO", "CR", "FA", "FR", "FW", "FX" }) { MW.RightsList.Add(new BoolStringClass(ACE.RigthToLong(r, 2), r)); } break; case "File and Directory Access Rights": foreach (var r in new List <string> { "CC", "DC", "LC", "SW", "RP", "WP", "DT", "LO", "CR", "FA", "FR", "FW", "FX" }) { MW.RightsList.Add(new BoolStringClass(ACE.RigthToLong(r, 3), r)); } break; case "Registry Key Access Rights": foreach (var r in new List <string> { "CC", "DC", "LC", "SW", "RP", "WP", "KA", "KR", "KW", "KX" }) { MW.RightsList.Add(new BoolStringClass(ACE.RigthToLong(r, 4), r)); } break; } TextChangedContentEdit(); }
internal void SetFileSecurityReadWriteGroups(string[] writeACLGroups, long masterID, out string missingACLGroup) { missingACLGroup = string.Empty; try { AccessPermis readAccessPermission = new AccessPermis(); readAccessPermission.Id = 1; readAccessPermission.Val = true; AccessPermis writeAccessPermission = new AccessPermis(); writeAccessPermission.Id = 2; writeAccessPermission.Val = true; foreach (var aclGroup in writeACLGroups) { Group group = _webServiceManager.AdminService.GetGroupByName(aclGroup); if (group != null) { ACE ace = new ACE(); ace.UserGrpId = group.Id; ace.PermisArray = new AccessPermis[] { readAccessPermission, writeAccessPermission }; ACE[] aces = new ACE[1]; ACL myAcl = _webServiceManager.SecurityService.AddSystemACL(aces); _webServiceManager.SecurityService.SetSystemACLs(new long[] { masterID }, myAcl.Id); } else { missingACLGroup = aclGroup; return; } } } catch (Exception ex) { throw (ex); } }
public virtual List <object> GetACEDisplayName(HttpContext context) { YZRequest request = new YZRequest(context); List <object> rv = new List <object>(); JsonSerializer serializer = new JsonSerializer(); StreamReader reader = new StreamReader(context.Request.InputStream); using (JsonTextReader streamReader = new JsonTextReader(reader)) { JArray @params = serializer.Deserialize(streamReader) as JArray; using (BPMConnection cn = new BPMConnection()) { cn.WebOpen(); foreach (JObject jAce in @params) { ACE ace = jAce.ToObject <ACE>(serializer); rv.Add(new { DisplayName = ace.GetSIDDisplayName(cn) }); } } } return(rv); }
private static TreeViewItem ACEToTreeViewItem(ACE ace, int rightsType, bool translateSID) { var rv = new TreeViewItem { Header = SecurityDescriptor.SIDToLong(ace.GetSID(), translateSID) }; rv.Items.Clear(); foreach (var right in ace.GetAllRights()) { rv.Items.Add(ACE.RigthToLong(right, rightsType)); } return(rv); }
private static void PrintACE(string indent, ACE ace) { AwesomeConsole.Write(indent + SingleIndent + "SID: "); PrintSID(ace.SID); AwesomeConsole.WriteLine(); AwesomeConsole.Write(indent + SingleIndent + SingleIndent + "Access: "); PrintEnums(ace.AccessMask); AwesomeConsole.WriteLine(); AwesomeConsole.WriteLine(indent + SingleIndent + SingleIndent + "Type : " + ace.Type); AwesomeConsole.Write(indent + SingleIndent + SingleIndent + "Flags : "); PrintEnums(ace.Flags); AwesomeConsole.WriteLine(); }
public static string GetHelperText(string line, int rightsType, out Tuple <string, string, TreeViewItem[]> details, bool translateSID) { var sd = new SecurityDescriptor(line); if (sd.IsOk) { var lSIDs = sd.GetAllSIDs(); var lRights = sd.GetAllRights(); var sb = new StringBuilder(); if (lSIDs.Count != 0) { sb.AppendLine(); sb.AppendLine("SIDs:"); sb.AppendLine("-----"); foreach (var lSID in lSIDs) { sb.AppendLine(SecurityDescriptor.SIDToLong(lSID, translateSID)); } sb.AppendLine("-----"); } if (lRights.Count != 0) { sb.AppendLine(); sb.AppendLine("Rights (" + ACE.RightType(rightsType) + "):"); sb.AppendLine("-----"); foreach (var lRight in lRights) { sb.AppendLine(ACE.RigthToLong(lRight, rightsType)); } sb.AppendLine("-----"); } var aces = sd.GetACEs(); var treeElements = new TreeViewItem[aces.Count]; for (var i = 0; i < aces.Count; i++) { treeElements[i] = ACEToTreeViewItem(aces[i], rightsType, translateSID); } details = new Tuple <string, string, TreeViewItem[]>(sd.GetOwner(), sd.GetGroup(), treeElements); return(sb.ToString()); } details = new Tuple <string, string, TreeViewItem[]>("", "", new TreeViewItem[0]); return(string.Empty); }
public virtual object GetLoginUserACEInfo(HttpContext context) { YZRequest request = new YZRequest(context); string uid = YZAuthHelper.LoginUserAccount; using (BPMConnection cn = new BPMConnection()) { cn.WebOpen(); User user = User.FromAccount(cn, uid); ACE ace = new ACE(); ace.SIDType = SIDType.UserSID; ace.SID = user.SID; return(new { SID = user.SID, DisplayName = ace.GetSIDDisplayName(cn) }); } }
private static void DecodeAclEntries(List <ACE> DecodedACL, RawAcl acl, Dictionary <uint, string> rights) { foreach (var ace in acl) { var DecodedACE = new ACE(); var knownAce = ace as KnownAce; if (knownAce != null) { DecodedACE.Trustee = knownAce.SecurityIdentifier.Value; DecodedACE.AccessType = knownAce.AceType > AceType.MaxDefinedAceType ? "Custom Access" : knownAce.AceType.ToString(); if (knownAce.AceFlags != AceFlags.None) { DecodedACE.AuditRights = knownAce.AceFlags.ToString(); } var mask = unchecked ((uint)knownAce.AccessMask); foreach (var r in rights.Keys) { if ((mask & r) == r) { DecodedACE.Permissions.Add(rights[r]); } } } else { throw new Exception("Not a known ACE Structure"); } DecodedACL.Add(DecodedACE); } }
bool CreateKeyDescriptor(IntPtr pOldSD, ACCOUNT_PERM Account, ref MEM_DATA MemData) { // reconstruct security descriptor bool bDefault = false; bool bPresent = false; int iControlBits = 0; int iControlSet = 0; int iDomain = 0; int iFlag = 0; int iLength = 0; int iRevision = 0; int iSidLen = 0; int iTotal = 0; int iUse = 0; StringBuilder sDomain = new StringBuilder(256); IntPtr pNewACL = IntPtr.Zero; IntPtr pAcl = IntPtr.Zero; IntPtr pSid = IntPtr.Zero; IntPtr pPnt = IntPtr.Zero; ACL_SIZE_INFORMATION tAclSize = new ACL_SIZE_INFORMATION(); ACL tTempACL = new ACL(); ACE tTempAce = new ACE(); try { MemData.pAcl = IntPtr.Zero; MemData.pSd = IntPtr.Zero; // get size pSid = LocalAlloc(LMEM_INITIALIZED, SECURITY_DESCRIPTOR_MIN_LENGTH); if (pSid == IntPtr.Zero) { return false; } // store pointer MemData.pSd = pSid; // init descriptor if (InitializeSecurityDescriptor(pSid, SECURITY_DESCRIPTOR_REVISION) == 0) { return false; } // check for existing sd if (pOldSD != IntPtr.Zero) { if (GetSecurityDescriptorDacl(pOldSD, out bPresent, ref pAcl, out bDefault) == true) { // extract dacl if ((bPresent == true) && (pAcl != IntPtr.Zero)) { if (GetAclInformation(pAcl, ref tAclSize, Marshal.SizeOf(tAclSize), ACL_INFORMATION_CLASS.AclSizeInformation) == false) { return false; } else { iTotal = tAclSize.AclBytesInUse; } } else { iTotal = Marshal.SizeOf(tTempACL); } } else { return false; } } // allocate sid // // get callers sid if (Account.pSid == IntPtr.Zero) { iDomain = 256; // get size LookupAccountName(null, Account.AccountName, IntPtr.Zero, ref iSidLen, sDomain, ref iDomain, out iUse); Account.pSid = LocalAlloc(LMEM_INITIALIZED, iSidLen); if (Account.pSid == IntPtr.Zero) { return false; } // get the sid if (LookupAccountName(null, Account.AccountName, Account.pSid, ref iSidLen, sDomain, ref