C# (CSharp) Microsoft.Protocols.TestTools.StackSdk.Dtyp AccessCheckObjectTree.SetTreeNodeDataの例

プログラミング言語: C# (CSharp)

名前空間/パッケージ名: Microsoft.Protocols.TestTools.StackSdk.Dtyp

メソッド/関数: SetTreeNodeData

hotexamples.comのコード掲載数: 3

C# (CSharp) Microsoft.Protocols.TestTools.StackSdk.Dtyp AccessCheckObjectTree.SetTreeNodeData - 3件のコード例が見つかりました。すべてオープンソースプロジェクトから抽出されたC# (CSharp)のMicrosoft.Protocols.TestTools.StackSdk.Dtyp.AccessCheckObjectTree.SetTreeNodeDataの実例で、最も評価が高いものを厳選しています。コード例の評価を行っていただくことで、より質の高いコード例が表示されるようになります。

よく使われるメソッド

表示非表示

GetTreeNodeData(3)

SetTreeNodeData(3)

GetDescendentNodes(2)

ContainsTreeNode(1)

GetAncestorNodes(1)

GetSiblingNodes(1)

コード例 #1

ファイルを表示

ファイル: DtypUtility.cs プロジェクト: LiuXiaotian/WindowsProtocolTestSuites

 /// <summary>
 /// The sub function of the AccessCheck algorithm
 /// </summary>
 /// <param name="objectType">The current ace objectType to be dealt with.</param>
 /// <param name="localTree">
 /// The current tree representation of the hierarchy of objects for which to check access.
 /// </param>
 private static void AncestorNodesAccessCheck(
     Guid objectType,
     ref AccessCheckObjectTree localTree)
 {
     Guid[] ancestor = localTree.GetAncestorNodes(objectType);
     if (ancestor.Length > 0)
     {
         Guid currentNode = objectType;
         for (int i = 0; i < ancestor.Length; i++)
         {
             Guid[] sibling = localTree.GetSiblingNodes(currentNode);
             if (sibling.Length > 0)
             {
                 uint currentRemaining = 0;
                 foreach (Guid node in sibling)
                 {
                     currentRemaining |= localTree.GetTreeNodeData(node);
                 }
                 if (currentRemaining != localTree.GetTreeNodeData(currentNode))
                 {
                     break;
                 }
             }
             localTree.SetTreeNodeData(ancestor[i], localTree.GetTreeNodeData(currentNode));
             currentNode = ancestor[i];
         }
     }
 }

コード例 #2

ファイルを表示

ファイル: DtypUtility.cs プロジェクト: LiuXiaotian/WindowsProtocolTestSuites

        /// <summary>
        /// Access Check Algorithm. MS-DTYP section 2.5.4.1
        /// </summary>
        /// <param name="securityDescriptor">
        /// SECURITY_DESCRIPTOR structure that is assigned to the object.
        /// </param>
        /// <param name="token">
        /// Token is an authorization context containing all SIDs 
        /// that represent the security principal
        /// </param>
        /// <param name="accessRequestMask">
        /// Set of permissions requested on the object.
        /// </param>
        /// <param name="objectTree">
        /// A tree representation of the hierarchy of objects for which 
        /// to check access. Each node represents an object with two values. 
        /// A GUID that represents the object itself and a value called 
        /// Remaining, which indicates the user rights request for that 
        /// node that have not yet been satisfied. It can be null.
        /// </param>
        /// <param name="principalSelfSubstitudeSid">
        /// A SID that logically replaces the SID in any ACE that contains 
        /// the well-known PRINCIPAL_SELF SID. It can be null.
        /// </param>
        /// <returns>
        /// Returns TRUE if access is allowed. Otherwise, it returns FALSE if access is denied. 
        /// </returns>
        /// <exception cref="ArgumentException">
        /// Thrown when the Dacl field of securityDescriptor doesn't exist, but the DACLPresent flag is set.
        /// Thrown when the Revision field of securityDescriptor is invalid
        /// </exception>
        public static bool AccessCheck(
            _SECURITY_DESCRIPTOR securityDescriptor,
            Token token,
            uint accessRequestMask,
            AccessCheckObjectTree objectTree,
            _SID? principalSelfSubstitudeSid)
        {
            //MS-ADTS Section 5.1.3.3.1 Null vs. Empty DACLs
            //The presence of a NULL DACL in the nTSecurityDescriptor attribute of an object grants full
            //access to the object to any principal that requests it; normal access checks are not performed
            //with respect to the object.

