Exemplo n.º 1
0
        public static void BasicValidationTestCases()
        {
            RawAcl     rawAcl   = null;
            GenericAce gAce     = null;
            byte       revision = 0;
            int        capacity = 0;
            string     sid      = "BA";

            //case 1, empty RawAcl, binarylength should be 8
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            Assert.True(8 == rawAcl.BinaryLength);

            //case 2, RawAcl with one Ace, binarylength should be 8 + the Ace's binarylength
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            gAce     = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            Assert.True(8 + gAce.BinaryLength == rawAcl.BinaryLength);

            //case 3, RawAcl with two Aces
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            gAce     = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 2, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            Assert.True(8 + rawAcl[0].BinaryLength + rawAcl[1].BinaryLength == rawAcl.BinaryLength);
        }
Exemplo n.º 2
0
        public static void BasicValidationTestCases()
        {
            GenericAce gAce = null;
            RawAcl     rAcl = null;

            GenericAce[] gAces = null;

            // Case 1, when collection is actually empty
            rAcl  = new RawAcl(1, 1);
            gAces = new GenericAce[rAcl.Count];
            rAcl.CopyTo(gAces, 0);

            // Case 2, collection has one ACE
            rAcl = new RawAcl(0, 1);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rAcl.InsertAce(0, gAce);
            gAces = new GenericAce[rAcl.Count];
            rAcl.CopyTo(gAces, 0);

            //Case 3, index = 3
            rAcl = new RawAcl(0, 1);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BO")), false, null);
            rAcl.InsertAce(0, gAce);
            gAces = new GenericAce[rAcl.Count + 5];
            //initialize to null
            for (int i = 0; i < gAces.Length; i++)
            {
                gAces[i] = null;
            }
            rAcl.CopyTo(gAces, 3);
        }
Exemplo n.º 3
0
        public static void BasicValidationTestCases()
        {
            RawAcl rawAcl = null;
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            string sid = "BA";

            //case 1, empty RawAcl, binarylength should be 8
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            Assert.True(8 == rawAcl.BinaryLength);

            //case 2, RawAcl with one Ace, binarylength should be 8 + the Ace's binarylength
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            Assert.True(8 + gAce.BinaryLength == rawAcl.BinaryLength);

            //case 3, RawAcl with two Aces
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 2, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            Assert.True(8 + rawAcl[0].BinaryLength + rawAcl[1].BinaryLength == rawAcl.BinaryLength);
        }
Exemplo n.º 4
0
        public static void BasicValidationTestCases()
        {
            RawAcl rawAcl = null;
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            string sid = "BA";

            //case 1, empty RawAcl
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            Assert.True(0 == rawAcl.Count);


            //case 2, RawAcl with one Ace
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            Assert.True(1 == rawAcl.Count);

            //case 3, RawAcl with two Aces
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 2, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            Assert.True(2 == rawAcl.Count);
        }
Exemplo n.º 5
0
        public static void BasicValidationTestCases()
        {
            RawAcl     rawAcl   = null;
            GenericAce gAce     = null;
            byte       revision = 0;
            int        capacity = 0;
            string     sid      = "BA";

            //case 1, empty RawAcl
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            Assert.True(0 == rawAcl.Count);


            //case 2, RawAcl with one Ace
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            gAce     = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            Assert.True(1 == rawAcl.Count);

            //case 3, RawAcl with two Aces
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            gAce     = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 2, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            Assert.True(2 == rawAcl.Count);
        }
        private RawSecurityDescriptor ApplyAcesToTargetSecurityDescriptor(RawSecurityDescriptor targetSd, List <GenericAce> sourceAces)
        {
            List <GenericAce> list = new List <GenericAce>();

            foreach (GenericAce genericAce in targetSd.DiscretionaryAcl)
            {
                SecurityIdentifier sidFromAce = TenantRelocationSecurityDescriptorHandler.GetSidFromAce(genericAce);
                if (!(sidFromAce == null))
                {
                    SecurityIdentifier accountDomainSid = sidFromAce.AccountDomainSid;
                    if (sidFromAce.IsAccountSid() && !accountDomainSid.Equals(this.targetDomainSid))
                    {
                        ExTraceGlobals.TenantRelocationTracer.TraceDebug <string>((long)this.GetHashCode(), "ApplyAcesToTargetSecurityDescriptor: customized SID found {0} on target object, removed.", sidFromAce.ToString());
                    }
                    else
                    {
                        list.Add(genericAce);
                    }
                }
            }
            RawAcl rawAcl = new RawAcl(targetSd.DiscretionaryAcl.Revision, list.Count + sourceAces.Count);
            int    num    = 0;

            foreach (GenericAce ace in list)
            {
                rawAcl.InsertAce(num++, ace);
            }
            foreach (GenericAce ace2 in sourceAces)
            {
                rawAcl.InsertAce(num++, ace2);
            }
            targetSd.DiscretionaryAcl = rawAcl;
            return(targetSd);
        }
Exemplo n.º 7
0
        public static void BasicValidationTestCases()
        {
            GenericAce gAce = null;
            RawAcl rAcl = null;
            GenericAce[] gAces = null;

            // Case 1, when collection is actually empty
            rAcl = new RawAcl(1, 1);
            gAces = new GenericAce[rAcl.Count];
            rAcl.CopyTo(gAces, 0);

            // Case 2, collection has one ACE
            rAcl = new RawAcl(0, 1);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rAcl.InsertAce(0, gAce);
            gAces = new GenericAce[rAcl.Count];
            rAcl.CopyTo(gAces, 0);

            //Case 3, index = 3
            rAcl = new RawAcl(0, 1);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BO")), false, null);
            rAcl.InsertAce(0, gAce);
            gAces = new GenericAce[rAcl.Count + 5];
            //initialize to null
            for (int i = 0; i < gAces.Length; i++)
                gAces[i] = null;
            rAcl.CopyTo(gAces, 3);
        }
Exemplo n.º 8
0
        public static void AdditionalTestCases()
        {
            RawAcl     rawAcl     = null;
            GenericAce genericAce = null;
            string     owner      = null;
            int        index      = 0;


            // case 1, no ACE, insert at index -1

            Assert.Throws <ArgumentOutOfRangeException>(() =>
            {
                rawAcl     = new RawAcl(1, 1);
                index      = -1;
                owner      = "BA";
                genericAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                rawAcl.InsertAce(index, genericAce);
            });


            //case 2, no ACE, insert at  index Count + 1

            Assert.Throws <ArgumentOutOfRangeException>(() =>
            {
                rawAcl     = new RawAcl(1, 1);
                index      = rawAcl.Count + 1;
                genericAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                rawAcl.InsertAce(index, genericAce);
            });

            //case 3, one ACE, insert null ACE

            Assert.Throws <ArgumentNullException>(() =>
            {
                rawAcl     = new RawAcl(1, 1);
                index      = 0;
                owner      = "BA";
                genericAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                rawAcl.InsertAce(index, genericAce);
                genericAce = null;
                rawAcl.InsertAce(index, genericAce);
            });
            //case 4, insert a big Ace to make RawAcl of length 64K + 1. RawAcl length = HeaderLength + all ACE's  length
            // = HeaderLength + (HeaderLength + OpaqueLength) * num_of_custom_ace
            // = 8 + ( 4 + OpaqueLength) * num_of_custom_ace

            Assert.Throws <OverflowException>(() =>
            {
                rawAcl          = new RawAcl(1, 1);
                byte[] opaque   = new byte[GenericAcl.MaxBinaryLength + 1 - 8 - 4];
                GenericAce gAce = new CustomAce(AceType.MaxDefinedAceType + 1, (AceFlags)223, opaque);
                rawAcl.InsertAce(0, gAce);
            });
        }
        public static void AceCount_BasicValidation()
        {
            RawAcl rawAcl = null;
            GenericAce gAce = null;
            DiscretionaryAcl discretionaryAcl = null;
            bool isContainer = false;
            bool isDS = false;
            byte revision = 0;
            int capacity = 0;
            string sid = "BG";

            //case 1, empty DiscretionaryAcl
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(0 == discretionaryAcl.Count);

            //case 2, DiscretionaryAcl with one Ace
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(1 == discretionaryAcl.Count);

            //case 3, DiscretionaryAcl with two Aces
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //223 has all AceFlags
            gAce = new CommonAce((AceFlags)223, AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 2,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(2 == discretionaryAcl.Count);

        }
Exemplo n.º 10
0
        static CommonSecurityDescriptor ProtectionPreserveInheritanceIgnoredUnlessProtectedTrueDescriptor()
        {
            SecurityIdentifier sid = new SecurityIdentifier("WD");

            RawAcl acl = new RawAcl(GenericAcl.AclRevision, 1);

            acl.InsertAce(0, new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 1, sid, false, null));
            acl.InsertAce(1, new CommonAce(AceFlags.Inherited, AceQualifier.AccessAllowed, 1, sid, false, null));

            CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
                                                      (false, false, ControlFlags.None, null, null, null, null);

            descriptor.DiscretionaryAcl = new DiscretionaryAcl(false, false, acl);
            return(descriptor);
        }
        public static void AceCount_BasicValidation()
        {
            RawAcl           rawAcl           = null;
            GenericAce       gAce             = null;
            DiscretionaryAcl discretionaryAcl = null;
            bool             isContainer      = false;
            bool             isDS             = false;
            byte             revision         = 0;
            int    capacity = 0;
            string sid      = "BG";

            //case 1, empty DiscretionaryAcl
            revision         = 0;
            capacity         = 1;
            rawAcl           = new RawAcl(revision, capacity);
            isContainer      = false;
            isDS             = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(0 == discretionaryAcl.Count);

            //case 2, DiscretionaryAcl with one Ace
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            gAce     = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
                                     new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer      = false;
            isDS             = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(1 == discretionaryAcl.Count);

            //case 3, DiscretionaryAcl with two Aces
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            //223 has all AceFlags
            gAce = new CommonAce((AceFlags)223, AceQualifier.AccessAllowed, 1,
                                 new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 2,
                                 new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer      = true;
            isDS             = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(2 == discretionaryAcl.Count);
        }
        public static void AdditionalTestCases()
        {
            RawAcl     rawAcl    = null;
            SystemAcl  systemAcl = null;
            GenericAce gAce      = null;
            byte       revision  = 0;
            int        capacity  = 0;
            string     sid       = "BA";

            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)).ToString();
            int expectedLength = 0;

            //case 1, SystemAcl with huge number of Aces
            revision       = 0;
            capacity       = 1;
            rawAcl         = new RawAcl(revision, capacity);
            expectedLength = 8;
            for (int i = 0; i < 1820; i++)
            {
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + i.ToString())), false, null);
                rawAcl.InsertAce(0, gAce);
                expectedLength += gAce.BinaryLength;
            }
            systemAcl = new SystemAcl(false, false, rawAcl);
            Assert.True(expectedLength == systemAcl.BinaryLength);
        }
        public static void AceCount_AdditionalTests()
        {
            RawAcl           rawAcl           = null;
            GenericAce       gAce             = null;
            byte             revision         = 0;
            int              capacity         = 0;
            string           sid              = "BG";
            DiscretionaryAcl discretionaryAcl = null;
            bool             isContainer      = false;
            bool             isDS             = false;

