InsertAce() public method

public InsertAce ( int index, System ace ) : void
index int
ace System
return void
コード例 #1
0
ファイル: DiscretionaryAclTest.cs プロジェクト: nlhepler/mono
		public void AddAccessFailsOnNonCanonical ()
		{
			SecurityIdentifier sid = new SecurityIdentifier ("BU");

			RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
			acl.InsertAce (0, new CommonAce (AceFlags.None, AceQualifier.AccessAllowed, 1, sid, false, null));
			acl.InsertAce (1, new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 1, sid, false, null));

			DiscretionaryAcl dacl = new DiscretionaryAcl (false, false, acl);
			Assert.IsFalse (dacl.IsCanonical);
			Assert.AreEqual (2, dacl.Count);

			dacl.AddAccess (AccessControlType.Allow, sid, 1, InheritanceFlags.None, PropagationFlags.None);
		}
コード例 #2
0
        void AddAce(QualifiedAce newAce)
        {
            RequireCanonicity();

            int pos = GetAceInsertPosition(newAce.AceQualifier);

            raw_acl.InsertAce(pos, newAce);
            CleanAndRetestCanonicity();
        }
コード例 #3
0
ファイル: CommonAcl.cs プロジェクト: pmq20/mono_forked
        void AddAce(QualifiedAce newAce)
        {
            RequireCanonicity();

            int pos = GetAceInsertPosition(newAce.AceQualifier);

            raw_acl.InsertAce(pos, CopyAce(newAce));
            CanonicalizeAndClearAefa();
        }
 private void BuildSecurityDescriptor()
 {
     NTAccount account;
     SecurityIdentifier identifier;
     CommonAce ace;
     RawAcl rawAcl = new RawAcl(GenericAcl.AclRevision, 1);
     int index = 0;
     if (this.operationRoleMembers != null)
     {
         foreach (string str in this.operationRoleMembers)
         {
             account = new NTAccount(str);
             identifier = (SecurityIdentifier) account.Translate(typeof(SecurityIdentifier));
             ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
             rawAcl.InsertAce(index, ace);
             index++;
         }
     }
     if (this.contractRoleMembers != null)
     {
         foreach (string str2 in this.contractRoleMembers)
         {
             account = new NTAccount(str2);
             identifier = (SecurityIdentifier) account.Translate(typeof(SecurityIdentifier));
             ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
             rawAcl.InsertAce(index, ace);
             index++;
         }
     }
     if (this.serviceRoleMembers != null)
     {
         foreach (string str3 in this.serviceRoleMembers)
         {
             account = new NTAccount(str3);
             identifier = (SecurityIdentifier) account.Translate(typeof(SecurityIdentifier));
             ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
             rawAcl.InsertAce(index, ace);
             index++;
         }
     }
     DiscretionaryAcl discretionaryAcl = new DiscretionaryAcl(true, false, rawAcl);
     this.securityDescriptor = new CommonSecurityDescriptor(true, false, ControlFlags.DiscretionaryAclPresent, sidAdministrators, sidAdministrators, null, discretionaryAcl);
 }
コード例 #5
0
ファイル: CommonAclTest.cs プロジェクト: nlhepler/mono
		public void IndexerMakesCopies ()
		{
			// This behavior is mentioned in the DiscretionaryAcl RawAcl constructor overload.
			// Turns out it applies to more than just the constructor.
			SecurityIdentifier worldSid = new SecurityIdentifier ("WD");

			// RawAcl does not make copies.
			RawAcl acl = new RawAcl (RawAcl.AclRevision, 1);
			CommonAce ace = new CommonAce (AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, worldSid, false, null);
			acl.InsertAce (0, ace);
			Assert.AreSame (acl [0], acl [0]);

			// CommonAcl does.
			SystemAcl sacl = new SystemAcl (false, false, acl);
			Assert.AreNotSame (sacl [0], sacl [0]);

			// Make sure the copying occurs in the constructor as well as the indexer.
			ace.AceFlags = AceFlags.FailedAccess;
			Assert.AreEqual (AceFlags.SuccessfulAccess, sacl [0].AceFlags);
		}
コード例 #6
0
ファイル: ObjectAceTest.cs プロジェクト: nlhepler/mono
		static RawAcl CreateRoundtripRawAcl ()
		{
			SecurityIdentifier sid = new SecurityIdentifier (WellKnownSidType.BuiltinUsersSid, null);
			Assert.AreEqual (16, sid.BinaryLength);
			