            if (securityDescriptor.Revision != 0x1)
            {
                throw new ArgumentException("The Revision field is invalid.", "securityDescriptor");
            }

            if ((securityDescriptor.Control & SECURITY_DESCRIPTOR_Control.DACLPresent)
                == SECURITY_DESCRIPTOR_Control.None)
            {
                return true;
            }
            else if (securityDescriptor.Dacl == null)
            {
                throw new ArgumentException(
                    "The Dacl field of securityDescriptor doesn't exist, but the DACLPresent flag is set.", "securityDescriptor");
            }

            //Pscudocode
            //
            //Set DACL to SecurityDescriptor Dacl field
            //Set RemainingAccess to Access Request mask
            //
            //IF RemainingAccess contains ACCESS_SYSTEM_SECURITY access flag THEN
            //IF Token.Privileges contains SeSecurityPrivilege THEN
            //Remove ACCESS_SYSTEM_SECURITY access bit from RemainingAccess
            //END IF
            //END IF
            //
            //IF RemainingAccess contains WRITE_OWNER access bit THEN
            //IF Token.Privileges contains SeTakeOwnershipPrivilege THEN
            //Remove WRITE_OWNER access bit from RemainingAccess
            //END IF
            //END IF
            //-- the owner of an object is always granted READ_CONTROL and WRITE_DAC.
            //CALL SidInToken( Token, SecurityDescriptor.Owner, PrincipalSelfSubst)
            //IF SidInToken returns True THEN
            //Remove READ_CONTROL and WRITE_DAC from RemainingAccess
            //END IF

            _ACL? dacl = securityDescriptor.Dacl;
            uint remainingAccess = accessRequestMask;
            AccessCheckObjectTree localTree = new AccessCheckObjectTree();
            Guid[] allNodes = new Guid[] { };

            if ((remainingAccess & ACCESS_MASK_ACCESS_SYSTEM_SECURITY) != 0 && token.Privileges != null)
            {
                foreach (_LUID privilege in token.Privileges)
                {
                    if (ObjectUtility.DeepCompare(privilege, GetPrivilegeLuid(PrivilegeName.SE_SECURITY_NAME)))
                    {
                        remainingAccess &= ~ACCESS_MASK_ACCESS_SYSTEM_SECURITY;
                    }
                }
            }
            if ((remainingAccess & ACCESS_MASK_WRITE_OWNER) != 0 && token.Privileges != null)
            {
                foreach (_LUID privilege in token.Privileges)
                {
                    if (ObjectUtility.DeepCompare(privilege, GetPrivilegeLuid(PrivilegeName.SE_TAKE_OWNERSHIP_NAME)))
                    {
                        remainingAccess &= ~ACCESS_MASK_WRITE_OWNER;
                    }
                }
            }
            if (securityDescriptor.OwnerSid != null
                && SidInToken(token, securityDescriptor.OwnerSid.Value, principalSelfSubstitudeSid))
            {
                remainingAccess &= ~(uint)(ACCESS_MASK_READ_CONTROL | ACCESS_MASK_WRITE_DAC);
            }

            //IF Object Tree is not NULL THEN
            //Set LocalTree to Object Tree
            //FOR each node in LocalTree DO
            //Set node.Remaining to RemainingAccess
            //END FOR
            //END IF

            if (objectTree != null && objectTree.Root != null)
            {
                localTree = (AccessCheckObjectTree)ObjectUtility.DeepClone(objectTree);
                List<Guid> tmpList = new List<Guid>();
                tmpList.Add(localTree.Root.Value);
                tmpList.AddRange(localTree.GetDescendentNodes(localTree.Root.Value));
                allNodes = tmpList.ToArray();
                foreach (Guid node in allNodes)
                {
                    localTree.SetTreeNodeData(node, remainingAccess);
                }
            }