            //case 1, DiscretionaryAcl with huge number of Aces
            revision = 0;
            capacity = 1;
            sid      = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)).ToString();
            rawAcl   = new RawAcl(revision, capacity);
            for (int i = 0; i < 1820; i++)
            {
                gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, i + 1,
                                     new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + i.ToString())), false, null);
                rawAcl.InsertAce(0, gAce);
            }
            isContainer      = true;
            isDS             = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(1820 == discretionaryAcl.Count);
        }
Exemplo n.º 14
0
        public static void AdditionalTestCases()
        {
            RawAcl     rawAcl      = null;
            GenericAce gAce        = null;
            byte       revision    = 0;
            int        capacity    = 0;
            string     sid         = "BA";
            SystemAcl  systemAcl   = null;
            bool       isContainer = false;
            bool       isDS        = false;

            //case 1, SysemAcl with huge number of Aces
            revision = 0;
            capacity = 1;
            sid      = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)).ToString();
            rawAcl   = new RawAcl(revision, capacity);
            for (int i = 0; i < 1820; i++)
            {
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + i.ToString())), false, null);
                rawAcl.InsertAce(0, gAce);
            }
            isContainer = true;
            isDS        = false;
            systemAcl   = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(1820 == systemAcl.Count);
        }
Exemplo n.º 15
0
        public static void AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            string sid = "BA";
            SystemAcl systemAcl = null;
            bool isContainer = false;
            bool isDS = false;

            //case 1, SysemAcl with huge number of Aces
            revision = 0;
            capacity = 1;
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)).ToString();
            rawAcl = new RawAcl(revision, capacity);
            for (int i = 0; i < 1820; i++)
            {
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + i.ToString())), false, null);
                rawAcl.InsertAce(0, gAce);
            }
            isContainer = true;
            isDS = false;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(1820 == systemAcl.Count);
        }
 internal void Initialize()
 {
     try
     {
         if (!System.Workflow.Runtime.DebugEngine.NativeMethods.RevertToSelf())
         {
             Marshal.ThrowExceptionForHR(Marshal.GetHRForLastWin32Error());
         }
         RawAcl    currentProcessTokenDacl = this.GetCurrentProcessTokenDacl();
         CommonAce newAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 8, new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), false, null);
         int       index  = this.FindIndexInDacl(newAce, currentProcessTokenDacl);
         if (index != -1)
         {
             currentProcessTokenDacl.InsertAce(index, newAce);
         }
         this.SetCurrentProcessTokenDacl(currentProcessTokenDacl);
     }
     catch (Exception exception)
     {
         if (this.exceptionNotification != null)
         {
             this.exceptionNotification(exception);
         }
     }
 }
Exemplo n.º 17
0
        private static RawAcl InheritAcl(RawAcl parentAcl, bool isContainer)
        {
            AceFlags inheritTest = isContainer ? AceFlags.ContainerInherit : AceFlags.ObjectInherit;

            RawAcl newAcl = null;

            if (parentAcl != null)
            {
                newAcl = new RawAcl(parentAcl.Revision, parentAcl.Count);
                foreach (GenericAce ace in parentAcl)
                {
                    if ((ace.AceFlags & inheritTest) != 0)
                    {
                        GenericAce newAce = ace.Copy();

                        AceFlags newFlags = ace.AceFlags;
                        if ((newFlags & AceFlags.NoPropagateInherit) != 0)
                        {
                            newFlags &= ~(AceFlags.ContainerInherit | AceFlags.ObjectInherit | AceFlags.NoPropagateInherit);
                        }

                        newFlags &= ~AceFlags.InheritOnly;
                        newFlags |= AceFlags.Inherited;

                        newAce.AceFlags = newFlags;
                        newAcl.InsertAce(newAcl.Count, newAce);
                    }
                }
            }
            return(newAcl);
        }
        // Token: 0x06000B6C RID: 2924 RVA: 0x00034E28 File Offset: 0x00033028
        internal static RawSecurityDescriptor RemoveInheritedACEs(RawSecurityDescriptor sd)
        {
            if (sd == null)
            {
                return(null);
            }
            RawAcl discretionaryAcl = sd.DiscretionaryAcl;
            bool   flag             = false;

            foreach (GenericAce genericAce in discretionaryAcl)
            {
                if ((byte)(genericAce.AceFlags & AceFlags.Inherited) == 16)
                {
                    flag = true;
                    break;
                }
            }
            if (!flag)
            {
                return(sd);
            }
            RawAcl rawAcl = new RawAcl(discretionaryAcl.Revision, 0);

            foreach (GenericAce genericAce2 in discretionaryAcl)
            {
                if ((byte)(genericAce2.AceFlags & AceFlags.Inherited) != 16)
                {
                    rawAcl.InsertAce(rawAcl.Count, genericAce2);
                }
            }
            return(new RawSecurityDescriptor(sd.ControlFlags, sd.Owner, sd.Group, sd.SystemAcl, rawAcl));
        }
Exemplo n.º 19
0
        public void AddAccessFailsOnNonCanonical()
        {
            SecurityIdentifier sid = new SecurityIdentifier("BU");

            RawAcl acl = new RawAcl(RawAcl.AclRevision, 0);

            acl.InsertAce(0, new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, sid, false, null));
            acl.InsertAce(1, new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 1, sid, false, null));

            DiscretionaryAcl dacl = new DiscretionaryAcl(false, false, acl);

            Assert.IsFalse(dacl.IsCanonical);
            Assert.AreEqual(2, dacl.Count);

            dacl.AddAccess(AccessControlType.Allow, sid, 1, InheritanceFlags.None, PropagationFlags.None);
        }
        public void GetBinaryForm()
        {
            RawAcl acl = new RawAcl(1, 0);

            byte[] buffer = new byte[acl.BinaryLength];
            acl.GetBinaryForm(buffer, 0);
            byte[] sdBinary = new byte[] { 0x01, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00 };
            Assert.AreEqual(sdBinary, buffer);


            SecurityIdentifier builtInAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
            CommonAce          ace           = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 0x7FFFFFFF, builtInAdmins, false, null);

            acl.InsertAce(0, ace);
            buffer = new byte[acl.BinaryLength];
            acl.GetBinaryForm(buffer, 0);
            sdBinary = new byte[]
            {
                0x01, 0x00, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
                0x18, 0x00, 0xFF, 0xFF, 0xFF, 0x7F, 0x01, 0x02, 0x00, 0x00,
                0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02,
                0x00, 0x00
            };
            Assert.AreEqual(sdBinary, buffer);
        }
Exemplo n.º 21
0
        public static void BinaryLength_AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            string sid = "BG";
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)).ToString();
            int expectedLength = 0;

            //case 1, DiscretionaryAcl with huge number of Aces
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            expectedLength = 8;

            for (int i = 0; i < 1820; i++)
            {
                gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, i + 1,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + i.ToString())), false, null);
                rawAcl.InsertAce(0, gAce);
                expectedLength += gAce.BinaryLength;
            }
            discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
            Assert.True(expectedLength == discretionaryAcl.BinaryLength);

        }
Exemplo n.º 22
0
        public static void AceCount_AdditionalTests()
        {
            RawAcl rawAcl = null;
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            string sid = "BG";
            DiscretionaryAcl discretionaryAcl = null;
            bool isContainer = false;
            bool isDS = false;

            //case 1, DiscretionaryAcl with huge number of Aces
            revision = 0;
            capacity = 1;
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)).ToString();
            rawAcl = new RawAcl(revision, capacity);
            for (int i = 0; i < 1820; i++)
            {
                gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, i + 1,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + i.ToString())), false, null);
                rawAcl.InsertAce(0, gAce);
            }
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(1820 == discretionaryAcl.Count);

        }
Exemplo n.º 23
0
        private void BuildSecurityDescriptor()
        {
            Fx.Assert((null == securityDescriptor), "SecurityDescriptor must be NULL");

            NTAccount          name;
            SecurityIdentifier sid;
            CommonAce          ace;
            RawAcl             acl = new RawAcl(GenericAcl.AclRevision, 1);
            int index = 0;

            if (operationRoleMembers != null)
            {
                foreach (string userName in operationRoleMembers)
                {
                    name = new NTAccount(userName);
                    sid  = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
                    ace  = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
                    acl.InsertAce(index, ace);
                    index++;
                }
            }
            if (contractRoleMembers != null)
            {
                foreach (string userName in contractRoleMembers)
                {
                    name = new NTAccount(userName);
                    sid  = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
                    ace  = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
                    acl.InsertAce(index, ace);
                    index++;
                }
            }
            if (serviceRoleMembers != null)
            {
                foreach (string userName in serviceRoleMembers)
                {
                    name = new NTAccount(userName);
                    sid  = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
                    ace  = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
                    acl.InsertAce(index, ace);
                    index++;
                }
            }
            DiscretionaryAcl dacl = new DiscretionaryAcl(true, false, acl);

            securityDescriptor = new CommonSecurityDescriptor(true, false, ControlFlags.DiscretionaryAclPresent, sidAdministrators, sidAdministrators, null, dacl);
        }
Exemplo n.º 24
0
        private void BuildSecurityDescriptor()
        {
            NTAccount          account;
            SecurityIdentifier identifier;
            CommonAce          ace;
            RawAcl             rawAcl = new RawAcl(GenericAcl.AclRevision, 1);
            int index = 0;

            if (this.operationRoleMembers != null)
            {
                foreach (string str in this.operationRoleMembers)
                {
                    account    = new NTAccount(str);
                    identifier = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
                    ace        = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
                    rawAcl.InsertAce(index, ace);
                    index++;
                }
            }
            if (this.contractRoleMembers != null)
            {
                foreach (string str2 in this.contractRoleMembers)
                {
                    account    = new NTAccount(str2);
                    identifier = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
                    ace        = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
                    rawAcl.InsertAce(index, ace);
                    index++;
                }
            }
            if (this.serviceRoleMembers != null)
            {
                foreach (string str3 in this.serviceRoleMembers)
                {
                    account    = new NTAccount(str3);
                    identifier = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier));
                    ace        = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
                    rawAcl.InsertAce(index, ace);
                    index++;
                }
            }
            DiscretionaryAcl discretionaryAcl = new DiscretionaryAcl(true, false, rawAcl);

            this.securityDescriptor = new CommonSecurityDescriptor(true, false, ControlFlags.DiscretionaryAclPresent, sidAdministrators, sidAdministrators, null, discretionaryAcl);
        }
Exemplo n.º 25
0
        static RawAcl MakeRawAcl(GenericAce[] aces)
        {
            RawAcl acl = new RawAcl(RawAcl.AclRevision, 0);

            for (int i = 0; i < aces.Length; i++)
            {
                acl.InsertAce(i, aces [i]);
            }
            return(acl);
        }
Exemplo n.º 26
0
        public static void BasicValidationTestCases()
        {
            GenericAce gAce = null;
            RawAcl     rAcl = null;