			GenericAce[] aces = new GenericAce[] {
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 1, sid,
				               ObjectAceFlags.ObjectAceTypePresent,
				               Guid.Empty, Guid.Empty, false, new byte[8]),
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 2, sid,
				               ObjectAceFlags.InheritedObjectAceTypePresent,
				               Guid.Empty, Guid.Empty, true, new byte[16]),
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
				               ObjectAceFlags.InheritedObjectAceTypePresent,
				               Guid.Empty, new Guid ("{8865FB90-A9EB-422F-A8BA-07ECA611D699}"), true, new byte[4]),
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
				               ObjectAceFlags.ObjectAceTypePresent|ObjectAceFlags.InheritedObjectAceTypePresent,
				               Guid.Empty, new Guid ("{B893007C-38D5-4827-A698-BA25F1E30BAC}"), true, new byte[4]),
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
				               ObjectAceFlags.None,
				               Guid.Empty, new Guid ("{C0F9DF22-C320-4400-B41F-754F69668640}"), true, new byte[4])
			};
			
			// Make sure this created right, first of all.
			Assert.AreEqual (AceType.AccessAllowedObject, aces [0].AceType);
			Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [1].AceType);
			Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [2].AceType);
			Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [3].AceType);
			Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [4].AceType);
			Assert.AreEqual (52, aces [0].BinaryLength);
			Assert.AreEqual (60, aces [1].BinaryLength);
			Assert.AreEqual (48, aces [2].BinaryLength);
			Assert.AreEqual (64, aces [3].BinaryLength);
			Assert.AreEqual (32, aces [4].BinaryLength);

			RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
			for (int i = 0; i < aces.Length; i ++)
				acl.InsertAce (i, aces[i]);
			return acl;
		}
コード例 #7
0
ファイル: RawAclTest.cs プロジェクト: KonajuGames/SharpLang
		public void GetBinaryForm ()
		{
			RawAcl acl = new RawAcl (1, 0);
			
			byte[] buffer = new byte[acl.BinaryLength];
			acl.GetBinaryForm (buffer, 0);
			byte[] sdBinary = new byte[] { 0x01, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00 };
			Assert.AreEqual (sdBinary, buffer);
			
			
			SecurityIdentifier builtInAdmins = new SecurityIdentifier (WellKnownSidType.BuiltinAdministratorsSid, null);
			CommonAce ace = new CommonAce (AceFlags.None, AceQualifier.AccessAllowed, 0x7FFFFFFF, builtInAdmins, false, null);
			acl.InsertAce (0, ace);
			buffer = new byte[acl.BinaryLength];
			acl.GetBinaryForm (buffer, 0);
			sdBinary = new byte[] {
				0x01, 0x00, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
				0x18, 0x00, 0xFF, 0xFF, 0xFF, 0x7F, 0x01, 0x02, 0x00, 0x00,
				0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02,
				0x00, 0x00 };
			Assert.AreEqual (sdBinary, buffer);
		}
コード例 #8
0
        /// <summary>Canonicalizes the specified Access Control List.</summary>
        /// <param name="acl">The Access Control List.</param>
        public static void Canonicalize(this RawAcl acl)
        {
            if (acl == null)
            {
                throw new ArgumentNullException(nameof(acl));
            }

            // Extract aces to list
            var aces = new Collections.Generic.List <GenericAce>(acl.Cast <GenericAce>());

            // Sort aces based on canonical order
            aces.Sort((a, b) => Collections.Generic.Comparer <byte> .Default.Compare(GetComparisonValue(a), GetComparisonValue(b)));

            // Add sorted aces back to ACL
            while (acl.Count > 0)
            {
                acl.RemoveAce(0);
            }
            var aceIndex = 0;

            aces.ForEach(ace => acl.InsertAce(aceIndex++, ace));
        }
コード例 #9
0
ファイル: ACL.cs プロジェクト: nlh774/DotNetReferenceSource
        //
        // Creates an ACL from a raw ACL
        // - 'trusted' (internal) callers get to pass the raw ACL
        //   that this object will take ownership of
        // - 'untrusted' callers are handled by creating a local
        //   copy of the ACL passed in
        //

        internal CommonAcl( bool isContainer, bool isDS, RawAcl rawAcl, bool trusted, bool isDacl )
            : base()
        {
            if ( rawAcl == null )
            {
                throw new ArgumentNullException( "rawAcl" );
            }
            Contract.EndContractBlock();

