public void TestGetAccessControlSections() { var filename = Util.CreateNewFile(longPathDirectory); try { var fi = new FileInfo(filename); FileSecurity security = fi.GetAccessControl(AccessControlSections.Access); Assert.IsNotNull(security); Assert.AreEqual(typeof(FileSystemRights), security.AccessRightType); Assert.AreEqual(typeof(FileSystemAccessRule), security.AccessRuleType); Assert.AreEqual(typeof(FileSystemAuditRule), security.AuditRuleType); Assert.IsTrue(security.AreAccessRulesCanonical); Assert.IsTrue(security.AreAuditRulesCanonical); Assert.IsFalse(security.AreAccessRulesProtected); Assert.IsFalse(security.AreAuditRulesProtected); var securityGetAccessRules = security.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <FileSystemAccessRule>(); Assert.AreEqual(0, securityGetAccessRules.Count()); AuthorizationRuleCollection perm = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)); var ntAccount = new System.Security.Principal.NTAccount(System.Security.Principal.WindowsIdentity.GetCurrent().Name); FileSystemAccessRule rule = perm.Cast <FileSystemAccessRule>().SingleOrDefault(e => ntAccount == e.IdentityReference); Assert.IsNotNull(rule); Assert.IsTrue((rule.FileSystemRights & FileSystemRights.FullControl) != 0); } finally { File.Delete(filename); } }
public void SetAuditRule_Succeeds() { var auditRuleAppendData = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.AppendData, AuditFlags.Success); var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount, FileSystemRights.CreateFiles, AuditFlags.Failure); var auditRuleDelete = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Delete, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleNetworkService); fileSecurity.AddAuditRule(auditRuleAppendData); fileSecurity.SetAuditRule(auditRuleDelete); var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(2, auditRules.Count); var firstAuditRule = (FileSystemAuditRule)auditRules[0]; Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), firstAuditRule.IdentityReference); Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags); Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights); var secondAuditRule = (FileSystemAuditRule)auditRules[1]; Assert.Equal(Helpers.s_NetworkServiceNTAccount, secondAuditRule.IdentityReference); Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags); Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights); }
public void SetAuditRule_Succeeds() { var auditRuleAppendData = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData, AuditFlags.Success); var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service", FileSystemRights.CreateFiles, AuditFlags.Failure); var auditRuleDelete = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Delete, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleNetworkService); fileSecurity.AddAuditRule(auditRuleAppendData); fileSecurity.SetAuditRule(auditRuleDelete); var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(2, auditRules.Count); var firstAuditRule = (FileSystemAuditRule)auditRules[0]; Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), firstAuditRule.IdentityReference); Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags); Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights); var secondAuditRule = (FileSystemAuditRule)auditRules[1]; Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), secondAuditRule.IdentityReference); Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags); Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights); }
private void _5(string filename) { //DACL - Discretionary access control list (GetAccessRules) //SACL - System access control list (GetAuditRules) FileStream fstream = File.Open(filename, FileMode.Open); FileSecurity fsecurity = fstream.GetAccessControl(); //DACL representation AuthorizationRuleCollection arl = fsecurity.GetAuditRules(true, true, typeof(NTAccount)); //Show rules foreach (AuthorizationRule ar in arl) { //Acces to the file (this can be various) FileSystemAccessRule fsar = ar as FileSystemAccessRule ?? null; if (fsar != null) { Console.WriteLine("Acces type: {0}", fsar.AccessControlType); Console.WriteLine("Idenity: {0}", fsar.IdentityReference.Value); Console.WriteLine("Rights: {0}", fsar.FileSystemRights); } } fstream.Close(); }
public void RemoveAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Read | FileSystemRights.Write, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write, AuditFlags.Failure))); rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingRule = (FileSystemAuditRule)rules[0]; Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags); Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), existingRule.IdentityReference); }
public void RemoveAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Read | FileSystemRights.Write, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Write, AuditFlags.Failure))); rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingRule = (FileSystemAuditRule)rules[0]; Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags); Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), existingRule.IdentityReference); }
