public void TestGetAccessControlSections()
{
var filename = Util.CreateNewFile(longPathDirectory);
try
{
var fi = new FileInfo(filename);
FileSecurity security = fi.GetAccessControl(AccessControlSections.Access);
Assert.IsNotNull(security);
Assert.AreEqual(typeof(FileSystemRights), security.AccessRightType);
Assert.AreEqual(typeof(FileSystemAccessRule), security.AccessRuleType);
Assert.AreEqual(typeof(FileSystemAuditRule), security.AuditRuleType);
Assert.IsTrue(security.AreAccessRulesCanonical);
Assert.IsTrue(security.AreAuditRulesCanonical);
Assert.IsFalse(security.AreAccessRulesProtected);
Assert.IsFalse(security.AreAuditRulesProtected);
var securityGetAccessRules = security.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <FileSystemAccessRule>();
Assert.AreEqual(0, securityGetAccessRules.Count());
AuthorizationRuleCollection perm = security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
var ntAccount = new System.Security.Principal.NTAccount(System.Security.Principal.WindowsIdentity.GetCurrent().Name);
FileSystemAccessRule rule = perm.Cast <FileSystemAccessRule>().SingleOrDefault(e => ntAccount == e.IdentityReference);
Assert.IsNotNull(rule);
Assert.IsTrue((rule.FileSystemRights & FileSystemRights.FullControl) != 0);
}
finally
{
File.Delete(filename);
}
}
public void SetAuditRule_Succeeds()
{
var auditRuleAppendData = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.AppendData, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount,
FileSystemRights.CreateFiles, AuditFlags.Failure);
var auditRuleDelete = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Delete, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.AddAuditRule(auditRuleAppendData);
fileSecurity.SetAuditRule(auditRuleDelete);
var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(2, auditRules.Count);
var firstAuditRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), firstAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights);
var secondAuditRule = (FileSystemAuditRule)auditRules[1];
Assert.Equal(Helpers.s_NetworkServiceNTAccount, secondAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights);
}
public void SetAuditRule_Succeeds()
{
var auditRuleAppendData = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.AppendData, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service",
FileSystemRights.CreateFiles, AuditFlags.Failure);
var auditRuleDelete = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Delete, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.AddAuditRule(auditRuleAppendData);
fileSecurity.SetAuditRule(auditRuleDelete);
var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(2, auditRules.Count);
var firstAuditRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), firstAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights);
var secondAuditRule = (FileSystemAuditRule)auditRules[1];
Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), secondAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights);
}
private void _5(string filename)
{
//DACL - Discretionary access control list (GetAccessRules)
//SACL - System access control list (GetAuditRules)
FileStream fstream = File.Open(filename, FileMode.Open);
FileSecurity fsecurity = fstream.GetAccessControl();
//DACL representation
AuthorizationRuleCollection arl = fsecurity.GetAuditRules(true, true, typeof(NTAccount));
//Show rules
foreach (AuthorizationRule ar in arl)
{
//Acces to the file (this can be various)
FileSystemAccessRule fsar = ar as FileSystemAccessRule ?? null;
if (fsar != null)
{
Console.WriteLine("Acces type: {0}", fsar.AccessControlType);
Console.WriteLine("Idenity: {0}", fsar.IdentityReference.Value);
Console.WriteLine("Rights: {0}", fsar.FileSystemRights);
}
}
fstream.Close();
}
public void RemoveAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Read | FileSystemRights.Write,
AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write, AuditFlags.Failure)));
rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags);
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), existingRule.IdentityReference);
}
public void RemoveAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Read | FileSystemRights.Write,
AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Write, AuditFlags.Failure)));
rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags);
Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), existingRule.IdentityReference);
}
public void RemoveAuditRuleSpecific_NoMatchingRules_Succeeds()
{
var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleReadWrite);
fileSecurity.RemoveAuditRuleSpecific(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write, AuditFlags.Success));
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Write | FileSystemRights.Read, existingRule.FileSystemRights);
}
public void AddAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.AppendData, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection auditRules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, auditRules.Count);
var actualAddedRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(Helpers.s_LocalSystemNTAccount, actualAddedRule.IdentityReference);
Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags);
Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights);
}
public void AddAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.AppendData, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection auditRules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, auditRules.Count);
var actualAddedRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), actualAddedRule.IdentityReference);
Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags);
Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights);
}
public void RemoveAuditRuleSpecific_Succeeds()
{
var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount,
FileSystemRights.Read, AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleReadWrite);
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.RemoveAuditRuleSpecific(auditRuleReadWrite);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingAuditRule = (FileSystemAuditRule)rules[0];
Assert.Equal(Helpers.s_NetworkServiceNTAccount, existingAuditRule.IdentityReference);
Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags);
}
public void RemoveAuditRuleAll_Succeeds()
{
var auditRuleAppend = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData,
AuditFlags.Success);
var auditRuleWrite = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Write, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service",
FileSystemRights.Read, AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleAppend);
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.RemoveAuditRuleAll(auditRuleWrite);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingAuditRule = (FileSystemAuditRule)rules[0];
Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), existingAuditRule.IdentityReference);
Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags);
}
private void internal_fill(string file_name)
{
textBoxAcl.Clear();
textBoxSddl.Clear();
AuthorizationRuleCollection dacls = null;
AuthorizationRuleCollection sacls = null;
FileSecurity f_sec = null;
try
{
f_sec = File.GetAccessControl(file_name);
try
{
dacls = f_sec.GetAccessRules(true, true, typeof(NTAccount));
}
catch (Exception ex)
{
textBoxAcl.AppendText(ex.Message);
textBoxAcl.AppendText("\r\n");
}
try
{
sacls = f_sec.GetAuditRules(true, true, typeof(NTAccount));
}
catch (Exception ex)
{
textBoxAcl.AppendText(ex.Message);
textBoxAcl.AppendText("\r\n");
}
StringBuilder sb = new StringBuilder();
sb.Append("Owner\r\n");
sb.Append("=====\r\n");
try
{
sb.Append(f_sec.GetOwner(typeof(NTAccount)).Value);
}
catch (Exception ex)
{
sb.Append(ex.Message);
}
sb.Append("\r\n\r\n");
sb.Append("Primary group\r\n");
sb.Append("=============\r\n");
try
{
sb.Append(f_sec.GetGroup(typeof(NTAccount)).Value);
}
catch (Exception ex)
{
sb.Append(ex.Message);
}
sb.Append("\r\n\r\n");
sb.Append("Access rules\r\n");
sb.Append("============\r\n");
sb.Append(string.Format("Inherit disable: {0}\r\n\r\n", f_sec.AreAccessRulesProtected));
if (dacls != null)
{
foreach (FileSystemAccessRule rule in dacls)
{
sb.Append(string.Format("Identity: {0}\r\n", rule.IdentityReference.Value));
sb.Append(string.Format("Access type: {0}\r\n", rule.AccessControlType.ToString()));
sb.Append(string.Format("Rights: {0}\r\n", rule.FileSystemRights.ToString()));
sb.Append(string.Format("Inheritance: {0}\r\n", rule.InheritanceFlags.ToString()));
sb.Append(string.Format("Inherited: {0}\r\n", rule.IsInherited));
sb.Append(string.Format("Propagation: {0}\r\n", rule.PropagationFlags.ToString()));
sb.Append("\r\n");
}
}
sb.Append("Audit rules\r\n");
sb.Append("===========\r\n");
sb.Append(string.Format("Inherit disable: {0}\r\n\r\n", f_sec.AreAuditRulesProtected));
if (sacls != null)
{
foreach (FileSystemAuditRule rule in sacls)
{
sb.Append(string.Format("Identity: {0}\r\n", rule.IdentityReference.Value));
sb.Append(string.Format("Audit type: {0}\r\n", rule.AuditFlags.ToString()));
sb.Append(string.Format("Rights: {0}\r\n", rule.FileSystemRights.ToString()));
sb.Append(string.Format("Inheritance: {0}\r\n", rule.InheritanceFlags.ToString()));
sb.Append(string.Format("Inherited: {0}\r\n", rule.IsInherited));
sb.Append(string.Format("Propagation: {0}\r\n", rule.PropagationFlags.ToString()));
sb.Append("\r\n");
}
}
textBoxAcl.Font = new Font(FontFamily.GenericMonospace, textBoxAcl.Font.Size);
textBoxSddl.Font = textBoxAcl.Font;
textBoxAcl.Text = sb.ToString();
textBoxSddl.Text = f_sec.GetSecurityDescriptorSddlForm(AccessControlSections.All);
}
catch (Exception ex)
{
textBoxAcl.Font = new Font(FontFamily.GenericMonospace, textBoxAcl.Font.Size);
textBoxSddl.Font = textBoxAcl.Font;
textBoxAcl.Text = string.Format("Cannot get security descriptor. {0}", ex.Message);
}
}