            // collection has one ACE. By code review, this properties always return false. So no addtional cases are needed
            rAcl = new RawAcl(0, 1);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rAcl.InsertAce(0, gAce);
            Assert.True(false == rAcl.IsSynchronized);
        }
Exemplo n.º 27
0
        public static void BasicValidationTestCases()
        {
            GenericAce gAce = null;
            RawAcl rAcl = null;

            // collection has one ACE. By code review, this properties always return false. So no addtional cases are needed
            rAcl = new RawAcl(0, 1);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rAcl.InsertAce(0, gAce);
            Assert.True(null != rAcl.SyncRoot) ;
        }
Exemplo n.º 28
0
        public static RawAcl CreateRawAclFromString(string rawAclString)
        {
            RawAcl             rawAcl       = null;
            byte               revision     = 0;
            int                capacity     = 1;
            CommonAce          cAce         = null;
            AceFlags           aceFlags     = AceFlags.None;
            AceQualifier       aceQualifier = AceQualifier.AccessAllowed;
            int                accessMask   = 1;
            SecurityIdentifier sid          = null;
            bool               isCallback   = false;
            int                opaqueSize   = 0;

            byte[] opaque = null;


            string[] parts      = null;
            string[] subparts   = null;
            char[]   delimiter1 = new char[] { '#' };
            char[]   delimiter2 = new char[] { ':' };

            if (rawAclString != null)
            {
                rawAcl = new RawAcl(revision, capacity);

                parts = rawAclString.Split(delimiter1);
                for (int i = 0; i < parts.Length; i++)
                {
                    subparts = parts[i].Split(delimiter2);
                    if (subparts.Length != 6)
                    {
                        return(null);
                    }

                    aceFlags     = (AceFlags)byte.Parse(subparts[0]);
                    aceQualifier = (AceQualifier)int.Parse(subparts[1]);
                    accessMask   = int.Parse(subparts[2]);
                    sid          = new SecurityIdentifier(TranslateStringConstFormatSidToStandardFormatSid(subparts[3]));
                    isCallback   = bool.Parse(subparts[4]);
                    if (!isCallback)
                    {
                        opaque = null;
                    }
                    else
                    {
                        opaqueSize = int.Parse(subparts[5]);
                        opaque     = new byte[opaqueSize];
                    }
                    cAce = new CommonAce(aceFlags, aceQualifier, accessMask, sid, isCallback, opaque);
                    rawAcl.InsertAce(rawAcl.Count, cAce);
                }
            }
            return(rawAcl);
        }
        public static void BasicValidationTestCases()
        {
            RawAcl     rawAcl         = null;
            SystemAcl  systemAcl      = null;
            GenericAce gAce           = null;
            byte       revision       = 0;
            int        capacity       = 0;
            string     sid            = "BG";
            int        expectedLength = 0;

            //case 1, empty systemAcl, binarylength should be 8
            capacity       = 1;
            systemAcl      = new SystemAcl(false, false, capacity);
            expectedLength = 8;
            Assert.True(expectedLength == systemAcl.BinaryLength);

            //case 2, SystemAcl with one Ace, binarylength should be 8 + the Ace's binarylength
            expectedLength  = 8;
            revision        = 0;
            capacity        = 1;
            rawAcl          = new RawAcl(revision, capacity);
            gAce            = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            expectedLength += gAce.BinaryLength;
            rawAcl.InsertAce(0, gAce);
            systemAcl = new SystemAcl(true, false, rawAcl);
            Assert.True(expectedLength == systemAcl.BinaryLength);

            //case 3, SystemAcl with two Aces
            expectedLength  = 8;
            revision        = 0;
            capacity        = 1;
            rawAcl          = new RawAcl(revision, capacity);
            gAce            = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            expectedLength += gAce.BinaryLength;
            rawAcl.InsertAce(0, gAce);
            gAce            = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 2, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            expectedLength += gAce.BinaryLength;
            rawAcl.InsertAce(0, gAce);
            systemAcl = new SystemAcl(false, false, rawAcl);
            Assert.True(expectedLength == systemAcl.BinaryLength);
        }
Exemplo n.º 30
0
        public static void BasicValidationTestCases()
        {
            RawAcl rawAcl = null;
            SystemAcl systemAcl = null;
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            string sid = "BG";
            int expectedLength = 0;
            //case 1, empty systemAcl, binarylength should be 8
            capacity = 1;
            systemAcl = new SystemAcl(false, false, capacity);
            expectedLength = 8;
            Assert.True(expectedLength == systemAcl.BinaryLength);

            //case 2, SystemAcl with one Ace, binarylength should be 8 + the Ace's binarylength
            expectedLength = 8;
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            expectedLength += gAce.BinaryLength;
            rawAcl.InsertAce(0, gAce);
            systemAcl = new SystemAcl(true, false, rawAcl);
            Assert.True(expectedLength == systemAcl.BinaryLength);

            //case 3, SystemAcl with two Aces
            expectedLength = 8;
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            expectedLength += gAce.BinaryLength;
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 2, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            expectedLength += gAce.BinaryLength;
            rawAcl.InsertAce(0, gAce);
            systemAcl = new SystemAcl(false, false, rawAcl);
            Assert.True(expectedLength == systemAcl.BinaryLength);
        }
Exemplo n.º 31
0
        public static void BinaryLength_BasicValidation()
        {
            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            string sid = "BG";

            //case 1, empty discretionaryAcl, binarylength should be 8
            capacity = 1;
            discretionaryAcl = new DiscretionaryAcl(false, false, capacity);
            Assert.True(8 == discretionaryAcl.BinaryLength);

            //case 2, discretionaryAcl with one Ace, binarylength should be 8 + the Ace's binarylength
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            discretionaryAcl = new DiscretionaryAcl(true, false, rawAcl);
            Assert.True(8 + gAce.BinaryLength == discretionaryAcl.BinaryLength);

            //case 3, DiscretionaryAcl with two Aces
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 2,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(0, gAce);
            discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
            Assert.True(8 + discretionaryAcl[0].BinaryLength + discretionaryAcl[1].BinaryLength == discretionaryAcl.BinaryLength);


        }
        public static void BinaryLength_BasicValidation()
        {
            RawAcl           rawAcl           = null;
            DiscretionaryAcl discretionaryAcl = null;
            GenericAce       gAce             = null;
            byte             revision         = 0;
            int    capacity = 0;
            string sid      = "BG";

            //case 1, empty discretionaryAcl, binarylength should be 8
            capacity         = 1;
            discretionaryAcl = new DiscretionaryAcl(false, false, capacity);
            Assert.True(8 == discretionaryAcl.BinaryLength);

            //case 2, discretionaryAcl with one Ace, binarylength should be 8 + the Ace's binarylength
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            gAce     = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
                                     new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            discretionaryAcl = new DiscretionaryAcl(true, false, rawAcl);
            Assert.True(8 + gAce.BinaryLength == discretionaryAcl.BinaryLength);

            //case 3, DiscretionaryAcl with two Aces
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            gAce     = new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 1,
                                     new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 2,
                                 new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(0, gAce);
            discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
            Assert.True(8 + discretionaryAcl[0].BinaryLength + discretionaryAcl[1].BinaryLength == discretionaryAcl.BinaryLength);
        }
Exemplo n.º 33
0
        private bool IsPublicToGroupSidInUserToken()
        {
            bool      flag = false;
            Exception ex   = null;
            int       num  = this.groupMailboxToLogon.PublicToGroupSids.Count <SecurityIdentifier>();

            if (num > 0)
            {
                try
                {
                    int    num2   = 0;
                    RawAcl rawAcl = new RawAcl(0, num);
                    foreach (SecurityIdentifier sid in this.groupMailboxToLogon.PublicToGroupSids)
                    {
                        rawAcl.InsertAce(num2++, new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 131072, sid, false, null));
                    }
                    RawSecurityDescriptor rawSecurityDescriptor = new RawSecurityDescriptor(ControlFlags.DiscretionaryAclPresent, GroupMailboxAuthorizationHandler.LocalSystemSid, GroupMailboxAuthorizationHandler.LocalSystemSid, null, rawAcl);
                    int grantedAccess = this.clientSecurityContext.GetGrantedAccess(rawSecurityDescriptor, (AccessMask)131072);
                    flag = (grantedAccess == 131072);
                }
                catch (ArgumentException ex2)
                {
                    ex = ex2;
                }
                catch (AuthzException ex3)
                {
                    ex = ex3;
                }
                catch (OutOfMemoryException ex4)
                {
                    ex = ex4;
                }
            }
            if (ex != null)
            {
                GroupMailboxAuthorizationHandler.Tracer.TraceError <Exception>((long)this.GetHashCode(), "Unable to verify that the user's token contain publicToGroupSid: {0}", ex);
            }
            if (flag)
            {
                GroupMailboxAuthorizationHandler.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Found that the user {0} is part of a security group present in PublicToGroupSids", this.accessingUserInfo.Identity);
            }
            else
            {
                GroupMailboxAuthorizationHandler.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Found that the user {0} is not part of any security group present in PublicToGroupSids", this.accessingUserInfo.Identity);
            }
            return(flag);
        }
Exemplo n.º 34
0
        public static void AdditionalTestCases()
        {
            GenericAce gAce = null;
            RawAcl rAcl = null;
            AceEnumerator aceEnumerator = null;

            //Case 1, RawAcl with huge number of Aces
            rAcl = new RawAcl(0, GenericAcl.MaxBinaryLength + 1);
            for (int i = 0; i < 1820; i++)
            {
                //this ace binary length is 36, 1820 * 36 = 65520                        
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
                rAcl.InsertAce(0, gAce);
            }
            aceEnumerator = rAcl.GetEnumerator();
            Assert.True(Utils.TestGetEnumerator(aceEnumerator, rAcl, false));
        }
Exemplo n.º 35
0
        public static void BasicValidationTestCases()
        {
            GenericAce    gAce          = null;
            RawAcl        rAcl          = null;
            AceEnumerator aceEnumerator = null;

            // Case 1, when collection is actually empty
            rAcl          = new RawAcl(1, 1);
            aceEnumerator = rAcl.GetEnumerator();

            //Case 2, collection has one ACE
            rAcl = new RawAcl(0, 1);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rAcl.InsertAce(0, gAce);
            aceEnumerator = rAcl.GetEnumerator();
            Assert.True(Utils.TestGetEnumerator(aceEnumerator, rAcl, false));
        }
Exemplo n.º 36
0
        public static void AdditionalTestCases()
        {
            GenericAce    gAce          = null;
            RawAcl        rAcl          = null;
            AceEnumerator aceEnumerator = null;

