/// <summary>
/// // Remove items from stock if the order count is less than or equal to
/// the number in stock
/// </summary>
/// <param name="_ordered"></param>
/// <param name="access"></param>
/// <returns>Number ordered upon success,ArgumentOutOfRange, KeyNotFound or AccessViolation on failure</returns>
public uint OrderItems(int id, uint _ordered, SecurityLevel access)
{
if (itemCounts.ContainsKey(id))
{
if (access.HasFlag(BusinessInformation.intItemList[id].GetSecurityLevel()))
{
uint amount = GetCount(id);
if (_ordered <= amount)
{
SetCount(id, amount - _ordered);
return(_ordered);
}
throw new ArgumentOutOfRangeException("There is not enough of this item in stock!");
}
throw new AccessViolationException("You cannot purchase this item, since you do not have security clearance!");
}
throw new KeyNotFoundException("This item is not sold at this location!");
}
/// <summary>
/// Configurate pipe squrity relative to requested level.
///
/// You can request more then one level via using format:
/// SecurityLevel | SecurityLevel | ...
///
/// Internal level will applyed by default to allow system and application control created pipes.
/// </summary>
/// <param name="level"></param>
/// <returns></returns>
public static PipeSecurity GetRulesForLevels(SecurityLevel level)
{
// Get core base of rules that euqual Internal level.
PipeSecurity rules = DefaultInternalPipeScurity;
string rulesLog = "";
// Add Anonymous rule
if (level.HasFlag(SecurityLevel.Anonymous))
{
// Add to log.
rulesLog += (rulesLog.Length > 0 ? " | " : "") + "WorldSid";
// Add owner rights to control the pipe.
rules.AddAccessRule(
new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid | WellKnownSidType.NullSid, null),
PipeAccessRights.ReadWrite, AccessControlType.Allow));
}
// Add Authenticated rule
if (level.HasFlag(SecurityLevel.RemoteLogon))
{
// Add to log.
rulesLog += (rulesLog.Length > 0 ? " | " : "") + "RemoteLogonIdSid";
// Add owner rights to control the pipe.
rules.AddAccessRule(
new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.RemoteLogonIdSid, null),
PipeAccessRights.ReadWrite, AccessControlType.Allow));
}
// Add Local rule
if (level.HasFlag(SecurityLevel.Local))
{
// Add to log.
rulesLog += (rulesLog.Length > 0 ? " | " : "") + "LocalSystemSid";
// Add owner rights to control the pipe.
rules.AddAccessRule(
new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null),
PipeAccessRights.ReadWrite, AccessControlType.Allow));
}
// Add Administrator rule
if (level.HasFlag(SecurityLevel.Administrator))
{
// Add to log.
rulesLog += (rulesLog.Length > 0 ? " | " : "") + "BuiltinAdministratorsSid";
// Add owner rights to control the pipe.
rules.AddAccessRule(
new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null),
PipeAccessRights.ReadWrite, AccessControlType.Allow));
}
// Show logs.
Console.WriteLine("APPLIED RULES: system | self | " + rulesLog);
return(rules);
}
/// <summary>
/// Change local security authority of machine to allow requested security level.
/// Require admin rights.
/// </summary>
/// <param name="level"></param>
public static void SetLocalSecurityAuthority(SecurityLevel level)
{
using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
{
#region Check rights
// Check rights.
WindowsPrincipal principal = new WindowsPrincipal(identity);
bool isElevated = principal.IsInRole(WindowsBuiltInRole.Administrator);
if (!isElevated)
{
Console.WriteLine(
"SECURITY ERROR: LSA update require admin rights." +
"Close application and start it as Admin.");
return;
}
#endregion
// If require anonymus connection.
if (level.HasFlag(SecurityLevel.Anonymous))
{
SecurityIdentifier guestDomainSID = new SecurityIdentifier(WellKnownSidType.BuiltinGuestsSid, null);
SecurityIdentifier guestSID = null;
#region Activate guest user
// Start command line.
System.Diagnostics.Process cmd = new System.Diagnostics.Process();
cmd.StartInfo.FileName = "cmd.exe";
cmd.StartInfo.RedirectStandardInput = true;
cmd.StartInfo.RedirectStandardOutput = true;
cmd.StartInfo.CreateNoWindow = true;
cmd.StartInfo.UseShellExecute = false;
cmd.Start();
// Create system query.
SelectQuery query = new SelectQuery("Win32_UserAccount");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(query);
foreach (ManagementObject envVar in searcher.Get())
{
// Get name of account.
var account = new NTAccount(envVar["Name"].ToString());
// Get SID of account.
var sid = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
// Check is account is Guest.
if (sid.IsWellKnown(WellKnownSidType.AccountGuestSid))
{
guestSID = sid;
// Send order to activate.
cmd.StandardInput.WriteLine("net user {0} /active:yes", envVar["Name"].ToString());
// Log result.
Console.WriteLine("LSA: \"{0}\" user activated to allow anonymous access to this machine.",
envVar["Name"]);
break;
}
}
// Send command.
cmd.StandardInput.Flush();
cmd.StandardInput.Close();
//cmd.WaitForExit();
//Console.WriteLine(cmd.StandardOutput.ReadToEnd());
#endregion
#region Remove Guests from "deny access to this computer from the network".
Console.WriteLine("LSA: Network logon for Guests allowed.");
LSA.LsaSecurityWrapper.AddAccountRights(guestDomainSID, "SeNetworkLogonRight");
Console.WriteLine("LSA: Deny network logon right for Guests domain removed.");
LSA.LsaSecurityWrapper.RemoveAccountRights(guestDomainSID, "SeDenyNetworkLogonRight");
if (guestSID != null)
{
Console.WriteLine("LSA: Deny network logon right for Guest user removed.");
LSA.LsaSecurityWrapper.RemoveAccountRights(guestSID, "SeDenyNetworkLogonRight");
}
#endregion
}
}
}
