public void SyncronizeFileSystem(SecurityTemplate securityTemplate)
        {
            string        fullPath      = securityTemplate.GetFullPath(ServerConfig.WebsiteDirectory);
            WindowsUser   windowsUser   = getWindowsUser(securityTemplate.Username);
            FileInfo      fileInfo      = new FileInfo(fullPath);
            DirectoryInfo directoryInfo = new DirectoryInfo(fullPath);

            if (fileInfo.Exists)
            {
                FileSecurity security = fileInfo.GetAccessControl();
                applySecurityAccessRule(securityTemplate, windowsUser, security);
                fileInfo.SetAccessControl(security);
            }
            else if (directoryInfo.Exists)
            {
                DirectorySecurity security = directoryInfo.GetAccessControl();
                applySecurityAccessRule(securityTemplate, windowsUser, security);
                directoryInfo.SetAccessControl(security);
            }
            else
            {
                throw new Exception(
                          "Cannot set security rule because the path '" + fullPath + "' does not exist.");
            }
        }
        public ActionResult ChangeStatus(long?id)
        {
            if (id == null)
            {
                return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
            }
            SecurityTemplate secTemp = db.SecurityTemplates.Where(st => st.ID == id && st.ID > 12).SingleOrDefault();

            if (secTemp == null)
            {
                return(HttpNotFound());
            }

            bool tempVar = true;

            if (secTemp.IsActive)
            {
                tempVar = false;
            }

            secTemp.IsActive = tempVar;

            db.Entry(secTemp).State = EntityState.Modified;
            db.SaveChanges();

            Session["siteMsgTyp"] = "success";
            Session["siteMsg"]    = "The selected option status changed successfully.";

            return(RedirectToAction("Index", "SecurityTemplates"));
        }
 private string getFullPath(RhspDataID websiteID, string relativePath)
 {
     return(SecurityTemplate.GetFullPath(
                ServerConfig.WebsiteDirectory,
                CreateManager <WebsiteManager>().Get(websiteID),
                relativePath));
 }
 public FileSystemAccessRule GetFileSystemAccessRule <TSecurity>(
     SecurityTemplate template,
     WindowsUser windowsUser)
     where TSecurity : FileSystemSecurity
 {
     if (typeof(TSecurity) == typeof(DirectorySecurity))
     {
         // Directory security with default inheritance (files and subfolders).
         return(new FileSystemAccessRule(
                    windowsUser.Sid,
                    template.GetFileSystemRights(),
                    InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                    PropagationFlags.None,
                    template.GetAccessControlType()));
     }
     else if (typeof(TSecurity) == typeof(FileSecurity))
     {
         // Files must not have inheritance specified.
         return(new FileSystemAccessRule(
                    windowsUser.Sid,
                    template.GetFileSystemRights(),
                    template.GetAccessControlType()));
     }
     else
     {
         throw new NotSupportedException(
                   "File system security type '" + typeof(TSecurity).FullName + "' is not supported.");
     }
 }
 protected void RemoveMatchingRules <TSecurity>(
     TSecurity security,
     SecurityIdentifier sid,
     SecurityTemplate template)
     where TSecurity : FileSystemSecurity
 {
     RemoveMatchingRules <TSecurity>(security, sid, template.GetAccessControlType());
 }
예제 #6
0
        private bool relativePathAndUserExists(SecurityTemplate st, DirectoryInfo websiteDirectory)
        {
            SecurityTemplateManager stm = CreateManager <SecurityTemplateManager>();
            WindowsUserManager      wum = new WindowsUserManager(ServerConfig.WindowsServerName);

            return(!stm.RelativePathExists(websiteDirectory, st.RelativePath) ||
                   (!wum.Exists(st.Username) && !st.UseIisIdentity));
        }
        public void MediumTrustAllowsCopyingBetweenTypesFromSameModule()
        {
            SampleBaseClass i1 = new SampleDerivedClass("1st config val");
            SampleBaseClass i2 = new SampleFurtherDerivedClass("2nd config val");