            _isContainer = isContainer;
            _isDS = isDS;

            if (trusted)
            {
                //
                // In the trusted case, we take over ownership of the ACL passed in
                //

                _acl = rawAcl;

                RemoveMeaninglessAcesAndFlags( isDacl );
            }
            else
            {
                //
                // In the untrusted case, we create our own raw ACL to keep the ACEs in
                //

                _acl = new RawAcl( rawAcl.Revision, rawAcl.Count );
            
                for ( int i = 0; i < rawAcl.Count; i++ )
                {
                    //
                    // Clone each ACE prior to putting it in
                    //

                    GenericAce ace = rawAcl[i].Copy();

                    //
                    // Avoid inserting meaningless ACEs
                    //

                    if ( true == InspectAce( ref ace, isDacl ))
                    {
                        _acl.InsertAce( _acl.Count, ace );
                    }
                }
            }

            //
            // See whether the ACL is canonical to begin with
            //

            if ( true == CanonicalCheck( isDacl ))
            {
                //
                // Sort and compact the array
                //

                Canonicalize( true, isDacl );

                _isCanonical = true;
            }
            else
            {
                _isCanonical = false;
            }
        }
コード例 #10
0
        private static void CanonicalizeDacl(NativeObjectSecurity objectSecurity)
        {
            if (objectSecurity == null) { throw new ArgumentNullException("objectSecurity"); }
            if (objectSecurity.AreAccessRulesCanonical) { return; }

            // A canonical ACL must have ACES sorted according to the following order:
            // 1. Access-denied on the object
            // 2. Access-denied on a child or property
            // 3. Access-allowed on the object
            // 4. Access-allowed on a child or property
            // 5. All inherited ACEs
            RawSecurityDescriptor descriptor = new RawSecurityDescriptor(objectSecurity.GetSecurityDescriptorSddlForm(AccessControlSections.Access));

            List<CommonAce> implicitDenyDacl = new List<CommonAce>();
            List<CommonAce> implicitDenyObjectDacl = new List<CommonAce>();
            List<CommonAce> inheritedDacl = new List<CommonAce>();
            List<CommonAce> implicitAllowDacl = new List<CommonAce>();
            List<CommonAce> implicitAllowObjectDacl = new List<CommonAce>();

            foreach (CommonAce ace in descriptor.DiscretionaryAcl)
            {
                if ((ace.AceFlags & AceFlags.Inherited) == AceFlags.Inherited) { inheritedDacl.Add(ace); }
                else
                {
                    switch (ace.AceType)
                    {
                        case AceType.AccessAllowed:
                            implicitAllowDacl.Add(ace);
                            break;

                        case AceType.AccessDenied:
                            implicitDenyDacl.Add(ace);
                            break;

                        case AceType.AccessAllowedObject:
                            implicitAllowObjectDacl.Add(ace);
                            break;

                        case AceType.AccessDeniedObject:
                            implicitDenyObjectDacl.Add(ace);
                            break;
                    }
                }
            }

            Int32 aceIndex = 0;
            RawAcl newDacl = new RawAcl(descriptor.DiscretionaryAcl.Revision, descriptor.DiscretionaryAcl.Count);
            implicitDenyDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
            implicitDenyObjectDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
            implicitAllowDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
            implicitAllowObjectDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
            inheritedDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));

            if (aceIndex != descriptor.DiscretionaryAcl.Count)
            {
                System.Diagnostics.Debug.Fail("The DACL cannot be canonicalized since it would potentially result in a loss of information");
                return;
            }

            descriptor.DiscretionaryAcl = newDacl;
            objectSecurity.SetSecurityDescriptorSddlForm(descriptor.GetSddlForm(AccessControlSections.Access), AccessControlSections.Access);
        }
コード例 #11
0
ファイル: CommonAclTest.cs プロジェクト: nlhepler/mono
		static RawAcl MakeRawAcl (GenericAce[] aces)
		{
			RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
			for (int i = 0; i < aces.Length; i ++) { acl.InsertAce (i, aces [i]); }
			return acl;
		}
コード例 #12
0
        private static RawAcl InheritAcl(RawAcl parentAcl, bool isContainer)
        {
            AceFlags inheritTest = isContainer ? AceFlags.ContainerInherit : AceFlags.ObjectInherit;