            //FOR each ACE in DACL DO
            //IF ACE.flag does not contain INHERIT_ONLY_ACE THEN
            //CASE ACE.Type OF
            //CASE Allow Access:
            //CALL SidInToken( Token, ACE.Sid, and PrincipalSelfSubst )
            //IF SidInToken returns True THEN
            //    Remove ACE.AccessMask from RemainingAccess
            //    FOR each node in LocalTree DO
            //    Remove ACE.AccessMask from node.Remaining
            //END FOR
            //END IF
            //CASE Deny Access:
            //CALL SidInToken( Token, ACE.Sid, PrincipalSelfSubst )
            //IF SidInToken returns True THEN
            //    IF any bit of RemainingAccess is in ACE.AccessMask THEN
            //    Return access_denied
            //END IF
            //END IF
            //CASE Object Allow Access:
            //CALL SidInToken( Token, ACE.Sid, PrincipalSelfSubst )
            //IF SidInToken returns True THEN
            //    IF ACE.Object is contained in LocalTree THEN
            //    Locate node n in LocalTree such that
            //    n.GUID is the same as ACE.Object
            //    Remove ACE.AccessMask from n.Remaining
            //    FOR each node ns such that ns is a descendent of n DO
            //    Remove ACE.AccessMask from ns.Remaining
            //    END FOR
            //    FOR each node np such that np is an ancestor of n DO
            //    Set np.Remaining = np.Remaining or np-1.Remaining
            //END FOR
            //END IF
            //END IF
            //CASE Object Deny Access:
            //CALL SidInToken( Token, ACE.Sid, PrincipalSelfSubst )
            //IF SidInToken returns True THEN
            //    Locate node n in LocalTree such that
            //    n.GUID is the same as ACE.Object
            //    IF n exists THEN
            //    If any bit of n.Remaining is in ACE.AccessMask THEN
            //    Return access_denied
            //END IF
            //END IF
            //END IF
            //END CASE
            //END IF
            //END FOR

            if (dacl.Value.Aces != null)
            {
                foreach (object ace in dacl.Value.Aces)
                {
                    _ACE_HEADER header = (_ACE_HEADER)ObjectUtility.GetFieldValue(ace, "Header");
                    _SID sid = (_SID)ObjectUtility.GetFieldValue(ace, "Sid");

                    if ((header.AceFlags & ACE_FLAGS.INHERIT_ONLY_ACE) == ACE_FLAGS.INHERIT_ONLY_ACE
                        || !SidInToken(token, sid, principalSelfSubstitudeSid))
                    {
                        continue;
                    }

                    bool ret = DtypUtility.AceAccessCheck(ace, ref remainingAccess, ref localTree, allNodes);
                    if (ret == false)
                    {
                        return false;
                    }
                }
            }

            //IF RemainingAccess = 0 THEN
            //Return success
            //Else
            //Return access_denied
            //END IF

            bool status;
            if (objectTree != null && objectTree.Root != null)
            {
                status = (localTree.GetTreeNodeData(localTree.Root.Value) == 0);
            }
            else
            {
                status = (remainingAccess == 0);
            }
            return status;
        }

コード例 #3

ファイルを表示

ファイル: DtypUtility.cs プロジェクト: LiuXiaotian/WindowsProtocolTestSuites

        /// <summary>
        /// The sub function of the AccessCheck algorithm
        /// </summary>
        /// <param name="ace">The current ace to be dealt with.</param>
        /// <param name="remainingAccess">The current requested permissions. </param>
        /// <param name="localTree">
        /// The current tree representation of the hierarchy of objects for which to check access.
        /// </param>
        /// <param name="allNodes">All the nodes in the current tree.</param>
        /// <returns>Return FALSE if access is denied. Otherwise, it returns TRUE.</returns>
        private static bool AceAccessCheck(
            object ace,
            ref uint remainingAccess,
            ref AccessCheckObjectTree localTree,
            Guid[] allNodes)
        {
            if (localTree != null && localTree.Root != null)
            {
                List<Guid> tmpList = new List<Guid>();
                tmpList.Add(localTree.Root.Value);
                tmpList.AddRange(localTree.GetDescendentNodes(localTree.Root.Value));
                allNodes = tmpList.ToArray();
            }

