public void AddAuditRule_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var customAuditRuleRead = new CustomAuditRule(
new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null).Translate(typeof(NTAccount)), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleReadAttribute = new CustomAuditRule(
new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), ReadAttributeAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleRead);
customObjectSecurity.AddAuditRule(customAuditRuleReadAttribute);
AuthorizationRuleCollection ruleCollection = customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
List <CustomAuditRule> addedRules = ruleCollection.Cast <CustomAuditRule>().ToList();
Assert.Contains(customAuditRuleRead, addedRules);
Assert.Contains(customAuditRuleReadAttribute, addedRules);
}
public void RemoveAuditRuleAll_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAuditRuleReadWrite = new CustomAuditRule
(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleSynchronize = new CustomAuditRule
(
Helpers.s_LocalSystemNTAccount, SynchronizeAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
customObjectSecurity.AddAuditRule(customAuditRuleSynchronize);
customObjectSecurity.RemoveAuditRuleAll(customAuditRuleReadWrite);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();
Assert.Empty(existingRules);
}
public void RemoveAuditRule_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectType = Guid.NewGuid();
var customAuditRuleWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, WriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectType, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleReadWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectType, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
customObjectSecurity.RemoveAuditRule(customAuditRuleWrite);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();
Assert.True(existingRules.Count > 0);
Assert.True(
existingRules.Any(
x => x.AccessMaskValue == ReadAccessMask &&
x.AuditFlags == AuditFlags.Success &&
x.IdentityReference == Helpers.s_LocalSystemNTAccount
)
);
}
public void AddAuditRule_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var customAuditRuleRead = new CustomAuditRule(
new NTAccount(@"NT AUTHORITY\Network Service"), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleReadAttribute = new CustomAuditRule(
new NTAccount(@"NT AUTHORITY\SYSTEM"), ReadAttributeAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, Guid.NewGuid(), Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleRead);
customObjectSecurity.AddAuditRule(customAuditRuleReadAttribute);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.NotNull(ruleCollection);
List <CustomAuditRule> addedRules = ruleCollection.Cast <CustomAuditRule>().ToList();
Assert.True(addedRules.Contains(customAuditRuleRead));
Assert.True(addedRules.Contains(customAuditRuleReadAttribute));
}
public void SetAuditRule_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var identityReference = new NTAccount(@"NT AUTHORITY\SYSTEM");
var customAuditRuleReadWrite = new CustomAuditRule(
identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleRead = new CustomAuditRule(
new NTAccount(@"NT AUTHORITY\SYSTEM"), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
customObjectSecurity.SetAuditRule(customAuditRuleRead);
AuthorizationRuleCollection ruleCollection =
customObjectSecurity
.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
List <CustomAuditRule> existingRules = ruleCollection.Cast <CustomAuditRule>().ToList();
Assert.False(existingRules.Contains(customAuditRuleReadWrite));
Assert.True(existingRules.Contains(customAuditRuleRead));
}
public void SetAuditRule_Succeeds()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var identityReference = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount));
var customAuditRuleReadWrite = new CustomAuditRule(
identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleRead = new CustomAuditRule(
new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), ReadAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
customObjectSecurity.SetAuditRule(customAuditRuleRead);
var existingRules = customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>().ToList();
Assert.DoesNotContain(customAuditRuleReadWrite, existingRules);
Assert.Contains(customAuditRuleRead, existingRules);
}
private bool IsEqual(CustomAuditRule auditRule)
{
return(IdentityReference.Equals(auditRule.IdentityReference) &&
AccessMask.Equals(auditRule.AccessMask) &&
AuditFlags.Equals(auditRule.AuditFlags) &&
InheritanceFlags.Equals(auditRule.InheritanceFlags) &&
PropagationFlags.Equals(auditRule.PropagationFlags));
}
public void RemoveAuditRuleSpecific_NoMatchableRuleFound()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var customAuditRuleReadWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleWrite = new CustomAuditRule(
Helpers.s_LocalSystemNTAccount, WriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
customObjectSecurity.RemoveAuditRuleSpecific(customAuditRuleWrite);
Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
}
public void RemoveAuditRuleSpecific_NoMatchableRuleFound()
{
var descriptor = new CommonSecurityDescriptor(true, true, string.Empty);
var customObjectSecurity = new CustomDirectoryObjectSecurity(descriptor);
var objectTypeGuid = Guid.NewGuid();
var identityReference = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount));
var customAuditRuleReadWrite = new CustomAuditRule(
identityReference, ReadWriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
var customAuditRuleWrite = new CustomAuditRule(
identityReference, WriteAccessMask, true, InheritanceFlags.None,
PropagationFlags.None, objectTypeGuid, Guid.NewGuid(), AuditFlags.Success
);
customObjectSecurity.AddAuditRule(customAuditRuleReadWrite);
Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
customObjectSecurity.RemoveAuditRuleSpecific(customAuditRuleWrite);
Assert.Contains(customAuditRuleReadWrite, customObjectSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <CustomAuditRule>());
}