public void RemoveAuditRuleSpecific_NoMatchingRules_Succeeds() { var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleReadWrite); fileSecurity.RemoveAuditRuleSpecific(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write, AuditFlags.Success)); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingRule = (FileSystemAuditRule)rules[0]; Assert.Equal(FileSystemRights.Write | FileSystemRights.Read, existingRule.FileSystemRights); }
public void AddAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.AppendData, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, auditRules.Count); var actualAddedRule = (FileSystemAuditRule)auditRules[0]; Assert.Equal(Helpers.s_LocalSystemNTAccount, actualAddedRule.IdentityReference); Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags); Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights); }
public void AddAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, auditRules.Count); var actualAddedRule = (FileSystemAuditRule)auditRules[0]; Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), actualAddedRule.IdentityReference); Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags); Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights); }
public void RemoveAuditRuleSpecific_Succeeds() { var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success); var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount, FileSystemRights.Read, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleReadWrite); fileSecurity.AddAuditRule(auditRuleNetworkService); fileSecurity.RemoveAuditRuleSpecific(auditRuleReadWrite); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingAuditRule = (FileSystemAuditRule)rules[0]; Assert.Equal(Helpers.s_NetworkServiceNTAccount, existingAuditRule.IdentityReference); Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags); }
public void RemoveAuditRuleAll_Succeeds() { var auditRuleAppend = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData, AuditFlags.Success); var auditRuleWrite = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Write, AuditFlags.Success); var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service", FileSystemRights.Read, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleAppend); fileSecurity.AddAuditRule(auditRuleNetworkService); fileSecurity.RemoveAuditRuleAll(auditRuleWrite); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingAuditRule = (FileSystemAuditRule)rules[0]; Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), existingAuditRule.IdentityReference); Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags); }
private void internal_fill(string file_name) { textBoxAcl.Clear(); textBoxSddl.Clear(); AuthorizationRuleCollection dacls = null; AuthorizationRuleCollection sacls = null; FileSecurity f_sec = null; try { f_sec = File.GetAccessControl(file_name); try { dacls = f_sec.GetAccessRules(true, true, typeof(NTAccount)); } catch (Exception ex) { textBoxAcl.AppendText(ex.Message); textBoxAcl.AppendText("\r\n"); } try { sacls = f_sec.GetAuditRules(true, true, typeof(NTAccount)); } catch (Exception ex) { textBoxAcl.AppendText(ex.Message); textBoxAcl.AppendText("\r\n"); } StringBuilder sb = new StringBuilder(); sb.Append("Owner\r\n"); sb.Append("=====\r\n"); try { sb.Append(f_sec.GetOwner(typeof(NTAccount)).Value); } catch (Exception ex) { sb.Append(ex.Message); } sb.Append("\r\n\r\n"); sb.Append("Primary group\r\n"); sb.Append("=============\r\n"); try { sb.Append(f_sec.GetGroup(typeof(NTAccount)).Value); } catch (Exception ex) { sb.Append(ex.Message); } sb.Append("\r\n\r\n"); sb.Append("Access rules\r\n"); sb.Append("============\r\n"); sb.Append(string.Format("Inherit disable: {0}\r\n\r\n", f_sec.AreAccessRulesProtected)); if (dacls != null) { foreach (FileSystemAccessRule rule in dacls) { sb.Append(string.Format("Identity: {0}\r\n", rule.IdentityReference.Value)); sb.Append(string.Format("Access type: {0}\r\n", rule.AccessControlType.ToString())); sb.Append(string.Format("Rights: {0}\r\n", rule.FileSystemRights.ToString())); sb.Append(string.Format("Inheritance: {0}\r\n", rule.InheritanceFlags.ToString())); sb.Append(string.Format("Inherited: {0}\r\n", rule.IsInherited)); sb.Append(string.Format("Propagation: {0}\r\n", rule.PropagationFlags.ToString())); sb.Append("\r\n"); } } sb.Append("Audit rules\r\n"); sb.Append("===========\r\n"); sb.Append(string.Format("Inherit disable: {0}\r\n\r\n", f_sec.AreAuditRulesProtected)); if (sacls != null) { foreach (FileSystemAuditRule rule in sacls) { sb.Append(string.Format("Identity: {0}\r\n", rule.IdentityReference.Value)); sb.Append(string.Format("Audit type: {0}\r\n", rule.AuditFlags.ToString())); sb.Append(string.Format("Rights: {0}\r\n", rule.FileSystemRights.ToString())); sb.Append(string.Format("Inheritance: {0}\r\n", rule.InheritanceFlags.ToString())); sb.Append(string.Format("Inherited: {0}\r\n", rule.IsInherited)); sb.Append(string.Format("Propagation: {0}\r\n", rule.PropagationFlags.ToString())); sb.Append("\r\n"); } } textBoxAcl.Font = new Font(FontFamily.GenericMonospace, textBoxAcl.Font.Size); textBoxSddl.Font = textBoxAcl.Font; textBoxAcl.Text = sb.ToString(); textBoxSddl.Text = f_sec.GetSecurityDescriptorSddlForm(AccessControlSections.All); } catch (Exception ex) { textBoxAcl.Font = new Font(FontFamily.GenericMonospace, textBoxAcl.Font.Size); textBoxSddl.Font = textBoxAcl.Font; textBoxAcl.Text = string.Format("Cannot get security descriptor. {0}", ex.Message); } }