private regkeyeffectiverights_item CreateItemTypeFromWinACE(object collectedData, string regHive, string regKey, string collectedSid)
{
WMIWinACE systemData = (WMIWinACE)collectedData;
return(new regkeyeffectiverights_item()
{
status = StatusEnumeration.exists,
hive = new EntityItemRegistryHiveType()
{
Value = regHive
},
key = OvalHelper.CreateItemEntityWithStringValue(regKey),
trustee_sid = OvalHelper.CreateItemEntityWithStringValue(collectedSid),
access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.ACCESS_SYSTEM_SECURITY),
standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.DELETE),
standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.READ_CONTROL),
standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.SYNCHRONIZE),
standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.WRITE_DAC),
standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.WRITE_OWNER),
generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_ALL),
generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_EXECUTE),
generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_READ),
generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_WRITE),
key_create_link = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_CREATE_LINK),
key_create_sub_key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_CREATE_SUB_KEY),
key_enumerate_sub_keys = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_ENUMERATE_SUB_KEYS),
key_notify = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_NOTIFY),
key_query_value = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_QUERY_VALUE),
key_set_value = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_SET_VALUE),
key_wow64_32key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_WOW64_32KEY),
key_wow64_64key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_WOW64_64KEY)
});
}
public void FillItemTypeWithData(user_sid_item userSidToFill, object collectedData)
{
var allUserGroupSIDs = ((WindowsUserAccount)collectedData).GroupSIDs;
userSidToFill.enabled = OvalHelper.CreateBooleanEntityItemFromBoolValue(((WindowsUserAccount)collectedData).UserEnabled);
userSidToFill.group_sid = new EntityItemStringType[allUserGroupSIDs.Count];
for (int i = 0; i < allUserGroupSIDs.Count; i++)
{
var newGroupSIDEntity = OvalHelper.CreateItemEntityWithStringValue(allUserGroupSIDs[i]);
userSidToFill.group_sid[i] = newGroupSIDEntity;
}
}
private user_sid_item CreateCollectedUserItem(string userSID, bool?userEnabled, IEnumerable <string> groupSIDs)
{
var groupEntities = groupSIDs.Select(group => new EntityItemStringType()
{
Value = group
});
return(new user_sid_item()
{
status = StatusEnumeration.exists,
user_sid = OvalHelper.CreateItemEntityWithStringValue(userSID),
enabled = OvalHelper.CreateBooleanEntityItemFromBoolValue((bool)userEnabled),
group_sid = groupEntities.ToArray()
});
}
private user_item CreateUserItem(StatusEnumeration itemStatus)
{
var newUserItem =
new user_item()
{
status = itemStatus,
user = OvalHelper.CreateItemEntityWithStringValue(EVERYONE_USER)
};
if (itemStatus.Equals(StatusEnumeration.exists))
{
newUserItem.enabled = OvalHelper.CreateBooleanEntityItemFromBoolValue(true);
newUserItem.group = new EntityItemStringType[] { OvalHelper.CreateItemEntityWithStringValue("g1") };
}
return(newUserItem);
}
private void FillCollectedItemFromUserWinACEs(
fileeffectiverights_item fileEffectiveRightsItem,
object managementWinACEs)
{
var userTrusteeName = fileEffectiveRightsItem.trustee_name.Value;
var daclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
var userDACLs = daclDisassembler.GetSecurityDescriptorsFromManagementObject(managementWinACEs, userTrusteeName, this.WmiDataProvider);
var userEffectiveRights = this.CalculateUserEffectiveRightsForItem(userDACLs);
if (userEffectiveRights == null)
{
throw new UserNotFoundException();
}
this.AdjustGenericRights(userEffectiveRights);
fileEffectiveRightsItem.trustee_name = null;
fileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(userEffectiveRights.Trustee.SIDString);
#region Setting File Effective Rights Entities
fileEffectiveRightsItem.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.ACCESS_SYSTEM_SECURITY);
fileEffectiveRightsItem.file_append_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_APPEND_DATA);
fileEffectiveRightsItem.file_delete_child = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_DELETE_CHILD);
fileEffectiveRightsItem.file_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_EXECUTE);
fileEffectiveRightsItem.file_read_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_ATTRIBUTES);
fileEffectiveRightsItem.file_read_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_DATA);
fileEffectiveRightsItem.file_read_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_EA);
fileEffectiveRightsItem.file_write_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_ATTRIBUTES);