            //Case 1, RawAcl with huge number of Aces
            rAcl = new RawAcl(0, GenericAcl.MaxBinaryLength + 1);
            for (int i = 0; i < 1820; i++)
            {
                //this ace binary length is 36, 1820 * 36 = 65520
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
                rAcl.InsertAce(0, gAce);
            }
            aceEnumerator = rAcl.GetEnumerator();
            Assert.True(Utils.TestGetEnumerator(aceEnumerator, rAcl, false));
        }
Exemplo n.º 37
0
        public static void BasicValidationTestCases()
        {
            GenericAce gAce = null;
            RawAcl rAcl = null;
            AceEnumerator aceEnumerator = null;

            // Case 1, when collection is actually empty
            rAcl = new RawAcl(1, 1);
            aceEnumerator = rAcl.GetEnumerator();

            //Case 2, collection has one ACE
            rAcl = new RawAcl(0, 1);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rAcl.InsertAce(0, gAce);
            aceEnumerator = rAcl.GetEnumerator();
            Assert.True(Utils.TestGetEnumerator(aceEnumerator, rAcl, false));
        }
Exemplo n.º 38
0
        [Category("NotWorking")]          // Mono does not have a working CustomAce implementation yet.
        public void ObjectSecurityRemovesWhatItCannotCreate()
        {
            RawAcl acl = new RawAcl(GenericAcl.AclRevision, 1);

            acl.InsertAce(0, new CustomAce((AceType)255, AceFlags.None, new byte[4]));

            DiscretionaryAcl dacl = new DiscretionaryAcl(true, true, acl);

            Assert.AreEqual(1, dacl.Count);

            CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
                                                      (true, true, ControlFlags.None, null, null, null, dacl);

            TestSecurity security             = new TestSecurity(descriptor);
            AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(SecurityIdentifier));

            Assert.AreEqual(0, rules.Count);
        }
Exemplo n.º 39
0
        static RawAcl CreateRoundtripRawAcl()
        {
            SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);

            Assert.AreEqual(16, sid.BinaryLength);

            GenericAce[] aces = new GenericAce[] {
                new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 1, sid,
                              ObjectAceFlags.ObjectAceTypePresent,
                              Guid.Empty, Guid.Empty, false, new byte[8]),
                new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 2, sid,
                              ObjectAceFlags.InheritedObjectAceTypePresent,
                              Guid.Empty, Guid.Empty, true, new byte[16]),
                new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
                              ObjectAceFlags.InheritedObjectAceTypePresent,
                              Guid.Empty, new Guid("{8865FB90-A9EB-422F-A8BA-07ECA611D699}"), true, new byte[4]),
                new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
                              ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent,
                              Guid.Empty, new Guid("{B893007C-38D5-4827-A698-BA25F1E30BAC}"), true, new byte[4]),
                new ObjectAce(AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
                              ObjectAceFlags.None,
                              Guid.Empty, new Guid("{C0F9DF22-C320-4400-B41F-754F69668640}"), true, new byte[4])
            };

            // Make sure this created right, first of all.
            Assert.AreEqual(AceType.AccessAllowedObject, aces [0].AceType);
            Assert.AreEqual(AceType.AccessAllowedCallbackObject, aces [1].AceType);
            Assert.AreEqual(AceType.AccessAllowedCallbackObject, aces [2].AceType);
            Assert.AreEqual(AceType.AccessAllowedCallbackObject, aces [3].AceType);
            Assert.AreEqual(AceType.AccessAllowedCallbackObject, aces [4].AceType);
            Assert.AreEqual(52, aces [0].BinaryLength);
            Assert.AreEqual(60, aces [1].BinaryLength);
            Assert.AreEqual(48, aces [2].BinaryLength);
            Assert.AreEqual(64, aces [3].BinaryLength);
            Assert.AreEqual(32, aces [4].BinaryLength);

            RawAcl acl = new RawAcl(RawAcl.AclRevision, 0);

            for (int i = 0; i < aces.Length; i++)
            {
                acl.InsertAce(i, aces[i]);
            }
            return(acl);
        }
Exemplo n.º 40
0
        public static void AdditionalTestCases()
        {
            RawAcl             rawAcl   = null;
            GenericAce         gAce     = null;
            byte               revision = 0;
            int                capacity = 0;
            SecurityIdentifier sid      = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));

            //case 1, RawAcl with huge number of Aces
            revision = 0;
            capacity = 1;
            rawAcl   = new RawAcl(revision, capacity);
            for (int i = 0; i < 1820; i++)
            {
                //this ace binary length is 36, 1820 * 36 = 65520
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, i + 1, sid, false, null);
                rawAcl.InsertAce(0, gAce);
            }
            Assert.True(1820 == rawAcl.Count);
        }
Exemplo n.º 41
0
        public static void AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            SecurityIdentifier sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));

            //case 1, RawAcl with huge number of Aces
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            for (int i = 0; i < 1820; i++)
            {
                //this ace binary length is 36, 1820 * 36 = 65520                        
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, i + 1, sid, false, null);
                rawAcl.InsertAce(0, gAce);
            }
            Assert.True(1820 == rawAcl.Count);
        }
Exemplo n.º 42
0
        /// <summary>Canonicalizes the specified Access Control List.</summary>
        /// <param name="acl">The Access Control List.</param>
        public static void Canonicalize(this RawAcl acl)
        {
            if (acl == null)
            {
                throw new ArgumentNullException(nameof(acl));
            }

            // Extract aces to list
            var aces = new System.Collections.Generic.List <GenericAce>(acl.Cast <GenericAce>());

            // Sort aces based on canonical order
            aces.Sort((a, b) => System.Collections.Generic.Comparer <byte> .Default.Compare(GetComparisonValue(a), GetComparisonValue(b)));

            // Add sorted aces back to ACL
            while (acl.Count > 0)
            {
                acl.RemoveAce(0);
            }
            var aceIndex = 0;

            aces.ForEach(ace => acl.InsertAce(aceIndex++, ace));
        }
Exemplo n.º 43
0
        public void IndexerMakesCopies()
        {
            // This behavior is mentioned in the DiscretionaryAcl RawAcl constructor overload.
            // Turns out it applies to more than just the constructor.
            SecurityIdentifier worldSid = new SecurityIdentifier("WD");

            // RawAcl does not make copies.
            RawAcl    acl = new RawAcl(RawAcl.AclRevision, 1);
            CommonAce ace = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, worldSid, false, null);

            acl.InsertAce(0, ace);
            Assert.AreSame(acl [0], acl [0]);

            // CommonAcl does.
            SystemAcl sacl = new SystemAcl(false, false, acl);

            Assert.AreNotSame(sacl [0], sacl [0]);

            // Make sure the copying occurs in the constructor as well as the indexer.
            ace.AceFlags = AceFlags.FailedAccess;
            Assert.AreEqual(AceFlags.SuccessfulAccess, sacl [0].AceFlags);
        }
Exemplo n.º 44
0
        public static void Purge_BasicValidationTestCases()
        {
            bool isContainer = false;
            bool isDS = false;

            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;
            int aceCount = 0;
            SecurityIdentifier sid = null;

            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;

            //CustomAce constructor parameters
            AceType aceType = AceType.AccessAllowed;
            AceFlags aceFlag = AceFlags.None;
            byte[] opaque = null;

            //CompoundAce constructor additional parameters
            int accessMask = 0;
            CompoundAceType compoundAceType = CompoundAceType.Impersonation;
            string sidStr = "LA";

            //CommonAce constructor additional parameters
            AceQualifier aceQualifier = 0;

            //ObjectAce constructor additional parameters
            ObjectAceFlags objectAceFlag = 0;
            Guid objectAceType;
            Guid inheritedObjectAceType;

            //case 1, no Ace
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            aceCount = 0;
            sidStr = "BG";
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sidStr));

            Assert.True(TestPurge(discretionaryAcl, sid, aceCount));

            //case 2, only have 1 explicit Ace of the sid
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            sidStr = "BG";
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sidStr));
            //199 has all aceflags but inheritonly and inherited					
            gAce = new CommonAce((AceFlags)199, AceQualifier.AccessAllowed, 1, sid, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            aceCount = 0;

            Assert.True(TestPurge(discretionaryAcl, sid, aceCount));

            //case 3, only have 1 explicit Ace of different sid
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //199 has all aceflags but inheritedonly and inherited
            sidStr = "BG";
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sidStr));
            gAce = new CommonAce((AceFlags)199, AceQualifier.AccessDenied, 1, sid, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            aceCount = 1;
            sidStr = "BA";
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sidStr));

            Assert.True(TestPurge(discretionaryAcl, sid, aceCount));

            //case 4, only have 1 inherited Ace of the sid
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            sidStr = "BG";
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sidStr));
            //215 has all aceflags but inheritedonly				
            gAce = new CommonAce((AceFlags)215, AceQualifier.AccessAllowed, 1, sid, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            aceCount = 1;

            Assert.True(TestPurge(discretionaryAcl, sid, aceCount));

            //case 5, have one explicit Ace and one inherited Ace of the sid
            revision = 255;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            sidStr = "BG";
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sidStr));
            //199 has all aceflags but inheritedonly and inherited
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP), AceQualifier.AccessDenied, 1, sid, false, null);
            rawAcl.InsertAce(0, gAce);
            //215 has all aceflags but inheritedonly
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP | FlagsForAce.IH), AceQualifier.AccessAllowed, 2, sid, false, null);
            rawAcl.InsertAce(1, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            aceCount = 1;

            Assert.True(TestPurge(discretionaryAcl, sid, aceCount));

            //case 6, have two explicit Aces of the sid
            revision = 255;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            sidStr = "BG";
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sidStr));
            //207 has all AceFlags but inherited				
            gAce = new CommonAce((AceFlags)207, AceQualifier.AccessAllowed, 1, sid, false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessDenied, 2, sid, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            aceCount = 0;

            Assert.True(TestPurge(discretionaryAcl, sid, 0));

            //case 7, 1 explicit CustomAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceType = AceType.MaxDefinedAceType + 1;
            //199 has all AceFlags except InheritOnly and Inherited
            aceFlag = (AceFlags)199;
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG"));
            aceCount = 1;

            //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
            //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
            Assert.Throws<InvalidOperationException>(() =>
            {

                TestPurge(discretionaryAcl, sid, aceCount);

            });


            //case 8,  1 explicit CompoundAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //207 has all AceFlags but inherited				
            aceFlag = (AceFlags)207;
            accessMask = 1;
            compoundAceType = CompoundAceType.Impersonation;
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG"));
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType, sid);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            aceCount = 0;

            //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
            //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
            Assert.Throws<InvalidOperationException>(() =>
            {

                TestPurge(discretionaryAcl, sid, aceCount);

            });

            //case 9, 1 explict ObjectAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG"));
            //207 has all AceFlags but inherited						
            aceFlag = (AceFlags)207;
            aceQualifier = AceQualifier.AccessAllowed;
            accessMask = 1;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask, sid, objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = true;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            aceCount = 0;

            Assert.True(TestPurge(discretionaryAcl, sid, aceCount));

        }
Exemplo n.º 45
0
        public static void BasicValidationTestCases()
        {
            RawAcl rAcl = null;
            GenericAce gAce = null;
            byte[] binaryForm = null;