            SecurityTemplate.MediumTrustInvoke(new ThreadStart(new CopyCommand(i2, i1).Execute));
            Assert.AreEqual(i1, i2);
        }
 private IEnumerable <SecurityTemplate> getQuery()
 {
     return(from r in HostingConfig.GetArray <SecurityTemplate>()
            join w in HostingConfig.GetArray <Website>()
            on r.WebsiteID equals w.DataID
            join c in HostingConfig.GetArray <Customer>()
            on w.CustomerID equals c.DataID
            select SecurityTemplate.Combine(r, Website.Combine(w, c)));
 }
        public void MediumTrustThrowsSecurityExceptionWhenCopyingBetweenTypesFromDifferentModules()
        {
            Exception     e1 = new Exception("my name is e1");
            HttpException e2 = new HttpException("my name is e2");

            // I know, I am a bit paranoid about that basic assumption
            Assert.AreNotEqual(e1.GetType().Assembly, e2.GetType().Assembly);

            SecurityTemplate.MediumTrustInvoke(new ThreadStart(new CopyCommand(e2, e1).Execute));
            Assert.AreEqual(e1.Message, e2.Message);
        }
        public void Update(SecurityTemplate securityTemplate)
        {
            SecurityTemplate existing = Get(securityTemplate.DataID);

            if (existing.Access != securityTemplate.Access)
            {
                throw new Exception("Access mode cannot be changed once set.");
            }

            enforceConstraints(securityTemplate);
            HostingConfig.Update(securityTemplate);
        }
예제 #11
0
        private void dataGridView_CellValueChanged(object sender, DataGridViewCellEventArgs e)
        {
            if (e.RowIndex != -1)
            {
                SecurityTemplate rule = (SecurityTemplate)dataGridView.Rows[e.RowIndex].DataBoundItem;
                if (rule.PendingAction != ChildPendingAction.Create)
                {
                    rule.PendingAction = ChildPendingAction.Update;
                }

                ChangeMade();
            }
        }
예제 #12
0
        private void removeRule(SecurityTemplate rule)
        {
            if (rule.PendingAction == ChildPendingAction.Create)
            {
                // Not yet created, so remove from results.
                ruleResultList.Remove(rule);
            }
            else
            {
                rule.PendingAction = ChildPendingAction.Delete;
            }

            ruleBindingList.Remove(rule);
        }
        private void applySecurityAccessRule <TSecurity>(
            SecurityTemplate securityTemplate,
            WindowsUser windowsUser,
            TSecurity security)
            where TSecurity : FileSystemSecurity
        {
            RemoveMatchingRules <TSecurity>(
                security,
                windowsUser.Sid,
                securityTemplate.GetAccessControlType());

            // Add new rule (effectively replace if removed) to apply security.
            security.AddAccessRule(GetFileSystemAccessRule <TSecurity>(securityTemplate, windowsUser));
        }
예제 #14
0
        private void dataGridView_CellBeginEdit(object sender, DataGridViewCellCancelEventArgs e)
        {
            DataGridViewRow  row  = dataGridView.Rows[e.RowIndex];
            SecurityTemplate rule = (SecurityTemplate)row.DataBoundItem;

            if (rule.PendingAction != ChildPendingAction.Create)
            {
                if ((e.ColumnIndex == dataGridView.Columns[RelativePathColumn.Name].Index) ||
                    (e.ColumnIndex == dataGridView.Columns[AccessColumn.Name].Index))
                {
                    // Only allow path and access edit if not created.
                    e.Cancel = true;
                }
            }
        }
        public ActionResult Edit(long?id)
        {
            if (id == null)
            {
                return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
            }
            SecurityTemplate securityTemplate = db.SecurityTemplates.Where(st => st.ID == id && st.ID > 1).SingleOrDefault();

            if (securityTemplate == null)
            {
                return(HttpNotFound());
            }