            _ACE_HEADER header = (_ACE_HEADER)ObjectUtility.GetFieldValue(ace, "Header");
            uint mask = (uint)ObjectUtility.GetFieldValue(ace, "Mask");
            ACCESS_OBJECT_ACE_Flags flags = ACCESS_OBJECT_ACE_Flags.None;
            ACE_TYPE aceType = header.AceType;

            if (header.AceType == ACE_TYPE.ACCESS_ALLOWED_OBJECT_ACE_TYPE
                || header.AceType == ACE_TYPE.ACCESS_DENIED_OBJECT_ACE_TYPE)
            {
                flags = (ACCESS_OBJECT_ACE_Flags)ObjectUtility.GetFieldValue(ace, "Flags");
                if ((flags & ACCESS_OBJECT_ACE_Flags.ACE_OBJECT_TYPE_PRESENT)
                                 != ACCESS_OBJECT_ACE_Flags.ACE_OBJECT_TYPE_PRESENT)
                {
                    aceType = (header.AceType == ACE_TYPE.ACCESS_ALLOWED_OBJECT_ACE_TYPE)
                        ? ACE_TYPE.ACCESS_ALLOWED_ACE_TYPE
                        : ACE_TYPE.ACCESS_DENIED_ACE_TYPE;
                }
            }

            switch (aceType)
            {
                //CASE ACE.Type OF
                //CASE Allow Access:
                //CALL SidInToken( Token, ACE.Sid, and PrincipalSelfSubst )
                //IF SidInToken returns True THEN
                //    Remove ACE.AccessMask from RemainingAccess
                //    FOR each node in LocalTree DO
                //    Remove ACE.AccessMask from node.Remaining
                //    END FOR
                //END IF
                //CASE Deny Access:
                //CALL SidInToken( Token, ACE.Sid, PrincipalSelfSubst )
                //IF SidInToken returns True THEN
                //    IF any bit of RemainingAccess is in ACE.AccessMask THEN
                //    Return access_denied
                //END IF
                //END IF

                case ACE_TYPE.ACCESS_ALLOWED_ACE_TYPE:
                    remainingAccess &= ~mask;
                    foreach (Guid node in allNodes)
                    {
                        uint newRemaining = localTree.GetTreeNodeData(node) & ~mask;
                        localTree.SetTreeNodeData(node, newRemaining);
                    }
                    break;

                case ACE_TYPE.ACCESS_DENIED_ACE_TYPE:
                    if ((remainingAccess & mask) != 0)
                    {
                        return false;
                    }
                    break;

                //CASE Object Allow Access:
                //CALL SidInToken( Token, ACE.Sid, PrincipalSelfSubst )
                //IF SidInToken returns True THEN
                //    IF ACE.Object is contained in LocalTree THEN
                //    Locate node n in LocalTree such that
                //    n.GUID is the same as ACE.Object
                //    Remove ACE.AccessMask from n.Remaining
                //    FOR each node ns such that ns is a descendent of n DO
                //    Remove ACE.AccessMask from ns.Remaining
                //    END FOR
                //    FOR each node np such that np is an ancestor of n DO
                //    Set np.Remaining = np.Remaining or np-1.Remaining   //Filed TDI 55801
                //END FOR
                //END IF
                //END IF

                case ACE_TYPE.ACCESS_ALLOWED_OBJECT_ACE_TYPE:
                    Guid objectType = (Guid)ObjectUtility.GetFieldValue(ace, "ObjectType");
                    if (localTree.ContainsTreeNode(objectType))
                    {
                        uint newRemaining = localTree.GetTreeNodeData(objectType) & ~mask;
                        localTree.SetTreeNodeData(objectType, newRemaining);

                        Guid[] descendent = localTree.GetDescendentNodes(objectType);
                        if (descendent.Length > 0)
                        {
                            foreach (Guid nodeGuid in descendent)
                            {
                                newRemaining = localTree.GetTreeNodeData(nodeGuid) & ~mask;
                                localTree.SetTreeNodeData(nodeGuid, newRemaining);
                            }
                        }

                        DtypUtility.AncestorNodesAccessCheck(objectType, ref localTree);
                    }
                    break;

                //CASE Object Deny Access:
                //CALL SidInToken( Token, ACE.Sid, PrincipalSelfSubst )
                //IF SidInToken returns True THEN
                //    Locate node n in LocalTree such that
                //    n.GUID is the same as ACE.Object
                //    IF n exists THEN
                //    If any bit of n.Remaining is in ACE.AccessMask THEN
                //    Return access_denied
                //END IF
                //END IF
                //END IF
                //END CASE

                case ACE_TYPE.ACCESS_DENIED_OBJECT_ACE_TYPE:
                    Guid objectType2 = (Guid)ObjectUtility.GetFieldValue(ace, "ObjectType");
                    foreach (Guid node in allNodes)
                    {
                        if (node == objectType2 && (localTree.GetTreeNodeData(node) & mask) != 0)
                        {
                            return false;
                        }
                    }
                    break;
            }
            return true;
        }