public static bool Matches(this WindowsGroupPermission permission, string resource) { if (permission.IsServer) { return(true); } Guid resourceId; if (Guid.TryParse(resource, out resourceId)) { return(permission.ResourceID == resourceId); } // ResourceName is in the format: {categoryName}\{resourceName} if (resource != null) { resource = resource.Replace('/', '\\'); } if (string.IsNullOrEmpty(resource)) { return(true); } return(permission.ResourceName.Contains("\\" + resource)); }
int Compare(WindowsGroupPermission px, WindowsGroupPermission py) { switch (_sortMemberPath) { case "ResourceName": return(String.Compare(px.ResourceName, py.ResourceName, StringComparison.InvariantCulture)); case "WindowsGroup": return(String.Compare(px.WindowsGroup, py.WindowsGroup, StringComparison.InvariantCulture)); case "View": return(px.View.CompareTo(py.View)); case "Execute": return(px.Execute.CompareTo(py.Execute)); case "Contribute": return(px.Contribute.CompareTo(py.Contribute)); case "DeployTo": return(px.DeployTo.CompareTo(py.DeployTo)); case "DeployFrom": return(px.DeployFrom.CompareTo(py.DeployFrom)); case "Administrator": return(px.Administrator.CompareTo(py.Administrator)); default: break; } return(0); }
public void Remove(Guid resourceId) { LogStart(); _permissionsLock.EnterWriteLock(); try { var oldPermissions = new WindowsGroupPermission[_permissions.Count]; _permissions.CopyTo(oldPermissions); var removedCount = _permissions.RemoveAll(p => !p.IsServer && p.ResourceID == resourceId); if(removedCount > 0) { RaisePermissionsModified(oldPermissions, _permissions); // This will trigger a FileSystemWatcher file changed event // which in turn will cause the permissions to be re-read. WritePermissions(_permissions); } } finally { _permissionsLock.ExitWriteLock(); } LogEnd(); }
public void Remove(Guid resourceId) { LogStart(); _permissionsLock.EnterWriteLock(); try { var oldPermissions = new WindowsGroupPermission[_permissions.Count]; _permissions.CopyTo(oldPermissions); var removedCount = _permissions.RemoveAll(p => !p.IsServer && p.ResourceID == resourceId); if (removedCount > 0) { RaisePermissionsModified(oldPermissions, _permissions); // This will trigger a FileSystemWatcher file changed event // which in turn will cause the permissions to be re-read. WritePermissions(_permissions); } } finally { _permissionsLock.ExitWriteLock(); } LogEnd(); }
public void GivenItHasWith(string groupName, string groupRights) { var groupPermssions = new WindowsGroupPermission { WindowsGroup = groupName, ResourceID = Guid.Empty, IsServer = true }; var permissionsStrings = groupRights.Split(new[] { ", " }, StringSplitOptions.RemoveEmptyEntries); foreach(var permissionsString in permissionsStrings) { SecPermissions permission; if(Enum.TryParse(permissionsString.Replace(" ", ""), true, out permission)) { groupPermssions.Permissions |= permission; } } Data.Settings.Settings settings = new Data.Settings.Settings { Security = new SecuritySettingsTO(new List<WindowsGroupPermission> { groupPermssions }) }; var environmentModel = ScenarioContext.Current.Get<IEnvironmentModel>("environment"); EnsureEnvironmentConnected(environmentModel); environmentModel.ResourceRepository.WriteSettings(environmentModel, settings); environmentModel.Disconnect(); }
public static bool Matches(this WindowsGroupPermission permission, Guid resourceId) { if (permission.IsServer) { return(true); } return(permission.ResourceID == resourceId); }