            //Get Permissions
            var v = from b in db.Permissions
                    select new
            {
                b.ID,
                b.GroupName,
                Name = b.ControllerName + " - " + b.ActionName,
                b.OnlyAdminHidden,
                Checked = ((from bou in db.SecurityTemplatePermissions
                            where (bou.SecurityTemplateID == id) & (bou.PermissionID == b.ID)
                            select bou).Count() > 0)
            };

            v = v.Where(b => b.OnlyAdminHidden == false);
            v = v.OrderBy("Name asc");
            var Permissions            = v.ToList();
            var PermissionCheckBoxList = new List <CheckBoxViewModel>();

            foreach (var item in Permissions)
            {
                PermissionCheckBoxList.Add(new CheckBoxViewModel {
                    ID = item.ID, GroupName = item.GroupName, Name = item.Name, Checked = item.Checked
                });
            }

            //Add data to the SecurityTemplateViewModel
            SecurityTemplateViewModel stvm = new SecurityTemplateViewModel
            {
                SecurityTemplateName = securityTemplate.SecurityTemplateName,
                IsActive             = securityTemplate.IsActive,
                Permissions          = PermissionCheckBoxList
            };

            return(View(stvm));
        }
        public void Delete(RhspDataID dataID)
        {
            SecurityTemplate securityTemplate = Get(dataID);

            if (!string.IsNullOrEmpty(securityTemplate.Username))
            {
                // Only try to delete the physical rule if the user is specified.
                WindowsUser windowsUser = findWindowsUser(securityTemplate.Username);
                if (windowsUser != null)
                {
                    // Only try to delete when the user is still on the system.
                    deleteFromFileSystem(securityTemplate, windowsUser.Sid);
                }
            }
            HostingConfig.Delete <SecurityTemplate>(dataID);
        }
예제 #17
0
        private void addButton_Click(object sender, EventArgs e)
        {
            SecurityTemplate rule = new SecurityTemplate(RhspDataID.Generate());

            rule.PendingAction = ChildPendingAction.Create;
            //rule.Username = usernameBindingList.FirstOrDefault();

            ruleResultList.Add(rule);
            ruleBindingList.Add(rule);
            ruleBindingList.ResetBindings();

            ChangeMade();

            selectGridViewRow(dataGridView.Rows.Cast <DataGridViewRow>().Last().Index);
            dataGridView.BeginEdit(false);
        }
예제 #18
0
        private void dataGridView_RowPrePaint(object sender, DataGridViewRowPrePaintEventArgs e)
        {
            DataGridViewRow         row              = dataGridView.Rows[e.RowIndex];
            SecurityTemplate        rule             = (SecurityTemplate)row.DataBoundItem;
            DataGridViewTextBoxCell relativePathCell = (DataGridViewTextBoxCell)row.Cells[RelativePathColumn.Name];
            //DataGridViewComboBoxCell usernameCell = (DataGridViewComboBoxCell)row.Cells[UsernameColumn.Name];
            DataGridViewComboBoxCell accessCell = (DataGridViewComboBoxCell)row.Cells[AccessColumn.Name];

            if (rule.PendingAction != ChildPendingAction.Create)
            {
                relativePathCell.Style.BackColor = SystemColors.Control;
                //usernameCell.Style.BackColor = SystemColors.Control;
                //usernameCell.DisplayStyle = DataGridViewComboBoxDisplayStyle.Nothing;
                accessCell.Style.BackColor = SystemColors.Control;
                accessCell.DisplayStyle    = DataGridViewComboBoxDisplayStyle.Nothing;
            }
        }
예제 #19
0
        public void CannotReadPrivateReadOnlyFieldIfNoReflectionPermission()
        {
            FieldInfo fieldInfo = typeof(MyStaticClass).GetField("myPrivateReadonlyField", BindingFlags.Static | BindingFlags.NonPublic);

            try
            {
                SecurityTemplate.MediumTrustInvoke(delegate
                {
                    IDynamicField myPrivateReadonlyField2 = Create(fieldInfo);
                });
                Assert.Fail("private field must not be accessible in medium trust: " + fieldInfo);
            }
            catch (SecurityException sex)
            {
                Assert.IsTrue(sex.Message.IndexOf("ReflectionPermission") > -1);
            }
        }
        public void Process(SecurityTemplate securityRule)
        {
            switch (securityRule.PendingAction)
            {
            case ChildPendingAction.Create: Create(securityRule); break;

            case ChildPendingAction.Update: Update(securityRule); break;

            case ChildPendingAction.Delete: Delete(securityRule.DataID); break;
            }