fileEffectiveRightsItem.file_write_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_DATA);
fileEffectiveRightsItem.file_write_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_EA);
fileEffectiveRightsItem.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_ALL);
fileEffectiveRightsItem.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_EXECUTE);
fileEffectiveRightsItem.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_READ);
fileEffectiveRightsItem.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_WRITE);
fileEffectiveRightsItem.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.DELETE);
fileEffectiveRightsItem.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.READ_CONTROL);
fileEffectiveRightsItem.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.SYNCHRONIZE);
fileEffectiveRightsItem.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_DAC);
fileEffectiveRightsItem.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_OWNER);
#endregion
}
protected override IEnumerable <CollectedItem> collectDataForSystemItem(ItemType systemItem)
{
if (systemItem.status.Equals(StatusEnumeration.notcollected))
{
var userToBeCollected = ((user_item)systemItem).user.Value;
try
{
var collectedUser = this.WindowsAccountProvider.GetUserByName(userToBeCollected);
systemItem = new user_item()
{
status = StatusEnumeration.exists,
user = OvalHelper.CreateItemEntityWithStringValue(collectedUser.Name),
enabled = OvalHelper.CreateBooleanEntityItemFromBoolValue((bool)collectedUser.Enabled),
};
var userGroups = this.WindowsAccountProvider.GetUserGroups(userToBeCollected, AccountSearchReturnType.Name);
if (userGroups.Count() > 0)
{
((user_item)systemItem).group = userGroups.Select(grp => new EntityItemStringType()
{
Value = grp
}).ToArray();
}
else
{
((user_item)systemItem).group = new EntityItemStringType[] { new EntityItemStringType()
{
status = StatusEnumeration.doesnotexist
} }
};
}
catch (WindowsUserNotFound)
{
systemItem.status = StatusEnumeration.doesnotexist;
((user_item)systemItem).user.status = systemItem.status;
}
}
return(new ItemTypeHelper().CreateCollectedItemsWithOneItem(systemItem, BuildExecutionLog()));
}
protected override IEnumerable <CollectedItem> collectDataForSystemItem(Modulo.Collect.OVAL.SystemCharacteristics.ItemType systemItem)
{
var fileItem = (file_item)systemItem;
try
{
var completeFilepath = GetCompleteFilepath(fileItem);
var collectedVariableValue = this.TryToCollectFile(completeFilepath);
var shortFileTime = this.ToShortFileTime(collectedVariableValue.LastModified);
fileItem.m_time = OvalHelper.CreateItemEntityWithIntegerValue(shortFileTime);
fileItem.filepath = OvalHelper.CreateItemEntityWithStringValue(completeFilepath);
fileItem.size = OvalHelper.CreateItemEntityWithIntegerValue(collectedVariableValue.FileSize.ToString());
fileItem.type = OvalHelper.CreateItemEntityWithStringValue(collectedVariableValue.FileType);
fileItem.suid = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0800) != 0);
fileItem.sgid = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0400) != 0);
fileItem.sticky = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0200) != 0);
fileItem.uread = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0100) != 0);
fileItem.uwrite = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0080) != 0);
fileItem.uexec = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0040) != 0);
fileItem.gread = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0020) != 0);
fileItem.gwrite = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0010) != 0);
fileItem.gexec = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0008) != 0);
fileItem.oread = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0004) != 0);
fileItem.owrite = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0002) != 0);
fileItem.oexec = OvalHelper.CreateBooleanEntityItemFromBoolValue((collectedVariableValue.Mode & 0x0001) != 0);
fileItem.group_id = OvalHelper.CreateItemEntityWithIntegerValue(collectedVariableValue.Group);
fileItem.user_id = OvalHelper.CreateItemEntityWithIntegerValue(collectedVariableValue.Owner);
}
catch (FileNotExistsException)
{
base.SetDoesNotExistStatusForItemType(systemItem, String.Format("{0}/{1}", fileItem.path.Value, fileItem.filename.Value));
}
return(new ItemTypeHelper().CreateCollectedItemsWithOneItem(systemItem, BuildExecutionLog()));
}
private ItemType CreateUserItemFromWindowsAccount(WindowsAccount windowsAccount)
{
var groups = new EntityItemStringType[] { new EntityItemStringType()
{
status = StatusEnumeration.doesnotexist
} };
if (windowsAccount.Members.HasItems())
{
groups = windowsAccount.Members.Select(g => new EntityItemStringType()
{
Value = g.Name
}).ToArray();
}
return(new user_item()
{
status = StatusEnumeration.exists,
user = OvalHelper.CreateItemEntityWithStringValue(windowsAccount.Name),