static SecuritySettingsTO ProcessSettingsFile(IResourceNameProvider resourceNameProvider, string encryptedData) { var decryptData = SecurityEncryption.Decrypt(encryptedData); Dev2Logger.Debug(decryptData, GlobalConstants.WarewolfDebug); var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData); if (currentSecuritySettingsTo.WindowsGroupPermissions.Any(a => a.ResourceID != Guid.Empty)) { foreach (var perm in currentSecuritySettingsTo.WindowsGroupPermissions.Where(a => a.ResourceID != Guid.Empty)) { var resourceName = resourceNameProvider.GetResourceNameById(perm.ResourceID); if (string.IsNullOrWhiteSpace(resourceName)) { resourceName = perm.ResourcePath ?? string.Empty; } perm.ResourceName = resourceName; } } if (currentSecuritySettingsTo.AuthenticationOverrideWorkflow.Name.Length > 0 && currentSecuritySettingsTo.SecretKey == "") { var hmac = new HMACSHA256(); currentSecuritySettingsTo.SecretKey = Convert.ToBase64String(hmac.Key); } var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions; if (permissionGroup.Count > 0) { var adminGrp = permissionGroup[0].WindowsGroup; if (adminGrp == "BuiltIn\\Administrators") { permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText; } } var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests); var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators); if (!hasAdminPermission) { permissionGroup.Add(WindowsGroupPermission.CreateAdministrators()); permissionGroup.Sort(QuickSortForPermissions); } if (!hasGuestPermission) { permissionGroup.Add(WindowsGroupPermission.CreateGuests()); permissionGroup.Sort(QuickSortForPermissions); } return(currentSecuritySettingsTo); }
public void AuthorizationHelpers_Matches_SecurityPermissionIsServer_True() { //------------Setup for test-------------------------- var securityPermission = new WindowsGroupPermission { IsServer = true }; //------------Execute Test--------------------------- var authorized = securityPermission.Matches(null); //------------Assert Results------------------------- Assert.IsTrue(authorized); }
static int QuickSortForPermissions(WindowsGroupPermission x, WindowsGroupPermission y) { var px = x; var py = y; if (px == null || py == null) { return(1); } // New items must be last // if (px.IsNew) { // px is greater than py return(int.MaxValue); } if (py.IsNew) { // px is less than py return(int.MinValue); } // BuiltInAdministrators must be first if (px.IsBuiltInAdministrators) { // px is less than py return(int.MinValue); } if (py.IsBuiltInAdministrators) { // px is greater than py return(int.MaxValue); } // IsBuiltInGuests must be second if (px.IsBuiltInGuests) { // px is less than py return(int.MinValue + 1); } if (py.IsBuiltInGuests) { // px is greater than py return(int.MaxValue - 1); } return(1); }
public void WindowsGroupPermission_Permissions_SetExecute_CorrectlyApplied() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { Permissions = Permissions.Execute }; //------------Assert Results------------------------- Assert.IsFalse(p.View); Assert.IsTrue(p.Execute); Assert.IsFalse(p.Contribute); Assert.IsFalse(p.DeployTo); Assert.IsFalse(p.DeployFrom); Assert.IsFalse(p.Administrator); }
public void SecurityWrite_Execute_SecuritySettingsValuePassedValidJSON_ShouldWriteFile() { //------------Setup for test-------------------------- var permission = new WindowsGroupPermission { Administrator = true, IsServer = true, WindowsGroup = Environment.UserName }; var windowsGroupPermissions = new List<WindowsGroupPermission> { permission }; var securitySettings = new SecuritySettingsTO(windowsGroupPermissions) { CacheTimeout = new TimeSpan(0, 2, 0) }; var securitySettingsValue = JsonConvert.SerializeObject(securitySettings); var securityWrite = new SecurityWrite(); //------------Execute Test--------------------------- securityWrite.Execute(new Dictionary<string, StringBuilder> { { "SecuritySettings", new StringBuilder(securitySettingsValue) } }, null); //------------Assert Results------------------------- Assert.IsTrue(File.Exists("secure.config")); var fileData = File.ReadAllText("secure.config"); Assert.IsFalse(fileData.StartsWith("{")); Assert.IsFalse(fileData.EndsWith("}")); Assert.IsFalse(fileData.Contains("IsServer")); File.Delete("secure.config"); }