            //Case 1, a RawAcl with one AccessAllowed Ace
            SecurityIdentifier sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
            byte[] verifierBinaryForm = null;
            byte[] sidBinaryForm = new byte[sid.BinaryLength];
            sid.GetBinaryForm(sidBinaryForm, 0);
            rAcl = new RawAcl(GenericAcl.AclRevision, 1);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, sid, false, null);
            rAcl.InsertAce(0, gAce);
            binaryForm = new byte[rAcl.BinaryLength];
            verifierBinaryForm = new byte[rAcl.BinaryLength];
            rAcl.GetBinaryForm(binaryForm, 0);

            int errorCode;
            if (0 == Utils.Win32AclLayer.InitializeAclNative
                (verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
            {
                errorCode = Marshal.GetLastWin32Error();
            }
            else if (0 == Utils.Win32AclLayer.AddAccessAllowedAceExNative
                (verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)AceFlags.None, (uint)1, sidBinaryForm))
            {
                errorCode = Marshal.GetLastWin32Error();
            }
            else
                Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));

            //Case 2, a RawAcl with one AccessDenied Ace
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
            verifierBinaryForm = null;
            sidBinaryForm = new byte[sid.BinaryLength];
            sid.GetBinaryForm(sidBinaryForm, 0);
            rAcl = new RawAcl(GenericAcl.AclRevision, 1);
            //31 include ObjectInherit, ContainerInherit, NoPropagateInherit, InheritOnly and Inherited
            gAce = new CommonAce((AceFlags)31, AceQualifier.AccessDenied, 1, sid, false, null);
            rAcl.InsertAce(0, gAce);
            binaryForm = new byte[rAcl.BinaryLength];
            verifierBinaryForm = new byte[rAcl.BinaryLength];
            rAcl.GetBinaryForm(binaryForm, 0);

            if (0 == Utils.Win32AclLayer.InitializeAclNative
                (verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
            {
                errorCode = Marshal.GetLastWin32Error();
            }
            else if (0 == Utils.Win32AclLayer.AddAccessDeniedAceExNative
                (verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)31, (uint)1, sidBinaryForm))
            {
                errorCode = Marshal.GetLastWin32Error();
            }
            else
                Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));

            //Case 3, a RawAcl with one Audit Ace
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA"));
            verifierBinaryForm = null;
            sidBinaryForm = new byte[sid.BinaryLength];
            sid.GetBinaryForm(sidBinaryForm, 0);
            rAcl = new RawAcl(GenericAcl.AclRevision, 1);
            //223 include ObjectInherit, ContainerInherit, NoPropagateInherit, InheritOnly, Inherited, SuccessfulAccess and FailedAccess
            gAce = new CommonAce((AceFlags)223, AceQualifier.SystemAudit, 1, sid, false, null);
            rAcl.InsertAce(0, gAce);
            binaryForm = new byte[rAcl.BinaryLength];
            verifierBinaryForm = new byte[rAcl.BinaryLength];
            rAcl.GetBinaryForm(binaryForm, 0);

            if (0 == Utils.Win32AclLayer.InitializeAclNative
                (verifierBinaryForm, (uint)rAcl.BinaryLength, (uint)GenericAcl.AclRevision))
            {
                errorCode = Marshal.GetLastWin32Error();
            }
            else if (0 == Utils.Win32AclLayer.AddAuditAccessAceExNative
                (verifierBinaryForm, (uint)GenericAcl.AclRevision, (uint)223, (uint)1, sidBinaryForm, 1, 1))
            {
                errorCode = Marshal.GetLastWin32Error();
            }
            else
                Assert.True(Utils.IsBinaryFormEqual(binaryForm, verifierBinaryForm));
        }
Exemplo n.º 46
0
        public static void Index_AdditionalTests()
        {
            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;
            GenericAce gAce = null;
            GenericAce verifierGAce = null;
            string owner = null;
            int index = 0;

            // case 1, no ACE, get index at -1
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                index = -1;
                discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
                verifierGAce = discretionaryAcl[index];
            });

            //case 2, get index at Count
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
                index = discretionaryAcl.Count;
                verifierGAce = discretionaryAcl[index];
            });

            //case 3, set index at -1
            Assert.Throws<NotSupportedException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
                index = -1;
                owner = "BG";
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                discretionaryAcl[index] = gAce;

            });

            //case 4, set index at Count
            Assert.Throws<NotSupportedException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                discretionaryAcl = new DiscretionaryAcl(true, false, rawAcl);
                index = discretionaryAcl.Count;
                owner = "BG";
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                discretionaryAcl[index] = gAce;

            });

            //case 5, set null Ace
            Assert.Throws<NotSupportedException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                rawAcl.InsertAce(0, gAce);
                discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
                index = 0;
                gAce = null;
                discretionaryAcl[index] = gAce;

            });

            //case 6, set index at 0
            //case 5, set null Ace
            Assert.Throws<NotSupportedException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                owner = "BG";
                gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                rawAcl.InsertAce(0, gAce);

                discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
                index = 0;
                owner = "BA";
                gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                discretionaryAcl[index] = gAce;
            });
        }
Exemplo n.º 47
0
        public static void Index_BasicValidation()
        {
            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;

            GenericAce gAce = null;
            GenericAce verifierGAce = null;
            string owner1 = "BO";
            string owner2 = "BA";
            string owner3 = "BG";
            int index = 0;

            // case 1, only one ACE, get at index 0
            rawAcl = new RawAcl(1, 1);
            index = 0;
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner1)), false, null);
            rawAcl.InsertAce(0, gAce);
            discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
            verifierGAce = discretionaryAcl[index];

            Assert.True(TestIndex(gAce, verifierGAce));
            {
            }

            //case 2, two ACEs, index at Count -1
            rawAcl = new RawAcl(1, 2);
            //215 has all AceFlags but InheriteOnly
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP | FlagsForAce.IH), AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner1)), false, null);
            rawAcl.InsertAce(0, gAce);
            //199 has all AceFlags but InheritedOnly, Inherited
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP), AceQualifier.AccessDenied, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner2)), false, null);
            rawAcl.InsertAce(1, gAce);
            discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
            gAce = rawAcl[1];
            //the discretionaryAcl is non-container, all AceFlags except Inherited will be stripped
            gAce.AceFlags = (AceFlags)FlagsForAce.None;
            index = discretionaryAcl.Count - 1;

            verifierGAce = discretionaryAcl[index];

            Assert.True(TestIndex(gAce, verifierGAce));
            {
            }

            //case 3, only three ACEs, index at Count/2
            rawAcl = new RawAcl(1, 3);

            //215 has all AceFlags except InheritOnly					
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP | FlagsForAce.IH), AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner1)), false, null);
            rawAcl.InsertAce(0, gAce);

            //199 has all AceFlags except InheritOnly and Inherited				
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP), AceQualifier.AccessDenied, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner2)), false, null);
            rawAcl.InsertAce(1, gAce);
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP), AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner3)), false, null);
            rawAcl.InsertAce(2, gAce);
            discretionaryAcl = new DiscretionaryAcl(false, false, rawAcl);
            gAce = rawAcl[1];
            //the systemAcl is non-container, all AceFlags will be stripped
            gAce.AceFlags = AceFlags.None;
            index = discretionaryAcl.Count / 2;
            verifierGAce = discretionaryAcl[index];

            Assert.True(TestIndex(gAce, verifierGAce));
            {
            }

        }
Exemplo n.º 48
0
        public static RawAcl CreateRawAclFromString(string rawAclString)
        {
            RawAcl rawAcl = null;
            byte revision = 0;
            int capacity = 1;
            CommonAce cAce = null;
            AceFlags aceFlags = AceFlags.None;
            AceQualifier aceQualifier = AceQualifier.AccessAllowed;
            int accessMask = 1;
            SecurityIdentifier sid = null;
            bool isCallback = false;
            int opaqueSize = 0;
            byte[] opaque = null;


            string[] parts = null;
            string[] subparts = null;
            char[] delimiter1 = new char[] { '#' };
            char[] delimiter2 = new char[] { ':' };

            if (rawAclString != null)
            {
                rawAcl = new RawAcl(revision, capacity);

                parts = rawAclString.Split(delimiter1);
                for (int i = 0; i < parts.Length; i++)
                {
                    subparts = parts[i].Split(delimiter2);
                    if (subparts.Length != 6)
                    {
                        return null;
                    }

                    aceFlags = (AceFlags)byte.Parse(subparts[0]);
                    aceQualifier = (AceQualifier)int.Parse(subparts[1]);
                    accessMask = int.Parse(subparts[2]);
                    sid = new SecurityIdentifier(TranslateStringConstFormatSidToStandardFormatSid(subparts[3]));
                    isCallback = bool.Parse(subparts[4]);
                    if (!isCallback)
                        opaque = null;
                    else
                    {
                        opaqueSize = int.Parse(subparts[5]);
                        opaque = new byte[opaqueSize];
                    }
                    cAce = new CommonAce(aceFlags, aceQualifier, accessMask, sid, isCallback, opaque);
                    rawAcl.InsertAce(rawAcl.Count, cAce);
                }
            }
            return rawAcl;
        }
        public static void RemoveInheritedAces_BasicValidationTestCases()
        {
            bool isContainer = false;
            bool isDS = false;

            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;

            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;

            //CustomAce constructor parameters
            AceType aceType = AceType.AccessAllowed;
            AceFlags aceFlag = AceFlags.None;
            byte[] opaque = null;

            //CompoundAce constructor additional parameters
            int accessMask = 0;
            CompoundAceType compoundAceType = CompoundAceType.Impersonation;
            string sid = "BG";

            //CommonAce constructor additional parameters
            AceQualifier aceQualifier = 0;

            //ObjectAce constructor additional parameters
            ObjectAceFlags objectAceFlag = 0;
            Guid objectAceType;
            Guid inheritedObjectAceType;

            //case 1, no Ace
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

            //case 2, only have explicit Ace
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //199  has all AceFlags except InheritOnly and Inherited
            gAce = new CommonAce((AceFlags)199, AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

            //case 3,  non-inherited CommonAce, ObjectAce, CompoundAce, CustomAce
            revision = 127;
            capacity = 5;
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")).ToString();
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = AceFlags.InheritanceFlags;
            accessMask = 1;

            //Access Allowed CommonAce
            gAce = new CommonAce(aceFlag, AceQualifier.AccessAllowed, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 1.ToString())), false, null);
            rawAcl.InsertAce(0, gAce);
            //Access Dennied CommonAce
            gAce = new CommonAce(aceFlag, AceQualifier.AccessDenied, accessMask,
            new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 2.ToString())), false, null);
            rawAcl.InsertAce(0, gAce);
            //CustomAce
            aceType = AceType.MaxDefinedAceType + 1;
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(2, gAce);
            //CompoundAce
            compoundAceType = CompoundAceType.Impersonation;
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 3.ToString())));
            rawAcl.InsertAce(3, gAce);
            //ObjectAce
            aceQualifier = AceQualifier.AccessAllowed;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 4.ToString())), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(2, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
            //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
            Assert.Throws<InvalidOperationException>(() =>
            {