            RawAcl newAcl = null;
            if (parentAcl != null)
            {
                newAcl = new RawAcl(parentAcl.Revision, parentAcl.Count);
                foreach (GenericAce ace in parentAcl)
                {
                    if ((ace.AceFlags & inheritTest) != 0)
                    {
                        GenericAce newAce = ace.Copy();

                        AceFlags newFlags = ace.AceFlags;
                        if ((newFlags & AceFlags.NoPropagateInherit) != 0)
                        {
                            newFlags &= ~(AceFlags.ContainerInherit | AceFlags.ObjectInherit | AceFlags.NoPropagateInherit);
                        }

                        newFlags &= ~AceFlags.InheritOnly;
                        newFlags |= AceFlags.Inherited;

                        newAce.AceFlags = newFlags;
                        newAcl.InsertAce(newAcl.Count, newAce);
                    }
                }
            }

            return newAcl;
        }
コード例 #13
0
		static CommonSecurityDescriptor ProtectionPreserveInheritanceIgnoredUnlessProtectedTrueDescriptor()
		{
			SecurityIdentifier sid = new SecurityIdentifier ("WD");

			RawAcl acl = new RawAcl (GenericAcl.AclRevision, 1);
			acl.InsertAce (0, new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 1, sid, false, null));
			               acl.InsertAce (1, new CommonAce (AceFlags.Inherited, AceQualifier.AccessAllowed, 1, sid, false, null));

			CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
				(false, false, ControlFlags.None, null, null, null, null);
			descriptor.DiscretionaryAcl = new DiscretionaryAcl (false, false, acl);
			return descriptor;
		}
コード例 #14
0
        private void BuildSecurityDescriptor()
        {
            Fx.Assert((null == securityDescriptor), "SecurityDescriptor must be NULL");

            NTAccount name;
            SecurityIdentifier sid;
            CommonAce ace;
            RawAcl acl = new RawAcl(GenericAcl.AclRevision, 1);
            int index = 0;
            if (operationRoleMembers != null)
            {
                foreach (string userName in operationRoleMembers)
                {
                    name = new NTAccount(userName);
                    sid = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
                    ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
                    acl.InsertAce(index, ace);
                    index++;
                }
            }
            if (contractRoleMembers != null)
            {
                foreach (string userName in contractRoleMembers)
                {
                    name = new NTAccount(userName);
                    sid = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
                    ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
                    acl.InsertAce(index, ace);
                    index++;
                }
            }
            if (serviceRoleMembers != null)
            {
                foreach (string userName in serviceRoleMembers)
                {
                    name = new NTAccount(userName);
                    sid = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
                    ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
                    acl.InsertAce(index, ace);
                    index++;
                }
            }
            DiscretionaryAcl dacl = new DiscretionaryAcl(true, false, acl);
            securityDescriptor = new CommonSecurityDescriptor(true, false, ControlFlags.DiscretionaryAclPresent, sidAdministrators, sidAdministrators, null, dacl);

        }
コード例 #15
0
		[Category ("NotWorking")] // Mono does not have a working CustomAce implementation yet.
		public void ObjectSecurityRemovesWhatItCannotCreate ()
		{
			RawAcl acl = new RawAcl (GenericAcl.AclRevision, 1);
			acl.InsertAce (0, new CustomAce ((AceType)255, AceFlags.None, new byte[4]));

			DiscretionaryAcl dacl = new DiscretionaryAcl (true, true, acl);
			Assert.AreEqual (1, dacl.Count);

			CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
				(true, true, ControlFlags.None, null, null, null, dacl);

			TestSecurity security = new TestSecurity (descriptor);
			AuthorizationRuleCollection rules = security.GetAccessRules (true, true, typeof (SecurityIdentifier));
			Assert.AreEqual (0, rules.Count);
		}