public void AuthorizationServiceBase_IsAuthorized_UserIsInResourceRoleAndResourceToBeVerifiedIsNull_False() { //------------Setup for test-------------------------- var securityPermission = new WindowsGroupPermission { IsServer = false, ResourceName = "Category\\Test1", ResourceID = Guid.NewGuid() }; var securityService = new Mock<ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List<WindowsGroupPermission> { securityPermission }); var user = new Mock<IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny<string>())).Returns(true); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; //------------Execute Test--------------------------- var authorized = authorizationService.IsAuthorized(AuthorizationContext.Contribute, null); //------------Assert Results------------------------- Assert.IsFalse(authorized); }
public static bool Matches(this WindowsGroupPermission permission, string resource) { if (permission.IsServer) { return(true); } if (Guid.TryParse(resource, out Guid resourceId)) { return(permission.ResourceID == resourceId); } resource = resource?.Replace('/', '\\'); if (string.IsNullOrEmpty(resource)) { return(true); } return(permission.ResourceName.Contains("\\" + resource)); }
public static bool Matches(this WindowsGroupPermission permission, WebName resource) { if (permission.IsServer || resource is null) { return(true); } var resourceString = resource.Value <string>(); if (Guid.TryParse(resourceString, out var resourceId)) { var matchingResourceID = permission.ResourceID == resourceId; if (matchingResourceID) { return(true); } } var resourcePath = resourceString?.Replace('/', '\\'); if (string.IsNullOrEmpty(resourcePath)) { return(true); } var p1 = resourcePath; if (p1.StartsWith(EnvironmentVariables.ResourcePath)) { p1 = p1.Replace(EnvironmentVariables.ResourcePath, ""); } var permissionResourcePath = permission.ResourcePath; if (permissionResourcePath is null) { return(false); } var p2 = "\\" + permissionResourcePath; var pathMatches = p1.StartsWith(p2); return(pathMatches); }
public static bool Matches(this WindowsGroupPermission permission, IWarewolfResource resource) { if (permission.IsServer) { return(true); } var matchingResourceID = permission.ResourceID == resource?.ResourceID; if (matchingResourceID) { return(true); } var resourcePath = resource?.FilePath?.Replace('/', '\\'); if (string.IsNullOrEmpty(resourcePath)) { return(true); } var p1 = resourcePath; if (p1.StartsWith(EnvironmentVariables.ResourcePath)) { p1 = p1.Replace(EnvironmentVariables.ResourcePath, ""); } var permissionResourcePath = permission.ResourcePath; if (permissionResourcePath is null) { return(false); } var p2 = "\\" + permissionResourcePath; var pathMatches = p1.StartsWith(p2); return(pathMatches); }
int Compare(WindowsGroupPermission px, WindowsGroupPermission py) { switch(_sortMemberPath) { case "ResourceName": return System.String.Compare(px.ResourceName, py.ResourceName, System.StringComparison.InvariantCulture); case "WindowsGroup": return System.String.Compare(px.WindowsGroup, py.WindowsGroup, System.StringComparison.InvariantCulture); case "View": return px.View.CompareTo(py.View); case "Execute": return px.Execute.CompareTo(py.Execute); case "Contribute": return px.Contribute.CompareTo(py.Contribute); case "DeployTo": return px.DeployTo.CompareTo(py.DeployTo); case "DeployFrom": return px.DeployFrom.CompareTo(py.DeployFrom); case "Administrator": return px.Administrator.CompareTo(py.Administrator); } return 0; }