                TestRemoveInheritedAces(discretionaryAcl);
            });

            //case 4,  all inherited CommonAce, ObjectAce, CompoundAce, CustomAce
            revision = 127;
            capacity = 5;
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")).ToString();
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = AceFlags.InheritanceFlags | AceFlags.Inherited;
            accessMask = 1;

            //Access Allowed CommonAce
            gAce = new CommonAce(aceFlag, AceQualifier.AccessAllowed, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 1.ToString())), false, null);
            rawAcl.InsertAce(0, gAce);
            //Access Dennied CommonAce
            gAce = new CommonAce(aceFlag, AceQualifier.AccessDenied, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 2.ToString())), false, null);
            rawAcl.InsertAce(0, gAce);
            //CustomAce
            aceType = AceType.MaxDefinedAceType + 1;
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(0, gAce);
            //CompoundAce
            compoundAceType = CompoundAceType.Impersonation;
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 3.ToString())));
            rawAcl.InsertAce(0, gAce);
            //ObjectAce
            aceQualifier = AceQualifier.AccessAllowed;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 4.ToString())), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

            //case 5, only have one inherit Ace
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //215 has all AceFlags except InheritOnly
            gAce = new CommonAce((AceFlags)215, AceQualifier.AccessDenied, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

            //case 6, have one explicit Ace and one inherited Ace
            revision = 255;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //199  has all AceFlags except InheritOnly and Inherited					
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP), AceQualifier.AccessDenied, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(0, gAce);
            //215  has all AceFlags except InheritOnly					
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP | FlagsForAce.IH), AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(1, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

            //case 7, have two inherited Aces
            revision = 255;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //215  has all AceFlags except InheritOnly					
            gAce = new CommonAce((AceFlags)215, AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(0, gAce);
            sid = "BA";
            //16 has Inherited
            gAce = new CommonAce((AceFlags)16, AceQualifier.AccessDenied, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

            //case 8, 1 inherited CustomAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceType = AceType.MaxDefinedAceType + 1;
            //215 has all AceFlags except InheritOnly
            aceFlag = (AceFlags)215;
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

            //case 9,  1 inherited CompoundAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = (AceFlags)223; //all flags ored together
            accessMask = 1;
            compoundAceType = CompoundAceType.Impersonation;
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

            //case 10, 1 inherited ObjectAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = (AceFlags)223; //all flags ored together
            aceQualifier = AceQualifier.AccessAllowed;
            accessMask = 1;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = true;
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(discretionaryAcl));

        }
Exemplo n.º 50
0
        public static void AddAccess_AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;
            bool isContainer = false;
            bool isDS = false;

            int accessControlType = 0;
            string sid = null;
            int accessMask = 1;
            int inheritanceFlags = 0;
            int propagationFlags = 0;
            GenericAce gAce = null;
            byte[] opaque = null;

            //Case 1, non-Container, but InheritanceFlags is not None
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                discretionaryAcl.AddAccess(AccessControlType.Allow,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), 1, InheritanceFlags.ContainerInherit, PropagationFlags.None);

            });

            //Case 2, non-Container, but PropagationFlags is not None
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                discretionaryAcl.AddAccess(AccessControlType.Allow,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), 1, InheritanceFlags.None, PropagationFlags.InheritOnly);


            });

            //Case 3, Container, InheritanceFlags is None, PropagationFlags is InheritOnly
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                discretionaryAcl.AddAccess(AccessControlType.Allow,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), 1, InheritanceFlags.None, PropagationFlags.InheritOnly);


            });

            //Case 4, Container, InheritanceFlags is None, PropagationFlags is NoPropagateInherit
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                discretionaryAcl.AddAccess(AccessControlType.Allow,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), 1, InheritanceFlags.None, PropagationFlags.NoPropagateInherit);


            });

            //Case 5, Container, InheritanceFlags is None, PropagationFlags is NoPropagateInherit | InheritOnly
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                discretionaryAcl.AddAccess(AccessControlType.Allow,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), 1, InheritanceFlags.None, PropagationFlags.NoPropagateInherit | PropagationFlags.InheritOnly);


            });

            //Case 6, accessMask = 0
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;
                accessControlType = 1;
                sid = "BA";
                accessMask = 0;
                inheritanceFlags = 3;
                propagationFlags = 3;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
                discretionaryAcl.AddAccess((AccessControlType)accessControlType,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);



            });

            //Case 7, null sid
            Assert.Throws<ArgumentNullException>(() =>
            {
                isContainer = true;
                isDS = false;
                accessControlType = 1;
                accessMask = 1;
                inheritanceFlags = 3;
                propagationFlags = 3;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
                discretionaryAcl.AddAccess((AccessControlType)accessControlType, null, accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);



            });

            //Case 8, add one Access ACE to the DiscretionaryAcl with no ACE
            isContainer = true;
            isDS = false;
            accessControlType = 0;
            sid = "BA";
            accessMask = 1;
            inheritanceFlags = 3;
            propagationFlags = 3;
            rawAcl = new RawAcl(0, 1);
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            //15 = AceFlags.ObjectInherit |AceFlags.ContainerInherit | AceFlags.NoPropagateInherit | AceFlags.InheritOnly
            gAce = new CommonAce((AceFlags)15, AceQualifier.AccessAllowed, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(rawAcl.Count, gAce);
            Assert.True(TestAddAccess(discretionaryAcl, rawAcl, (AccessControlType)accessControlType,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags))
            ;


            //Case 9, Container, InheritOnly ON, but ContainerInherit and ObjectInherit are both OFF
            //add meaningless Access ACE to the DiscretionaryAcl with no ACE, ace should not
            //be added. There are mutiple type of meaningless Ace, but as both AddAccess and Constructor3
            //call the same method to check the meaninglessness, only some sanitory cases are enough.
            //bug# 288116


            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;

                inheritanceFlags = 0;//InheritanceFlags.None
                propagationFlags = 2; //PropagationFlags.InheritOnly

                accessControlType = 0;
                sid = "BA";
                accessMask = 1;

                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
                TestAddAccess(discretionaryAcl, rawAcl, (AccessControlType)accessControlType,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);
            });


            //Case 10, add Ace of NOT(AccessControlType.Allow |AccessControlType.Denied) to the DiscretionaryAcl with no ACE, 
            // should throw appropriate exception for wrong parameter, bug#287188

            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                isContainer = true;
                isDS = false;

                inheritanceFlags = 1;//InheritanceFlags.ContainerInherit
                propagationFlags = 2; //PropagationFlags.InheritOnly

                accessControlType = 100;
                sid = "BA";
                accessMask = 1;

                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
                discretionaryAcl.AddAccess((AccessControlType)accessControlType,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)),
                    accessMask,
                    (InheritanceFlags)inheritanceFlags,
                    (PropagationFlags)propagationFlags);

            });


            //Case 11, all the ACEs in the Dacl are non-qualified ACE, no merge

            Assert.Throws<InvalidOperationException>(() =>
            {
                isContainer = true;
                isDS = false;

                inheritanceFlags = 1;//InheritanceFlags.ContainerInherit
                propagationFlags = 2; //PropagationFlags.InheritOnly

                accessControlType = 0;
                sid = "BA";
                accessMask = 1;

                rawAcl = new RawAcl(0, 1);
                opaque = new byte[4];
                gAce = new CustomAce(AceType.MaxDefinedAceType + 1, AceFlags.InheritanceFlags, opaque); ;
                rawAcl.InsertAce(0, gAce);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                gAce = new CommonAce(AceFlags.ContainerInherit | AceFlags.InheritOnly,
                                        AceQualifier.AccessAllowed,
                                        accessMask,
                                        new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)),
                                        false,
                                        null);
                rawAcl.InsertAce(0, gAce);

                //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
                //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException

                TestAddAccess(discretionaryAcl, rawAcl, (AccessControlType)accessControlType,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);

            });

            //Case 12, add Ace to exceed binary length boundary, throw exception
            isContainer = true;
            isDS = false;

            inheritanceFlags = 1;//InheritanceFlags.ContainerInherit
            propagationFlags = 2; //PropagationFlags.InheritOnly

            accessControlType = 0;
            sid = "BA";
            accessMask = 1;

            rawAcl = new RawAcl(0, 1);
            opaque = new byte[GenericAcl.MaxBinaryLength + 1 - 8 - 4 - 16];
            gAce = new CustomAce(AceType.MaxDefinedAceType + 1,
                AceFlags.InheritanceFlags, opaque); ;
            rawAcl.InsertAce(0, gAce);
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
            //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
            Assert.Throws<InvalidOperationException>(() =>
            {

                discretionaryAcl.AddAccess((AccessControlType)accessControlType,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);

            });

        }
Exemplo n.º 51
0
        public static void Constructor3_AdditionalTestCases()
        {
            bool isContainer = false;
            bool isDS = false;

            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;

            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;

            //CustomAce constructor parameters
            AceType aceType = AceType.AccessAllowed;
            AceFlags aceFlag = AceFlags.None;
            byte[] opaque = null;

            //CompoundAce constructor additional parameters
            int accessMask = 0;
            CompoundAceType compoundAceType = CompoundAceType.Impersonation;
            string sid = "BG";

            //CommonAce constructor additional parameters
            AceQualifier aceQualifier = 0;

            //ObjectAce constructor additional parameters
            ObjectAceFlags objectAceFlag = 0;
            Guid objectAceType;
            Guid inheritedObjectAceType;

            //case 1, an AccessAllowed ACE with a zero access mask is meaningless, will be removed
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 0,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;

            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            //drop the Ace from rawAcl
            rawAcl.RemoveAce(0);

            //the only ACE is a meaningless ACE, will be removed
            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, true, rawAcl));

            //case 2, an inherit-only AccessDenied ACE on an object ACL is meaningless, will be removed
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //15 has all inheritance AceFlags but Inherited
            gAce = new CommonAce((AceFlags)15, AceQualifier.AccessDenied, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;

            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            rawAcl.RemoveAce(0);

            //the only ACE is a meaningless ACE, will be removed
            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, true, rawAcl));

            //case 3, an inherit-only AccessAllowed ACE without ContainerInherit or ObjectInherit flags on a container object is meaningless, will be removed
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //8 has inheritOnly
            gAce = new CommonAce((AceFlags)8, AceQualifier.AccessAllowed, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;

            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            rawAcl.RemoveAce(0);

            //the only ACE is a meaningless ACE, will be removed
            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, true, rawAcl));

            //case 4, 1 CustomAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceType = AceType.MaxDefinedAceType + 1;
            aceFlag = AceFlags.None;
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;

            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            //Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical
            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, false, rawAcl));

            //case 5, 1 CompoundAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            // 2 has ContainerInherit
            aceFlag = (AceFlags)2;
            accessMask = 1;
            compoundAceType = CompoundAceType.Impersonation;
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;

            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            //Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical
            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, false, rawAcl));


