public void GetAceTest(bool validUser, bool validCred, string urn, string dn, string dc, string domain, string username, string password, string notes) { var fun = $"{domain}\\{username}"; var pSD = GetSD(fn); var b = GetSecurityDescriptorDacl(pSD, out var daclPresent, out var pAcl, out var defaulted); Assert.That(b, Is.True); Assert.That(daclPresent, Is.True); Assert.That(pAcl, Is.Not.EqualTo(IntPtr.Zero)); var hardAcl = ((IntPtr)pAcl).ToStructure <ACL>(); var ari = new ACL_REVISION_INFORMATION(); b = GetAclInformation(pAcl, ref ari, (uint)Marshal.SizeOf(typeof(ACL_REVISION_INFORMATION)), ACL_INFORMATION_CLASS.AclRevisionInformation); Assert.That(b, Is.True); Assert.That(ari.AclRevision, Is.EqualTo(hardAcl.AclRevision)); var asi = new ACL_SIZE_INFORMATION(); b = GetAclInformation(pAcl, ref asi, (uint)Marshal.SizeOf(typeof(ACL_SIZE_INFORMATION)), ACL_INFORMATION_CLASS.AclSizeInformation); Assert.That(b, Is.True); Assert.That(asi.AceCount, Is.EqualTo(hardAcl.AceCount)); for (var i = 0U; i < asi.AceCount; i++) { b = GetAce(pAcl, i, out var pAce); Assert.That(b, Is.True); var accountSize = 1024; var domainSize = 1024; var outuser = new StringBuilder(accountSize, accountSize); var outdomain = new StringBuilder(domainSize, domainSize); b = LookupAccountSid(null, pAce.GetSid(), outuser, ref accountSize, outdomain, ref domainSize, out _); Assert.That(b, Is.True); TestContext.WriteLine($"Ace{i}: {pAce.GetHeader().AceType}={outdomain}\\{outuser}; {pAce.GetMask()}"); } BuildTrusteeWithName(out var pTrustee, fun); Assert.That(GetEffectiveRightsFromAcl(pAcl, pTrustee, out var accessRights), Is.EqualTo(Win32Error.ERROR_NONE_MAPPED).Or.Zero); var map = new GENERIC_MAPPING((uint)Kernel32.FileAccess.FILE_GENERIC_READ, (uint)Kernel32.FileAccess.FILE_GENERIC_WRITE, (uint)Kernel32.FileAccess.FILE_GENERIC_EXECUTE, (uint)Kernel32.FileAccess.FILE_ALL_ACCESS); var ifArray = new SafeInheritedFromArray(hardAcl.AceCount); var err = GetInheritanceSource(fn, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, false, null, 0, pAcl, IntPtr.Zero, map, ifArray); Assert.That(err, Is.EqualTo(0)); TestContext.WriteLine($"{hardAcl.AceCount}: {string.Join("; ", ifArray.Results.Select(i => i.ToString()))}"); Assert.That(() => ifArray.Dispose(), Throws.Nothing); }
public void GetAceTest(bool validUser, bool validCred, string urn, string dn, string dc, string domain, string username, string password, string notes) { var fun = $"{domain}\\{username}"; var pSD = GetSD(fn); var b = GetSecurityDescriptorDacl(pSD, out bool daclPresent, out IntPtr pAcl, out bool defaulted); Assert.That(b, Is.True); Assert.That(daclPresent, Is.True); Assert.That(pAcl, Is.Not.EqualTo(IntPtr.Zero)); var hardAcl = pAcl.ToStructure <ACL>(); var ari = new ACL_REVISION_INFORMATION(); b = GetAclInformation(pAcl, ref ari, (uint)Marshal.SizeOf(typeof(ACL_REVISION_INFORMATION)), ACL_INFORMATION_CLASS.AclRevisionInformation); Assert.That(b, Is.True); Assert.That(ari.AclRevision, Is.EqualTo(hardAcl.AclRevision)); var asi = new ACL_SIZE_INFORMATION(); b = GetAclInformation(pAcl, ref asi, (uint)Marshal.SizeOf(typeof(ACL_SIZE_INFORMATION)), ACL_INFORMATION_CLASS.AclSizeInformation); Assert.That(b, Is.True); Assert.That(asi.AceCount, Is.GreaterThan(0)); Assert.That(asi.AceCount, Is.EqualTo(hardAcl.AceCount)); b = GetAce(pAcl, 0, out IntPtr pAce); Assert.That(b, Is.True); var accessRights = 0U; var pTrustee = new TRUSTEE(fun); Assert.That(GetEffectiveRightsFromAcl(pAcl, pTrustee, ref accessRights), Is.EqualTo(Win32Error.ERROR_NONE_MAPPED).Or.Zero); var map = new GENERIC_MAPPING((uint)Kernel32.FileAccess.FILE_GENERIC_READ, (uint)Kernel32.FileAccess.FILE_GENERIC_WRITE, (uint)Kernel32.FileAccess.FILE_GENERIC_EXECUTE, (uint)Kernel32.FileAccess.FILE_ALL_ACCESS); var ifArray = new SafeInheritedFromArray(hardAcl.AceCount); var err = GetInheritanceSource(fn, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, false, null, 0, pAcl, IntPtr.Zero, ref map, ifArray); Assert.That(err, Is.EqualTo(0)); TestContext.WriteLine($"{hardAcl.AceCount}: {string.Join("; ", ifArray.Results.Select(i => i.ToString()))}"); Assert.That(() => ifArray.Dispose(), Throws.Nothing); }