bool IsInRole(IPrincipal principal, WindowsGroupPermission p) { var isInRole = false; if (principal == null) { return(p.IsBuiltInGuestsForExecution); } try { var windowsGroup = p.WindowsGroup; if (windowsGroup == WindowsGroupPermission.BuiltInAdministratorsText) { var principleName = principal.Identity.Name; if (!string.IsNullOrEmpty(principleName)) { return(TryIsInRole(principal, windowsGroup)); } } else { isInRole = principal.IsInRole(windowsGroup); } } catch (ObjectDisposedException e) { Dev2Logger.Warn(e.Message, "Warewolf Warn"); throw; } catch (Exception e) { Dev2Logger.Warn(e.Message, "Warewolf Warn"); } return(isInRole || p.IsBuiltInGuestsForExecution); }
public void WindowsGroupPermissions_CanRemove_Server_True() { //------------Setup for test-------------------------- var p = new WindowsGroupPermission { IsServer = true, WindowsGroup = "xxx" }; //------------Execute Test--------------------------- var canRemove = p.CanRemove; //------------Assert Results------------------------- Assert.IsTrue(canRemove); }
void Verify_IsAuthorized(Permissions configPermissions, TestAuthorizationRequest authorizationRequest, bool isServer) { var configPermission = new WindowsGroupPermission { WindowsGroup = TestAuthorizationRequest.UserRole, IsServer = isServer, Permissions = configPermissions }; if(!isServer && !string.IsNullOrEmpty(authorizationRequest.Resource)) { Guid resourceID; if(Guid.TryParse(authorizationRequest.Resource, out resourceID)) { configPermission.ResourceID = resourceID; configPermission.ResourceName = "TestCategory\\"; } else { configPermission.ResourceID = Guid.NewGuid(); configPermission.ResourceName = string.Format("TestCategory\\{0}", authorizationRequest.Resource); } } authorizationRequest.UserIsInRole = false; Verify_IsAuthorized(configPermission, authorizationRequest); authorizationRequest.UserIsInRole = true; Verify_IsAuthorized(configPermission, authorizationRequest); }
void Verify_IsAuthorized(WindowsGroupPermission configPermissions, TestAuthorizationRequest authorizationRequest) { //------------Setup for test-------------------------- var allowedPermissions = AuthorizationHelpers.ToPermissions(authorizationRequest.AuthorizationContext); var expected = authorizationRequest.UserIsInRole && (configPermissions.Permissions & allowedPermissions) != 0; var securityService = new Mock<ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new[] { configPermissions }); var authorizationService = new TestServerAuthorizationService(securityService.Object); //------------Execute Test--------------------------- var authorized = authorizationService.IsAuthorized(authorizationRequest); //------------Assert Results------------------------- Assert.AreEqual(expected, authorized, string.Format("\nUserIsInRole: {0}\nAllowed: {1}\nConfig: {2}\nIsServer: {3}\nURL: {4}", authorizationRequest.UserIsInRole, allowedPermissions, configPermissions.Permissions, configPermissions.IsServer, authorizationRequest.Url)); }
IResourceModel PickResource(WindowsGroupPermission permission) { if(permission != null && permission.ResourceID != Guid.Empty) { if(_environment.ResourceRepository != null) { var foundResourceModel = _environment.ResourceRepository.FindSingle(model => model.ID == permission.ResourceID); if(foundResourceModel != null) { _resourcePicker.SelectedResource = foundResourceModel; } } } var hasResult = _resourcePicker.ShowDialog(_environment); return hasResult ? _resourcePicker.SelectedResource : null; }