            // Path may have been deleted outside of the application.
            if (securityRule.RelativePathExists(ServerConfig.WebsiteDirectory) &&
                !securityRule.UsingIisIdenityWhileIisSiteDisabled())
            {
                // Syncronise even if action is none (fs may be out of date).
                SyncronizeFileSystem(securityRule);
            }
        }
        private void deleteFromFileSystem(SecurityTemplate securityTemplate, SecurityIdentifier sid)
        {
            string        fullPath      = securityTemplate.GetFullPath(ServerConfig.WebsiteDirectory);
            FileInfo      fileInfo      = new FileInfo(fullPath);
            DirectoryInfo directoryInfo = new DirectoryInfo(fullPath);

            // If it exists, delete it, if not, ignore the delete request.
            if (fileInfo.Exists)
            {
                FileSecurity security = File.GetAccessControl(fileInfo.FullName);
                RemoveMatchingRules(security, sid, securityTemplate.GetAccessControlType());
                File.SetAccessControl(directoryInfo.FullName, security);
            }
            else if (directoryInfo.Exists)
            {
                DirectorySecurity security = Directory.GetAccessControl(directoryInfo.FullName);
                RemoveMatchingRules(security, sid, securityTemplate.GetAccessControlType());
                Directory.SetAccessControl(fileInfo.FullName, security);
            }
        }
        private void enforceConstraints(SecurityTemplate securityTemplate)
        {
            if (!RelativePathExists(securityTemplate.WebsiteID, securityTemplate.RelativePath))
            {
                string fullPath = getFullPath(
                    securityTemplate.WebsiteID,
                    securityTemplate.RelativePath);

                throw new Exception(
                          "The Windows file system path '" + fullPath + "' does not exist.");
            }

            if (!securityTemplate.UsingIisIdenityWhileIisSiteDisabled())
            {
                if (string.IsNullOrEmpty(securityTemplate.Username))
                {
                    if (securityTemplate.UseIisIdentity)
                    {
                        throw new Exception(
                                  "Security template is set to use IIS identity, but " +
                                  "the username for this identity is null or empty.");
                    }
                    else
                    {
                        throw new Exception(
                                  "The username property of the security template cannot be null.");
                    }
                }

                if (!UserExists(securityTemplate.Username))
                {
                    throw new Exception(
                              "There is no Windows user with username '" + securityTemplate.Username + "'.");
                }
            }
        }
예제 #23
0
 private bool relativePathIsRoot(SecurityTemplate st)
 {
     return(string.IsNullOrEmpty(st.RelativePath) ||
            (st.RelativePath == @"\") ||
            (st.RelativePath == "/"));
 }
 public void Create(SecurityTemplate securityTemplate)
 {
     enforceConstraints(securityTemplate);
     HostingConfig.Create(securityTemplate);
 }
예제 #25
0
 public void CanCreateWithRestrictedPermissions()
 {
     SecurityTemplate.MediumTrustInvoke(new ThreadStart(CanCreateWithRestrictedPermissionsImpl));
 }
예제 #26
0
 public void CanCreatePrivateMethodButThrowsOnInvoke()
 {
     SecurityTemplate.MediumTrustInvoke(new ThreadStart(CanCreatePrivateMethodButThrowsOnInvokeImpl));
 }
 private string getFullPath(DirectoryInfo websiteDirectory, string relativePath)
 {
     return(SecurityTemplate.GetFullPath(
                websiteDirectory,
                relativePath));
 }
예제 #28
0
 public virtual void SetUp()
 {
     Security = new SecurityTemplate(true);
     LogManager.Reset();
     LogManager.Adapter = GetLoggerFactoryAdapter();
 }
예제 #29
0
        void SettingsPage_AfterNextAsync(object sender, RunWorkerCompletedEventArgs e)
        {
            List <SecurityTemplate> stList      = new List <SecurityTemplate>();
            List <WebsiteHost>      hostList    = new List <WebsiteHost>();
            List <DnsZone>          dnsZoneList = new List <DnsZone>();
            string iisRedirectUrl = string.Empty;

