/// <summary> /// // Remove items from stock if the order count is less than or equal to /// the number in stock /// </summary> /// <param name="_ordered"></param> /// <param name="access"></param> /// <returns>Number ordered upon success,ArgumentOutOfRange, KeyNotFound or AccessViolation on failure</returns> public uint OrderItems(int id, uint _ordered, SecurityLevel access) { if (itemCounts.ContainsKey(id)) { if (access.HasFlag(BusinessInformation.intItemList[id].GetSecurityLevel())) { uint amount = GetCount(id); if (_ordered <= amount) { SetCount(id, amount - _ordered); return(_ordered); } throw new ArgumentOutOfRangeException("There is not enough of this item in stock!"); } throw new AccessViolationException("You cannot purchase this item, since you do not have security clearance!"); } throw new KeyNotFoundException("This item is not sold at this location!"); }
/// <summary> /// Configurate pipe squrity relative to requested level. /// /// You can request more then one level via using format: /// SecurityLevel | SecurityLevel | ... /// /// Internal level will applyed by default to allow system and application control created pipes. /// </summary> /// <param name="level"></param> /// <returns></returns> public static PipeSecurity GetRulesForLevels(SecurityLevel level) { // Get core base of rules that euqual Internal level. PipeSecurity rules = DefaultInternalPipeScurity; string rulesLog = ""; // Add Anonymous rule if (level.HasFlag(SecurityLevel.Anonymous)) { // Add to log. rulesLog += (rulesLog.Length > 0 ? " | " : "") + "WorldSid"; // Add owner rights to control the pipe. rules.AddAccessRule( new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.WorldSid | WellKnownSidType.NullSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow)); } // Add Authenticated rule if (level.HasFlag(SecurityLevel.RemoteLogon)) { // Add to log. rulesLog += (rulesLog.Length > 0 ? " | " : "") + "RemoteLogonIdSid"; // Add owner rights to control the pipe. rules.AddAccessRule( new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.RemoteLogonIdSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow)); } // Add Local rule if (level.HasFlag(SecurityLevel.Local)) { // Add to log. rulesLog += (rulesLog.Length > 0 ? " | " : "") + "LocalSystemSid"; // Add owner rights to control the pipe. rules.AddAccessRule( new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow)); } // Add Administrator rule if (level.HasFlag(SecurityLevel.Administrator)) { // Add to log. rulesLog += (rulesLog.Length > 0 ? " | " : "") + "BuiltinAdministratorsSid"; // Add owner rights to control the pipe. rules.AddAccessRule( new PipeAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), PipeAccessRights.ReadWrite, AccessControlType.Allow)); } // Show logs. Console.WriteLine("APPLIED RULES: system | self | " + rulesLog); return(rules); }
/// <summary> /// Change local security authority of machine to allow requested security level. /// Require admin rights. /// </summary> /// <param name="level"></param> public static void SetLocalSecurityAuthority(SecurityLevel level) { using (WindowsIdentity identity = WindowsIdentity.GetCurrent()) { #region Check rights // Check rights. WindowsPrincipal principal = new WindowsPrincipal(identity); bool isElevated = principal.IsInRole(WindowsBuiltInRole.Administrator); if (!isElevated) { Console.WriteLine( "SECURITY ERROR: LSA update require admin rights." + "Close application and start it as Admin."); return; } #endregion // If require anonymus connection. if (level.HasFlag(SecurityLevel.Anonymous)) { SecurityIdentifier guestDomainSID = new SecurityIdentifier(WellKnownSidType.BuiltinGuestsSid, null); SecurityIdentifier guestSID = null; #region Activate guest user // Start command line. System.Diagnostics.Process cmd = new System.Diagnostics.Process(); cmd.StartInfo.FileName = "cmd.exe"; cmd.StartInfo.RedirectStandardInput = true; cmd.StartInfo.RedirectStandardOutput = true; cmd.StartInfo.CreateNoWindow = true; cmd.StartInfo.UseShellExecute = false; cmd.Start(); // Create system query. SelectQuery query = new SelectQuery("Win32_UserAccount"); ManagementObjectSearcher searcher = new ManagementObjectSearcher(query); foreach (ManagementObject envVar in searcher.Get()) { // Get name of account. var account = new NTAccount(envVar["Name"].ToString()); // Get SID of account. var sid = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier)); // Check is account is Guest. if (sid.IsWellKnown(WellKnownSidType.AccountGuestSid)) { guestSID = sid; // Send order to activate. cmd.StandardInput.WriteLine("net user {0} /active:yes", envVar["Name"].ToString()); // Log result. Console.WriteLine("LSA: \"{0}\" user activated to allow anonymous access to this machine.", envVar["Name"]); break; } } // Send command. cmd.StandardInput.Flush(); cmd.StandardInput.Close(); //cmd.WaitForExit(); //Console.WriteLine(cmd.StandardOutput.ReadToEnd()); #endregion #region Remove Guests from "deny access to this computer from the network". Console.WriteLine("LSA: Network logon for Guests allowed."); LSA.LsaSecurityWrapper.AddAccountRights(guestDomainSID, "SeNetworkLogonRight"); Console.WriteLine("LSA: Deny network logon right for Guests domain removed."); LSA.LsaSecurityWrapper.RemoveAccountRights(guestDomainSID, "SeDenyNetworkLogonRight"); if (guestSID != null) { Console.WriteLine("LSA: Deny network logon right for Guest user removed."); LSA.LsaSecurityWrapper.RemoveAccountRights(guestSID, "SeDenyNetworkLogonRight"); } #endregion } } }