iDomain, out iUse) == false) { return false; } } // ace buffer iLength = (Marshal.SizeOf(tTempAce) + GetLengthSid(Account.pSid)) - 4; iTotal += iLength; pNewACL = LocalAlloc(LMEM_INITIALIZED, iTotal); if (pNewACL == IntPtr.Zero) { return false; } // store pointer MemData.pAcl = pNewACL; // init acl if (InitializeAcl(pNewACL, iTotal, ACL_REVISION) == false) { return false; } // build dacl in sequence if (Account.AceType == ACCESS_DENIED_ACE_TYPE) { if (BuildACE(pNewACL, Account.AceType, Account.AceFlags, Account.AccessMask, Account.pSid) == false) { return false; } } // copy non-inherited ace if ((bPresent == true) && (pAcl != IntPtr.Zero) && (tAclSize.AceCount > 0)) { // combine old and new ACE entries for (int count = 0; count < tAclSize.AceCount; count++) { // next ace GetAce(pAcl, count, out pPnt); if (pPnt == IntPtr.Zero) { return false; } RtlMoveMemory(ref tTempAce, pPnt, Marshal.SizeOf(tTempAce)); // exit on inherited ace if (((int)tTempAce.Header.AceFlags & INHERITED_ACE) == INHERITED_ACE) { break; } int x = (int)pPnt + 8; IntPtr pPt = new IntPtr(x); // check ace value if (!SidIsEqual(Account.pSid, pPt)) { // add ace AddAce(pNewACL, ACL_REVISION, MAXDWORD, pPnt, tTempAce.Header.AceSize); } } } // add explicit permit if (Account.AceType == ACCESS_ALLOWED_ACE_TYPE) { BuildACE(pNewACL, Account.AceType, Account.AceFlags, Account.AccessMask, Account.pSid); } // enties with inheritence flag if ((bPresent == true) && (pAcl != IntPtr.Zero) && (tAclSize.AceCount > 0)) { for (int count = 0; count < tAclSize.AceCount; count++) { GetAce(pAcl, count, out pPnt); RtlMoveMemory(ref tTempAce, pPnt, Marshal.SizeOf(tTempAce)); AddAce(pNewACL, ACL_REVISION, MAXDWORD, pPnt, tTempAce.Header.AceSize); } } // descriptor flags if (pOldSD != IntPtr.Zero) { if (GetSecurityDescriptorControl(pOldSD, out iFlag, out iRevision) != 0) { if ((iFlag & SE_DACL_AUTO_INHERITED) == SE_DACL_AUTO_INHERITED) { iControlBits = SE_DACL_AUTO_INHERIT_REQ | SE_DACL_AUTO_INHERITED; iControlSet = iControlBits; } else if ((iFlag & SE_DACL_PROTECTED) == SE_DACL_PROTECTED) { iControlBits = SE_DACL_PROTECTED; iControlSet = iControlBits; } if (iControlSet != 0) { SetSecurityDescriptorControl(pSid, iControlBits, iControlSet); } } } // add dacl return SetSecurityDescriptorDacl(pSid, 1, pNewACL, 0); } finally { if (Account.pSid != IntPtr.Zero) { LocalFree(Account.pSid); Account.pSid = IntPtr.Zero; } } }
bool BuildACE(IntPtr lAclId, byte bType, byte bFlags, uint lMask, IntPtr lPointer) { // build an ace entry int iAceLen = 0; int iSidLen = 0; IntPtr pAce = IntPtr.Zero; ACE tTempAce = new ACE(); try { // get len iSidLen = GetLengthSid(lPointer); iAceLen = Marshal.SizeOf(tTempAce) + iSidLen - 4; // allocate space pAce = LocalAlloc(LMEM_INITIALIZED, iAceLen); if (pAce != IntPtr.Zero) { // ace struct tTempAce.Header = new ACE_HEADER(); tTempAce.Header.AceType = bType; tTempAce.Header.AceFlags = bFlags; tTempAce.Header.AceSize = (short)iAceLen; tTempAce.Mask = (int)lMask; // copy to buffer int dDt = (int)pAce + 8; IntPtr pDt = new IntPtr(dDt); RtlMoveMemory(pAce, ref tTempAce, Marshal.SizeOf(tTempAce)); RtlMoveMemory(pDt, lPointer, iSidLen); // add to acl return AddAce(lAclId, ACL_REVISION, MAXDWORD, pAce, iAceLen); } return false; } finally { if (pAce != IntPtr.Zero) { LocalFree(pAce); } } }
static extern void RtlMoveMemory(IntPtr dest, ref ACE src, int size);
static extern void RtlMoveMemory(ref ACE dest, IntPtr src, int size);
/// <summary> /// Конструктор по умолчанию. /// </summary> public ACEitem() { ACE = new ACE(); }