            //Website.Name = hostNameTextBox.Text;

            if (iisEnableCheckBox.Checked)
            {
                if (iisStandardRadioButton.Checked)
                {
                    Website.IisSite.Mode = WebsiteIisMode.Standard;
                }

                if (iisRedirectRadioButton.Checked)
                {
                    Website.IisSite.Mode = WebsiteIisMode.Redirect;
                    iisRedirectUrl       = iisRedirectTextBox.Text;
                }

                // Only create security template when there will be a directory to use.
                SecurityTemplate securityTemplate = new SecurityTemplate(RhspDataID.Generate());
                securityTemplate.PendingAction  = ChildPendingAction.Create;
                securityTemplate.RelativePath   = "\\";
                securityTemplate.Read           = true;
                securityTemplate.Access         = SecurityTemplateAccess.Allow;
                securityTemplate.UseIisIdentity = true;
                stList.Add(securityTemplate);
            }
            else
            {
                Website.IisSite.Mode = WebsiteIisMode.Disabled;
            }

            WebsiteHost primaryHost = new WebsiteHost(RhspDataID.Generate());

            primaryHost.PendingAction = ChildPendingAction.Create;
            primaryHost.Port          = getIisPort();
            primaryHost.Name          = hostNameTextBox.Text;
            primaryHost.IpAddress     = (string)iisIpBindingSource.Current;
            //primaryHost.Primary = true;
            Website.PrimaryHostID = primaryHost.DataID;
            hostList.Add(primaryHost);

            if (wwwHostNameCheckBox.Checked)
            {
                WebsiteHost wwwHost = new WebsiteHost(RhspDataID.Generate());
                wwwHost.PendingAction = ChildPendingAction.Create;
                wwwHost.Port          = getIisPort();
                wwwHost.Name          = "www." + primaryHost.Name;
                wwwHost.IpAddress     = primaryHost.IpAddress;
                hostList.Add(wwwHost);
            }

            if (dnsCreateRadioButton.Checked)
            {
                List <DnsRecord> recordList = new List <DnsRecord>();

                DnsZone zone = new DnsZone(RhspDataID.Generate());
                zone.PendingAction = ChildPendingAction.Create;
                zone.Name          = hostNameTextBox.Text;
                zone.DefaultTtl    = "1h";
                dnsZoneList.Add(zone);

                foreach (string dnsServer in dnsServerArray)
                {
                    DnsRecord nsRecord = new DnsRecord(RhspDataID.Generate());
                    nsRecord.PendingAction = ChildPendingAction.Create;
                    nsRecord.Name          = "@";
                    nsRecord.RecordType    = DnsRecordType.NS;
                    nsRecord.Value         = dnsServer;
                    recordList.Add(nsRecord);
                }

                DnsRecord rootRecord = new DnsRecord(RhspDataID.Generate());
                rootRecord.PendingAction = ChildPendingAction.Create;
                rootRecord.Name          = "@";
                rootRecord.RecordType    = DnsRecordType.A;
                rootRecord.Value         = (string)dnsIpBindingSource.Current;
                recordList.Add(rootRecord);

                if (wwwHostNameCheckBox.Checked)
                {
                    DnsRecord wwwRecord = new DnsRecord(RhspDataID.Generate());
                    wwwRecord.PendingAction = ChildPendingAction.Create;
                    wwwRecord.Name          = "www";
                    wwwRecord.RecordType    = DnsRecordType.CNAME;
                    wwwRecord.Value         = "@";
                    recordList.Add(wwwRecord);
                }

                zone.RecordArray = recordList.ToArray();
            }

            Website.HostArray           = hostList.ToArray();
            Website.SecurityArray       = stList.ToArray();
            Website.DnsZoneArray        = dnsZoneList.ToArray();
            Website.IisSite.RedirectUrl = iisRedirectUrl;
        }
예제 #30
0
 private void deleteSecurityTemplate(SecurityTemplate st)
 {
     CreateManager <SecurityTemplateManager>().Delete(st.DataID);
 }