            //case 6, 1 ObjectAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = (AceFlags)15; //all inheritance flags ored together but Inherited
            aceQualifier = AceQualifier.AccessAllowed;
            accessMask = 1;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = true;

            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, true, rawAcl));


            //case 7, no Ace
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            isContainer = true;
            isDS = false;

            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, true, rawAcl));


            //case 8, all Aces from case 1, and 3 to 6 
            revision = 127;
            capacity = 5;
            sid = new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")).ToString();
            rawAcl = new RawAcl(revision, capacity);
            //0 access Mask
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 0,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 1.ToString())), false, null);
            rawAcl.InsertAce(rawAcl.Count, gAce);

            //an inherit-only AccessAllowed ACE without ContainerInherit or ObjectInherit flags on a container object is meaningless, will be removed

            gAce = new CommonAce((AceFlags)8, AceQualifier.AccessAllowed, 1,
            new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 2.ToString())), false, null);
            rawAcl.InsertAce(rawAcl.Count, gAce);

            // ObjectAce
            aceFlag = (AceFlags)15; //all inheritance flags ored together but Inherited
            aceQualifier = AceQualifier.AccessAllowed;
            accessMask = 1;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 3.ToString())), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(rawAcl.Count, gAce);

            // CustomAce
            aceType = AceType.MaxDefinedAceType + 1;
            aceFlag = AceFlags.None;
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(rawAcl.Count, gAce);

            // CompoundAce					
            aceFlag = (AceFlags)2;
            accessMask = 1;
            compoundAceType = CompoundAceType.Impersonation;
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid + 4.ToString())));
            rawAcl.InsertAce(rawAcl.Count, gAce);

            isContainer = true;
            isDS = false;

            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            rawAcl.RemoveAce(0);
            rawAcl.RemoveAce(0);

            //Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical

            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, false, rawAcl));



            discretionaryAcl = null;
            isContainer = false;
            isDS = false;
            rawAcl = null;
            //case 1, rawAcl = null
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            rawAcl = new RawAcl(isDS ? GenericAcl.AclRevisionDS : GenericAcl.AclRevision, 1);
            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, true, rawAcl));



            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            rawAcl = new RawAcl(isDS ? GenericAcl.AclRevisionDS : GenericAcl.AclRevision, 1);
            Assert.True(VerifyACL(discretionaryAcl, isContainer, isDS, true, rawAcl));


        }
Exemplo n.º 52
0
        public static void AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            GenericAce genericAce = null;
            string owner = null;
            int index = 0;


            // case 1, no ACE, insert at index -1

            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                index = -1;
                owner = "BA";
                genericAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                rawAcl.InsertAce(index, genericAce);
            });


            //case 2, no ACE, insert at  index Count + 1

            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                index = rawAcl.Count + 1;
                genericAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                rawAcl.InsertAce(index, genericAce);
            });

            //case 3, one ACE, insert null ACE

            Assert.Throws<ArgumentNullException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                index = 0;
                owner = "BA";
                genericAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner)), false, null);
                rawAcl.InsertAce(index, genericAce);
                genericAce = null;
                rawAcl.InsertAce(index, genericAce);
            });
            //case 4, insert a big Ace to make RawAcl of length 64K + 1. RawAcl length = HeaderLength + all ACE's  length
            // = HeaderLength + (HeaderLength + OpaqueLength) * num_of_custom_ace
            // = 8 + ( 4 + OpaqueLength) * num_of_custom_ace

            Assert.Throws<OverflowException>(() =>
            {
                rawAcl = new RawAcl(1, 1);
                byte[] opaque = new byte[GenericAcl.MaxBinaryLength + 1 - 8 - 4];
                GenericAce gAce = new CustomAce(AceType.MaxDefinedAceType + 1, (AceFlags)223, opaque);
                rawAcl.InsertAce(0, gAce);
            });
        }
Exemplo n.º 53
0
        public static void AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            SystemAcl systemAcl = null;
            bool isContainer = false;
            bool isDS = false;

            int auditFlags = 0;
            string sid = null;
            int accessMask = 1;
            int inheritanceFlags = 0;
            int propagationFlags = 0;
            GenericAce gAce = null;
            bool removePossible = false;
            byte[] opaque = null;

            //Case 1, null sid
            Assert.Throws<ArgumentNullException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.RemoveAudit(AuditFlags.Success, null, 1, InheritanceFlags.None, PropagationFlags.None);
            });

            //Case 2, SystemAudit Ace but non AuditFlags
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.RemoveAudit(AuditFlags.None,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), 1, InheritanceFlags.None, PropagationFlags.None);

            });

            //Case 3, 0 accessMask
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = false;
                isDS = false;
                rawAcl = new RawAcl(0, 1);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                systemAcl.RemoveAudit(AuditFlags.Success,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), 0, InheritanceFlags.None, PropagationFlags.None);

            });

            //Case 4, remove one audit ACE from the SystemAcl with no ACE
            isContainer = true;
            isDS = false;
            auditFlags = 1;
            sid = "BA";
            accessMask = 1;
            inheritanceFlags = 3;
            propagationFlags = 3;
            removePossible = true;
            rawAcl = new RawAcl(0, 1);
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveAudit(systemAcl, rawAcl, (AuditFlags)auditFlags,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags, removePossible));

            //Case 5, remove the last one ACE from the SystemAcl
            isContainer = true;
            isDS = false;
            auditFlags = 1;
            sid = "BA";
            accessMask = 1;
            inheritanceFlags = 3;
            propagationFlags = 3;
            removePossible = true;
            rawAcl = new RawAcl(0, 1);
            //79 = AceFlags.SuccessfulAccess | AceFlags.ObjectInherit |AceFlags.ContainerInherit | AceFlags.NoPropagateInherit | AceFlags.InheritOnly
            gAce = new CommonAce((AceFlags)79, AceQualifier.SystemAudit, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(rawAcl.Count, gAce);
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            //remove the ace to create the validation rawAcl
            rawAcl.RemoveAce(rawAcl.Count - 1);
            Assert.True(TestRemoveAudit(systemAcl, rawAcl, (AuditFlags)auditFlags,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags, removePossible));

            //Case 6, all the ACEs in the Sacl are non-qualified ACE, no remove
            Assert.Throws<InvalidOperationException>(() =>
            {
                isContainer = true;
                isDS = false;
                inheritanceFlags = 1;//InheritanceFlags.ContainerInherit
                propagationFlags = 2; //PropagationFlags.InheritOnly

                auditFlags = 3;
                sid = "BA";
                accessMask = 1;
                rawAcl = new RawAcl(0, 1);
                opaque = new byte[4];
                gAce = new CustomAce(AceType.MaxDefinedAceType + 1, AceFlags.InheritanceFlags | AceFlags.AuditFlags, opaque); ;
                rawAcl.InsertAce(0, gAce);
                systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
                //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
                //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
                TestRemoveAudit(systemAcl, rawAcl, (AuditFlags)auditFlags,
    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags, true);
            });
            //Case 7, remove split cause overflow
            // Test case no longer relevant in CoreCLR
            // Non-canonical ACLs cannot be modified
        }
        public static void AdditionalTestCases()
        {
            ICollection myCollection = null;
            GenericAce gAce = null;
            RawAcl rAcl = null;
            GenericAce[] gAces = null;


            // Case 1, null array
            Assert.Throws<ArgumentNullException>(() =>
            {
                rAcl = new RawAcl(0, 1);
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
                rAcl.InsertAce(0, gAce);
                myCollection = (ICollection)rAcl;
                myCollection.CopyTo(gAces, 0);
            });

            // Case 2, negative index
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                rAcl = new RawAcl(0, 1);
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
                rAcl.InsertAce(0, gAce);
                gAces = new GenericAce[rAcl.Count];
                myCollection = (ICollection)rAcl;
                myCollection.CopyTo(gAces, -1);
            });

            // Case 3, 0 size array
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                rAcl = new RawAcl(0, 1);
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
                rAcl.InsertAce(0, gAce);
                gAces = new GenericAce[0];
                myCollection = (ICollection)rAcl;
                myCollection.CopyTo(gAces, 0);
            });

            // Case 4, insufficient size array
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                rAcl = new RawAcl(0, 1);
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
                rAcl.InsertAce(0, gAce);
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
                rAcl.InsertAce(0, gAce);
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BO")), false, null);
                rAcl.InsertAce(0, gAce);

                gAces = new GenericAce[rAcl.Count - 1];
                myCollection = (ICollection)rAcl;
                myCollection.CopyTo(gAces, 0);
            });
            
            //Case 5, RawAcl with huge number of Aces
            rAcl = new RawAcl(0, GenericAcl.MaxBinaryLength);
            for (int i = 0; i < 1820; i++)
            {
                //this ace binary length is 36, 1820 * 36 = 65520
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
                rAcl.InsertAce(0, gAce);
            }
            gAces = new GenericAce[rAcl.Count];
            myCollection = (ICollection)rAcl;
            myCollection.CopyTo(gAces, 0);

            // Case 6, test ICollection.CopyTo, array rank is not one. all the other cases are tested by type-friendly version CopyTo
            //on my machine, a BCL assert as resource Rank_MutiDimNotSupported not found
            Assert.Throws<RankException>(() =>
            {
                rAcl = new RawAcl(0, 1);
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
                rAcl.InsertAce(0, gAce);
                gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
                rAcl.InsertAce(0, gAce);
                GenericAce[,] gAces2 = new GenericAce[1, 2];
                myCollection = (ICollection)rAcl;
                myCollection.CopyTo(gAces2, 0);
            });
        }
        public static void BasicValidationTestCases()
        {
            bool isContainer = false;
            bool isDS = false;

            RawAcl rawAcl = null;
            SystemAcl systemAcl = null;

            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            //CustomAce constructor parameters
            AceType aceType = AceType.AccessAllowed;
            AceFlags aceFlag = AceFlags.None;
            byte[] opaque = null;
            //CompoundAce constructor additional parameters
            int accessMask = 0;
            CompoundAceType compoundAceType = CompoundAceType.Impersonation;
            string sid = "BA";
            //CommonAce constructor additional parameters
            AceQualifier aceQualifier = 0;
            //ObjectAce constructor additional parameters
            ObjectAceFlags objectAceFlag = 0;
            Guid objectAceType;
            Guid inheritedObjectAceType;
            //case 1, no Ace


            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            isContainer = true;
            isDS = false;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveInheritedAces(systemAcl));


            //case 2, only have explicit Ace
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //199 has all AceFlags except InheritOnly and Inherited
            gAce = new CommonAce((AceFlags)199, AceQualifier.SystemAudit, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveInheritedAces(systemAcl));

            //case 3, only have one inherit Ace
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //215 has all AceFlags except InheritOnly
            gAce = new CommonAce((AceFlags)215, AceQualifier.SystemAudit, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveInheritedAces(systemAcl));


