public void SetAuditRule_Succeeds()
{
var auditRuleAppendData = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.AppendData, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount,
FileSystemRights.CreateFiles, AuditFlags.Failure);
var auditRuleDelete = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Delete, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.AddAuditRule(auditRuleAppendData);
fileSecurity.SetAuditRule(auditRuleDelete);
var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(2, auditRules.Count);
var firstAuditRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), firstAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights);
var secondAuditRule = (FileSystemAuditRule)auditRules[1];
Assert.Equal(Helpers.s_NetworkServiceNTAccount, secondAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights);
}
public void SetAuditRule_Succeeds()
{
var auditRuleAppendData = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.AppendData, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service",
FileSystemRights.CreateFiles, AuditFlags.Failure);
var auditRuleDelete = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Delete, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.AddAuditRule(auditRuleAppendData);
fileSecurity.SetAuditRule(auditRuleDelete);
var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(2, auditRules.Count);
var firstAuditRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), firstAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights);
var secondAuditRule = (FileSystemAuditRule)auditRules[1];
Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), secondAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights);
}
public FileSystemSecurity GetSecurity(AccessControlSections sections)
{
lock (Lock) {
FileSecurity security = new FileSecurity();
if ((sections & AccessControlSections.Owner) != 0)
{
security.SetOwner(_file.Owner);
}
if ((sections & AccessControlSections.Group) != 0)
{
security.SetGroup(_file.Group);
}
if ((sections & AccessControlSections.Access) != 0)
{
foreach (var r in _fileSystem.GetAccessRules(_file))
{
security.AddAccessRule(
new FileSystemAccessRule(r.IdentityReference, r.FileSystemRights, r.InheritanceFlags, r.PropagationFlags, r.AccessControlType));
}
}
if ((sections & AccessControlSections.Audit) != 0)
{
foreach (var r in _fileSystem.GetAuditRules(_file))
{
security.AddAuditRule(
new FileSystemAuditRule(r.IdentityReference, r.FileSystemRights, r.InheritanceFlags, r.PropagationFlags, r.AuditFlags));
}
}
return(security);
}
}
public void RemoveAuditRuleSpecific_Succeeds()
{
var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount,
FileSystemRights.Read, AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleReadWrite);
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.RemoveAuditRuleSpecific(auditRuleReadWrite);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingAuditRule = (FileSystemAuditRule)rules[0];
Assert.Equal(Helpers.s_NetworkServiceNTAccount, existingAuditRule.IdentityReference);
Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags);
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileAuditRule(string FileName, string Account, FileSystemRights Rights, AuditFlags AuditRule)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(FileName);
// Add the FileSystemAuditRule to the security settings.
fSecurity.AddAuditRule(new FileSystemAuditRule(Account,
Rights,
AuditRule));
// Set the new access settings.
File.SetAccessControl(FileName, fSecurity);
}
public void RemoveAuditRuleAll_Succeeds()
{
var auditRuleAppend = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData,
AuditFlags.Success);
var auditRuleWrite = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Write, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service",
FileSystemRights.Read, AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleAppend);
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.RemoveAuditRuleAll(auditRuleWrite);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingAuditRule = (FileSystemAuditRule)rules[0];
Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), existingAuditRule.IdentityReference);
Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags);
}
public static void AddFileAuditRule(string fileName, string Account, FileSystemRights Rights, AuditFlags AuditRule)
{
FileInfo fi = new FileInfo(fileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fi.GetAccessControl();
// Add the FileSystemAuditRule to the security settings.
fSecurity.AddAuditRule(new FileSystemAuditRule(Account,
Rights,
AuditRule));
fi.SetAccessControl(fSecurity);
}
public void RemoveAuditRuleSpecific_NoMatchingRules_Succeeds()
{
var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleReadWrite);
fileSecurity.RemoveAuditRuleSpecific(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write, AuditFlags.Success));
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Write | FileSystemRights.Read, existingRule.FileSystemRights);
}
public void AddAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.AppendData, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection auditRules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, auditRules.Count);
var actualAddedRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(Helpers.s_LocalSystemNTAccount, actualAddedRule.IdentityReference);
Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags);
Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights);
}
public void AddAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.AppendData, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection auditRules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, auditRules.Count);
var actualAddedRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), actualAddedRule.IdentityReference);
Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags);
Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights);
}
public void RemoveAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Read | FileSystemRights.Write,
AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write, AuditFlags.Failure)));
rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags);
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), existingRule.IdentityReference);
}
public void RemoveAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Read | FileSystemRights.Write,
AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Write, AuditFlags.Failure)));
rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags);
Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), existingRule.IdentityReference);
}