enabled = OvalHelper.CreateBooleanEntityItemFromBoolValue(windowsAccount.Enabled),
group = groups
});
}
protected override IEnumerable <CollectedItem> collectDataForSystemItem(ItemType systemItem)
{
this.CreateRunLevelsCollectorInstance();
var runLevelItem = (runlevel_item)systemItem;
try
{
var collectedVariableValue = this.TryToCollectRunLevel(runLevelItem.service_name.Value, runLevelItem.runlevel.Value);
runLevelItem.start = OvalHelper.CreateBooleanEntityItemFromBoolValue(collectedVariableValue.Start);
runLevelItem.kill = OvalHelper.CreateBooleanEntityItemFromBoolValue(collectedVariableValue.Kill);
}
catch (ServiceNotExistsException)
{
base.SetDoesNotExistStatusForItemType(systemItem, runLevelItem.service_name.Value);
}
catch (NoRunLevelDataException)
{
base.SetDoesNotExistStatusForItemType(systemItem, "AnyRunLevelDataAtAll");
}
return(new ItemTypeHelper().CreateCollectedItemsWithOneItem(runLevelItem, BuildExecutionLog()));
}
protected override IEnumerable <CollectedItem> collectDataForSystemItem(ItemType systemItem)
{
if (systemItem.status.Equals(StatusEnumeration.notcollected))
{
var userSIDItem = ((user_sid_item)systemItem);
try
{
var allUsers = this.WindowsAccountProvider.GetAllGroupByUsers();
var userSidValue = userSIDItem.user_sid.Value;
var collectedUserItem = allUsers.Where(user => user.AccountSID.Equals(userSidValue)).FirstOrDefault();
if (collectedUserItem == null)
{
throw new UserSIDNotFoundException(userSidValue);
}
systemItem.status = StatusEnumeration.exists;
userSIDItem.enabled = OvalHelper.CreateBooleanEntityItemFromBoolValue((bool)collectedUserItem.Enabled);
userSIDItem.group_sid = new EntityItemStringType[] { new EntityItemStringType()
{
status = StatusEnumeration.doesnotexist
} };
if ((collectedUserItem.Members != null) && (collectedUserItem.Members.Count() > 0))
{
userSIDItem.group_sid =
collectedUserItem.Members.Select(grp => OvalHelper.CreateItemEntityWithStringValue(grp.AccountSID)).ToArray();
}
}
catch (UserSIDNotFoundException)
{
SetDoesNotExistStatusForItemType(systemItem, userSIDItem.user_sid.Value);
((user_sid_item)systemItem).user_sid.status = StatusEnumeration.doesnotexist;
}
}
return(new ItemTypeHelper().CreateCollectedItemsWithOneItem(systemItem, BuildExecutionLog()));
}
public override void FillItemTypeWithData(object collectedData)
{
WMIWinACE systemData = (WMIWinACE)collectedData;
regkeyeffectiverights_item buildingItemType = (regkeyeffectiverights_item)base.BuildingItemType;
buildingItemType.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.ACCESS_SYSTEM_SECURITY);
buildingItemType.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.DELETE);
buildingItemType.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.READ_CONTROL);
buildingItemType.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.SYNCHRONIZE);
buildingItemType.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.WRITE_DAC);
buildingItemType.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.WRITE_OWNER);
buildingItemType.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_ALL);
buildingItemType.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_EXECUTE);
buildingItemType.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_READ);
buildingItemType.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_WRITE);
buildingItemType.key_create_link = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_CREATE_LINK);
buildingItemType.key_create_sub_key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_CREATE_SUB_KEY);
buildingItemType.key_enumerate_sub_keys = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_ENUMERATE_SUB_KEYS);
buildingItemType.key_notify = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_NOTIFY);
buildingItemType.key_query_value = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_QUERY_VALUE);
buildingItemType.key_set_value = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_SET_VALUE);
buildingItemType.key_wow64_32key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_WOW64_32KEY);
buildingItemType.key_wow64_64key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_WOW64_64KEY);
}
private EntityItemBoolType CreateFalseEntityItem()
{
return(OvalHelper.CreateBooleanEntityItemFromBoolValue(false));
}
private EntityItemBoolType CreateTrueEntityItem()
{
return(OvalHelper.CreateBooleanEntityItemFromBoolValue(true));
}
private void MapDomainPasswrodInformationToPasswordPolicyItemType(passwordpolicy_item passwordItemType, PasswordPolicySamServer.DomainPasswordInformation?passwordInfo)
{
passwordItemType.password_complexity = OvalHelper.CreateBooleanEntityItemFromBoolValue(passwordInfo.HasValue? (bool?)passwordInfo.Value.PasswordComplex: null);
passwordItemType.reversible_encryption = OvalHelper.CreateBooleanEntityItemFromBoolValue(passwordInfo.HasValue ? (bool?)passwordInfo.Value.PasswordReversibleEncryption : null);
}