protected virtual bool IsInRole(IPrincipal principal, WindowsGroupPermission p) { var isInRole = false; if(principal == null) { return p.IsBuiltInGuestsForExecution; } try { // If its our admin group ( Warewolf ), we need to check membership differently // Prefixing with computer name does not work with Warewolf and IsInRole // Plain does not work with IsInRole // Hence this conditional check and divert var windowsGroup = p.WindowsGroup; if(windowsGroup == WindowsGroupPermission.BuiltInAdministratorsText) { // We need to get the group as it is local then look for principle's membership var principleName = principal.Identity.Name; if(!string.IsNullOrEmpty(principleName)) { // Examine if BuiltIn\Administrators is still present as a Member // Then inspect BuiltIn\Administrators // Examine group for this member ;) isInRole = principal.IsInRole(windowsGroup); if (!isInRole) { isInRole = DoFallBackCheck(principal); } // if that fails, check Administrators group membership in the Warewolf Administrators group if(!isInRole) { var sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null); var windowsPrincipal = principal as WindowsPrincipal; var windowsIdentity = principal.Identity as WindowsIdentity; if(windowsPrincipal != null) { isInRole = windowsPrincipal.IsInRole(WindowsBuiltInRole.Administrator) || windowsPrincipal.IsInRole("BUILTIN\\Administrators") || windowsPrincipal.IsInRole(sid); if(windowsIdentity != null && !isInRole) { if(windowsIdentity.Groups != null) { isInRole = windowsIdentity.Groups.Any(reference => { if(reference.Value == sid.Value) { return true; } try { var identityReference = reference.Translate(typeof(NTAccount)); if(identityReference != null) { return identityReference.Value == windowsGroup; } } catch(Exception) { return false; //Complete failure } return false; }); } } } else { if(AreAdministratorsMembersOfWarewolfAdministrators.Invoke()) { // Check user's administrator membership isInRole = principal.IsInRole(sid.Value); } //Check regardless. Not installing the software can create a situation where the "Administrators" group is not part of Warewolf isInRole = principal.IsInRole(sid.Value); } } if (!isInRole) { isInRole = DoFallBackCheck(principal); } return isInRole; } } else { // THIS TRY-CATCH IS HERE TO AVOID THE EXPLORER NOT LOADING ANYTHING WHEN THE DOMAIN CANNOT BE CONTACTED! isInRole = principal.IsInRole(windowsGroup); } } // ReSharper disable EmptyGeneralCatchClause catch { } // ReSharper restore EmptyGeneralCatchClause return isInRole || p.IsBuiltInGuestsForExecution; }
public void WindowsGroupPermission_IsValid_IsServerAndWindowsGroupIsEmpty_False() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = true, WindowsGroup = string.Empty }; //------------Assert Results------------------------- Assert.IsFalse(p.IsValid); }
public void SecurityRead_Execute_WhenSecureConfigDoesExistWithNoGuestPermission_ShouldHaveExistingPermissionsAndGuest() { //------------Setup for test-------------------------- if(File.Exists("secure.config")) { File.Delete("secure.config"); } var permission = new WindowsGroupPermission { Administrator = true, IsServer = true, WindowsGroup = Environment.UserName }; var permission2 = new WindowsGroupPermission { Administrator = false, DeployFrom = false, IsServer = true, WindowsGroup = "NETWORK SERVICE" }; var windowsGroupPermissions = new List<WindowsGroupPermission> { permission, permission2 }; var securitySettings = new SecuritySettingsTO(windowsGroupPermissions) { CacheTimeout = new TimeSpan(0, 10, 0) }; var serializeObject = JsonConvert.SerializeObject(securitySettings); var securityWrite = new SecurityWrite(); var securityRead = new SecurityRead(); securityWrite.Execute(new Dictionary<string, StringBuilder> { { "SecuritySettings", new StringBuilder(serializeObject) } }, null); //------------Assert Preconditions------------------------- Assert.IsTrue(File.Exists("secure.config")); //------------Execute Test--------------------------- var jsonPermissions = securityRead.Execute(null, null); File.Delete("secure.config"); var readSecuritySettings = JsonConvert.DeserializeObject<SecuritySettingsTO>(jsonPermissions.ToString()); //------------Assert Results------------------------- Assert.AreEqual(4, readSecuritySettings.WindowsGroupPermissions.Count); var guestPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == WindowsGroupPermission.BuiltInGuestsText); Assert.IsNotNull(guestPermission); Assert.AreEqual(true, guestPermission.IsServer); Assert.AreEqual(false, guestPermission.View); Assert.AreEqual(false, guestPermission.Execute); Assert.AreEqual(false, guestPermission.Contribute); Assert.AreEqual(false, guestPermission.DeployTo); Assert.AreEqual(false, guestPermission.DeployFrom); Assert.AreEqual(false, guestPermission.Administrator); var networkServicePermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == "NETWORK SERVICE"); Assert.IsNotNull(networkServicePermission); Assert.AreEqual(true, networkServicePermission.IsServer); Assert.AreEqual(false, networkServicePermission.View); Assert.AreEqual(false, networkServicePermission.Execute); Assert.AreEqual(false, networkServicePermission.Contribute); Assert.AreEqual(false, networkServicePermission.DeployTo); Assert.AreEqual(false, networkServicePermission.DeployFrom); Assert.AreEqual(false, networkServicePermission.Administrator); var userPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == Environment.UserName); Assert.IsNotNull(userPermission); Assert.AreEqual(true, userPermission.IsServer); Assert.AreEqual(false, userPermission.View); Assert.AreEqual(false, userPermission.Execute); Assert.AreEqual(false, userPermission.Contribute); Assert.AreEqual(false, userPermission.DeployTo); Assert.AreEqual(false, userPermission.DeployFrom); Assert.AreEqual(true, userPermission.Administrator); Assert.AreEqual(new TimeSpan(0, 10, 0), readSecuritySettings.CacheTimeout); }
static void UpdateForAdministratorPermissions(WindowsGroupPermission windowsGroupPermission) { windowsGroupPermission.DeployFrom = true; windowsGroupPermission.DeployTo = true; windowsGroupPermission.Contribute = true; }
WindowsGroupPermission CreateNewPermission(bool isServer) { var permission = new WindowsGroupPermission { IsNew = true, IsServer = isServer }; RegisterPropertyChanged(permission); return permission; }
static void SwitchAdminPermissionsOff(WindowsGroupPermission windowsGroupPermission, string propertyName) { if(!windowsGroupPermission.DeployTo && propertyName == "DeployTo" || !windowsGroupPermission.DeployFrom && propertyName == "DeployFrom" || !windowsGroupPermission.Contribute && propertyName == "Contribute") { windowsGroupPermission.Administrator = false; } }
static void UpdateForContributePermissions(WindowsGroupPermission windowsGroupPermission) { windowsGroupPermission.View = true; windowsGroupPermission.Execute = true; }
static void SwitchContributePermissionsOff(WindowsGroupPermission windowsGroupPermission, string propertyName) { if(!windowsGroupPermission.View && propertyName == "View" || !windowsGroupPermission.Execute && propertyName == "Execute") { windowsGroupPermission.Contribute = false; } }
public void WindowsGroup_RemoveRow_DeleteTrue_DeletefalseEnableCellEditingTrue() { //------------Setup for test-------------------------- var p = new WindowsGroupPermission { IsDeleted = true }; //------------Execute Test--------------------------- p.RemoveRow.Execute(null); //------------Assert Results------------------------- Assert.IsFalse(p.IsDeleted); Assert.IsTrue(p.EnableCellEditing); }
public void SettingsWrite_Execute_SettingsWriteValuePassedValidJSON_ShouldDoSecurityWrite() { //------------Setup for test-------------------------- var permission = new WindowsGroupPermission { Administrator = true, IsServer = true, WindowsGroup = Environment.UserName }; var windowsGroupPermissions = new List<WindowsGroupPermission> { permission }; var settings = new Settings { Security = new SecuritySettingsTO(windowsGroupPermissions) }; var serializeObject = JsonConvert.SerializeObject(settings); var settingsWrite = new SettingsWrite(); //------------Execute Test--------------------------- StringBuilder execute = settingsWrite.Execute(new Dictionary<string, StringBuilder> { { "Settings", new StringBuilder(serializeObject) } }, null); //------------Assert Results------------------------- Assert.IsTrue(File.Exists("secure.config")); File.Delete("secure.config"); var msg = ToMsg(execute); StringAssert.Contains(msg.Message.ToString(), "Success"); }
public void WindowsGroupPermission_IsValid_IsNotServerAndWindowsGroupAndResourceNameAreNotEmpty_True() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = false, WindowsGroup = "xxx", ResourceName = "xxx" }; //------------Assert Results------------------------- Assert.IsTrue(p.IsValid); }
void Verify_Compare(int expected, ListSortDirection direction, string sortMemberPath, WindowsGroupPermission px, WindowsGroupPermission py) { //------------Setup for test------------------------- var comparer = new WindowsGroupPermissionComparer(direction, sortMemberPath); //------------Execute Test--------------------------- var result = comparer.Compare(px, py); //------------Assert Results------------------------- Assert.AreEqual(expected, result); }
public void WindowsGroupPermission_IsValid_IsNotServerAndResourceNameIsEmpty_False() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var p = new WindowsGroupPermission { IsServer = false, WindowsGroup = "xxx", ResourceName = string.Empty }; //------------Assert Results------------------------- Assert.IsFalse(p.IsValid); }
public void WindowsGroupPermissions_CanRemoveRow_WindowsGroupChanges_CanExecuteChangedFires() { //------------Setup for test-------------------------- var p = new WindowsGroupPermission { IsDeleted = false }; var hitCount=0; p.RemoveRow.CanExecuteChanged += (sender, args) => { hitCount++; }; //------------Execute Test--------------------------- p.WindowsGroup = "TestGroup"; //------------Assert Results------------------------- Assert.AreEqual(1,hitCount); }
protected virtual bool IsInRole(IPrincipal principal, WindowsGroupPermission p) { var isInRole = false; if (principal == null) { return(p.IsBuiltInGuestsForExecution); } try { // If its our admin group ( Warewolf ), we need to check membership differently // Prefixing with computer name does not work with Warewolf and IsInRole // Plain does not work with IsInRole // Hence this conditional check and divert var windowsGroup = p.WindowsGroup; if (windowsGroup == WindowsGroupPermission.BuiltInAdministratorsText) { // We need to get the group as it is local then look for principle's membership var principleName = principal.Identity.Name; if (!string.IsNullOrEmpty(principleName)) { // Examine if BuiltIn\Administrators is still present as a Member // Then inspect BuiltIn\Administrators // Examine group for this member ;) isInRole = principal.IsInRole(windowsGroup); if (!isInRole) { isInRole = DoFallBackCheck(principal); } // if that fails, check Administrators group membership in the Warewolf Administrators group if (!isInRole) { var sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null); var windowsPrincipal = principal as WindowsPrincipal; var windowsIdentity = principal.Identity as WindowsIdentity; if (windowsPrincipal != null) { isInRole = windowsPrincipal.IsInRole(WindowsBuiltInRole.Administrator) || windowsPrincipal.IsInRole("BUILTIN\\Administrators") || windowsPrincipal.IsInRole(sid); if (windowsIdentity != null && !isInRole) { if (windowsIdentity.Groups != null) { isInRole = windowsIdentity.Groups.Any(reference => { if (reference.Value == sid.Value) { return(true); } try { var identityReference = reference.Translate(typeof(NTAccount)); if (identityReference != null) { return(identityReference.Value == windowsGroup); } } catch (Exception) { return(false); //Complete failure } return(false); }); } } } else { if (AreAdministratorsMembersOfWarewolfAdministrators.Invoke()) { // Check user's administrator membership isInRole = principal.IsInRole(sid.Value); } //Check regardless. Not installing the software can create a situation where the "Administrators" group is not part of Warewolf isInRole = principal.IsInRole(sid.Value); } } if (!isInRole) { isInRole = DoFallBackCheck(principal); } return(isInRole); } } else { // THIS TRY-CATCH IS HERE TO AVOID THE EXPLORER NOT LOADING ANYTHING WHEN THE DOMAIN CANNOT BE CONTACTED! isInRole = principal.IsInRole(windowsGroup); } } // ReSharper disable EmptyGeneralCatchClause catch { } // ReSharper restore EmptyGeneralCatchClause return(isInRole || p.IsBuiltInGuestsForExecution); }
public void WindowsGroupPermissions_CanRemove_Resource_True() { //------------Setup for test-------------------------- var p = new WindowsGroupPermission { IsServer = false, ResourceID = Guid.NewGuid(), WindowsGroup = "xxx" }; //------------Execute Test--------------------------- var canRemove = p.CanRemove; //------------Assert Results------------------------- Assert.IsTrue(canRemove); }
void RegisterPropertyChanged(WindowsGroupPermission permission) { permission.PropertyChanged += OnPermissionPropertyChanged; }
public void GivenResourceHasRights(string resourceName, string resourceRights, string groupName) { var environmentModel = ScenarioContext.Current.Get<IEnvironmentModel>("environment"); EnsureEnvironmentConnected(environmentModel); var resourceRepository = environmentModel.ResourceRepository; var settings = resourceRepository.ReadSettings(environmentModel); environmentModel.ForceLoadResources(); var resourceModel = resourceRepository.FindSingle(model => model.Category.Equals(resourceName, StringComparison.InvariantCultureIgnoreCase)); Assert.IsNotNull(resourceModel, "Did not find: " + resourceName); SecPermissions resourcePermissions = SecPermissions.None; var permissionsStrings = resourceRights.Split(new[] { ", " }, StringSplitOptions.RemoveEmptyEntries); foreach(var permissionsString in permissionsStrings) { SecPermissions permission; if(Enum.TryParse(permissionsString.Replace(" ", ""), true, out permission)) { resourcePermissions |= permission; } } settings.Security.WindowsGroupPermissions.RemoveAll(permission => permission.ResourceID == resourceModel.ID); var windowsGroupPermission = new WindowsGroupPermission { WindowsGroup = groupName, ResourceID = resourceModel.ID, ResourceName = resourceName, IsServer = false, Permissions = resourcePermissions }; settings.Security.WindowsGroupPermissions.Add(windowsGroupPermission); resourceRepository.WriteSettings(environmentModel, settings); }
int QuickSortForPermissions(WindowsGroupPermission x, WindowsGroupPermission y) { var px = x; var py = y; if(px == null || py == null) { return 1; } // New items must be last // if(px.IsNew) { // px is greater than py return int.MaxValue; } if(py.IsNew) { // px is less than py return int.MinValue; } // BuiltInAdministrators must be first if(px.IsBuiltInAdministrators) { // px is less than py return int.MinValue; } if(py.IsBuiltInAdministrators) { // px is greater than py return int.MaxValue; } // IsBuiltInGuests must be second if(px.IsBuiltInGuests) { // px is less than py return int.MinValue + 1; } if(py.IsBuiltInGuests) { // px is greater than py return int.MaxValue - 1; } return 1; }
void UpdateOverridingPermission(WindowsGroupPermission windowsGroupPermission, string propertyName) { if(windowsGroupPermission == null) { return; } SwitchAdminPermissionsOff(windowsGroupPermission, propertyName); SwitchContributePermissionsOff(windowsGroupPermission, propertyName); if(windowsGroupPermission.Administrator && propertyName == "Administrator") { UpdateForAdministratorPermissions(windowsGroupPermission); } if(windowsGroupPermission.Contribute && propertyName == "Contribute") { UpdateForContributePermissions(windowsGroupPermission); } }