            //case 4, have one explicit Ace and one inherited Ace
            revision = 255;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //199 has all AceFlags except InheritOnly and Inherited                    
            gAce = new CommonAce((AceFlags)199, AceQualifier.SystemAudit, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(0, gAce);
            //215 has all AceFlags except InheritOnly                    
            gAce = new CommonAce((AceFlags)215, AceQualifier.SystemAudit, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(1, gAce);
            isContainer = true;
            isDS = false;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveInheritedAces(systemAcl));

            //case 5, have two inherited Aces
            revision = 255;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            //215 has all AceFlags except InheritOnly                    
            gAce = new CommonAce((AceFlags)215, AceQualifier.SystemAudit, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(0, gAce);
            sid = "BA";
            //16 has Inherited
            gAce = new CommonAce((AceFlags)16, AceQualifier.SystemAudit, 1,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveInheritedAces(systemAcl));

            //case 6, 1 inherited CustomAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceType = AceType.MaxDefinedAceType + 1;
            aceFlag = (AceFlags)208; //SuccessfulAccess | FailedAccess | Inherited
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(0, gAce);
            isContainer = false;
            isDS = false;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);

            Assert.True(TestRemoveInheritedAces(systemAcl));

            //case 7,  1 inherited CompoundAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = (AceFlags)223; //all flags ored together
            accessMask = 1;
            compoundAceType = CompoundAceType.Impersonation;
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = false;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveInheritedAces(systemAcl));

            //case 8, 1 inherited ObjectAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = (AceFlags)223; //all flags ored together
            aceQualifier = AceQualifier.SystemAudit;
            accessMask = 1;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(0, gAce);
            isContainer = true;
            isDS = true;
            systemAcl = new SystemAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveInheritedAces(systemAcl));

        }
Exemplo n.º 56
0
        public static void BasicValidationTestCases()
        {
            RawAcl rawAcl = null;
            RawAcl rawAclVerifier = null;
            GenericAce ace = null;
            GenericAce aceVerifier = null;
            int count = 0;
            int index = 0;
            byte revision = 0;
            int capacity = 1;
            int flags = 1;
            int qualifier = 0;
            int accessMask = 1;
            string sid = "BA";
            bool isCallback = false;
            int opaqueSize = 8;
            //test insert at 0
            rawAcl = new RawAcl(revision, capacity);
            rawAclVerifier = new RawAcl(revision, capacity);
            ace = new CommonAce((AceFlags)flags, (AceQualifier)qualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), isCallback, new byte[opaqueSize]);
            index = 0;
            //save current count
            count = rawAcl.Count;
            rawAcl.InsertAce(index, ace);
            //verify the count number increase one
            Assert.True(rawAcl.Count == count + 1);
            //verify the inserted ace is equal to the originial ace
            aceVerifier = rawAcl[index];
            Assert.True(ace == aceVerifier);

            //verify right side aces are equal
            Assert.True(Utils.AclPartialEqual(rawAcl, rawAclVerifier, index + 1, rawAcl.Count - 1, index, count - 1));

            //insert the same ACE to rawAclVerifier for next test
            rawAclVerifier.InsertAce(index, ace);

            //test insert at Count
            sid = "BA";
            ace = new CommonAce((AceFlags)flags, (AceQualifier)qualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), isCallback, new byte[opaqueSize]);
            count = rawAcl.Count;
            index = count;
            rawAcl.InsertAce(index, ace);
            //verify the count number increase one
            Assert.True(rawAcl.Count == count + 1);
            //verify the inserted ace is equal to the originial ace
            aceVerifier = rawAcl[index];
            Assert.True(ace == aceVerifier);

            //verify right side aces are equal
            Assert.True(Utils.AclPartialEqual(rawAcl, rawAclVerifier, index + 1, rawAcl.Count - 1, index, count - 1));

            //insert the same ACE to rawAclVerifier for next test
            rawAclVerifier.InsertAce(index, ace);

            //test insert at Count - 1
            sid = "BG";
            ace = new CommonAce((AceFlags)flags, (AceQualifier)qualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), isCallback, new byte[opaqueSize]);
            count = rawAcl.Count;
            index = count - 1;
            rawAcl.InsertAce(index, ace);

            //verify the count number increase one
            Assert.True(rawAcl.Count == count + 1);
            //verify the inserted ace is equal to the originial ace
            aceVerifier = rawAcl[index];
            Assert.True(ace == aceVerifier);

            //verify right side aces are equal
            Assert.True(Utils.AclPartialEqual(rawAcl, rawAclVerifier, index + 1, rawAcl.Count - 1, index, count - 1));

            //insert the same ACE to rawAclVerifier for next test
            rawAclVerifier.InsertAce(index, ace);

            //test insert at Count /2
            sid = "BO";
            ace = new CommonAce((AceFlags)flags, (AceQualifier)qualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), isCallback, new byte[opaqueSize]);
            rawAcl.InsertAce(0, ace);
            rawAclVerifier.InsertAce(0, ace);
            count = rawAcl.Count;
            index = count / 2;
            sid = "SO";
            ace = new CommonAce((AceFlags)flags, (AceQualifier)qualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), isCallback, new byte[opaqueSize]);
            rawAcl.InsertAce(index, ace);
            //verify the count number increase one
            Assert.True(rawAcl.Count == count + 1);
            //verify the inserted ace is equal to the originial ace
            aceVerifier = rawAcl[index];
            Assert.True(ace == aceVerifier);

            //verify right side aces are equal
            Assert.True(Utils.AclPartialEqual(rawAcl, rawAclVerifier, index + 1, rawAcl.Count - 1, index, count - 1));
        }
        public static void AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            byte[] binaryForm = null;
            int offset = 0;


            //case 1, binaryForm is null
            Assert.Throws<ArgumentNullException>(() =>
            {
                binaryForm = null;
                offset = 0;
                rawAcl = new RawAcl(binaryForm, offset);
            });

            //case 2, binaryForm is empty
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                binaryForm = new byte[0];
                offset = 0;
                rawAcl = new RawAcl(binaryForm, offset);
            });

            //case 3, negative offset                 
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                binaryForm = new byte[100];
                offset = -1;
                rawAcl = new RawAcl(binaryForm, offset);
            });

            //case 4, binaryForm length less than GenericAcl.HeaderLength
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                binaryForm = new byte[4];
                offset = 0;
                rawAcl = new RawAcl(binaryForm, offset);
            });

            //case 5, a RawAcl of length 64K. RawAcl length = HeaderLength + all ACE's  length
            // = HeaderLength + (HeaderLength + OpaqueLength) * num_of_custom_ace
            // = 8 + ( 4 + OpaqueLength) * num_of_custom_ace
            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            string sid = "BG";
            //CustomAce constructor parameters
            AceType aceType = 0;
            AceFlags aceFlag = 0;
            byte[] opaque = null;
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceType = AceType.MaxDefinedAceType + 1;
            aceFlag = (AceFlags)223; //all flags ored together
            opaque = new byte[GenericAcl.MaxBinaryLength - 3 - 8 - 4];//GenericAcl.MaxBinaryLength = 65535, is not multiple of 4
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(0, gAce);
            binaryForm = new byte[rawAcl.BinaryLength];
            rawAcl.GetBinaryForm(binaryForm, 0);
            Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));

            //case 6, a RawAcl of length 64K + 1. RawAcl length = HeaderLength + all ACE's  length
            // = HeaderLength + (HeaderLength + OpaqueLength) * num_of_custom_ace
            // = 8 + ( 4 + OpaqueLength) * num_of_custom_ace

            gAce = null;
            sid = "BA";
            //CustomAce constructor parameters
            aceType = 0;
            aceFlag = 0;
            binaryForm = new byte[65536];

            Assert.Throws<ArgumentException>(() =>
            {
                revision = 127;
                capacity = 1;
                rawAcl = new RawAcl(revision, capacity);
                rawAcl.GetBinaryForm(binaryForm, 0);
                //change the length bytes to 65535
                binaryForm[2] = 0xf;
                binaryForm[3] = 0xf;
                //change the aceCount to 1
                binaryForm[4] = 1;
                aceType = AceType.MaxDefinedAceType + 1;
                aceFlag = (AceFlags)223; //all flags ored together
                opaque = new byte[GenericAcl.MaxBinaryLength + 1 - 8 - 4];//GenericAcl.MaxBinaryLength = 65535, is not multiple of 4
                gAce = new CustomAce(aceType, aceFlag, opaque);
                gAce.GetBinaryForm(binaryForm, 8);
                TestCreateFromBinaryForm(binaryForm, 0, revision, 1, binaryForm.Length);
            });


            //case 7, a valid binary representation with revision 255, 256 Access
            //CommonAce to test the correctness of  the process of the AceCount in the header
            revision = 255;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            for (int i = 0; i < 256; i++)
            {
                gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, i + 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
                rawAcl.InsertAce(0, gAce);
            }
            binaryForm = new byte[rawAcl.BinaryLength + 1000];
            rawAcl.GetBinaryForm(binaryForm, 1000);
            Assert.True(TestCreateFromBinaryForm(binaryForm, 1000, revision, 256, rawAcl.BinaryLength));

            //case 8, array containing garbage
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                binaryForm = new byte[] { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 };
                TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
            });

            //case 9, array containing garbage
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                //binary form shows the length will be 1, actual length is 12
                binaryForm = new byte[] { 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1 };
                TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
            });

            //case 10, array containing garbage
            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                binaryForm = new byte[] { 1, 1, 12, 0, 1, 1, 1, 1, 1, 1, 1, 1 };
                TestCreateFromBinaryForm(binaryForm, offset, revision, 1, 12);
            });
        }
        public static void RemoveAccessSpecific_AdditionalTestCases()
        {
            RawAcl rawAcl = null;
            DiscretionaryAcl discretionaryAcl = null;
            bool isContainer = false;
            bool isDS = false;

            int accessControlType = 0;
            string sid = null;
            int accessMask = 1;
            int inheritanceFlags = 0;
            int propagationFlags = 0;
            GenericAce gAce = null;
            byte[] opaque = null;
            //Case 1, remove one ACE from the DiscretionaryAcl with no ACE
            isContainer = true;
            isDS = false;
            accessControlType = 1;
            sid = "BA";
            accessMask = 1;
            inheritanceFlags = 3;
            propagationFlags = 3;
            rawAcl = new RawAcl(0, 1);
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            Assert.True(TestRemoveAccessSpecific(discretionaryAcl, rawAcl, (AccessControlType)accessControlType,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags))
            ;


            //Case 2, remove the last one ACE from the DiscretionaryAcl
            isContainer = true;
            isDS = false;
            accessControlType = 0;
            sid = "BA";
            accessMask = 1;
            inheritanceFlags = 3;
            propagationFlags = 3;
            rawAcl = new RawAcl(0, 1);
            //15 = AceFlags.ObjectInherit |AceFlags.ContainerInherit | AceFlags.NoPropagateInherit | AceFlags.InheritOnly
            gAce = new CommonAce((AceFlags)15, AceQualifier.AccessAllowed, accessMask,
                new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(rawAcl.Count, gAce);
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
            //remove the ace to create the validation rawAcl
            rawAcl.RemoveAce(rawAcl.Count - 1);
            Assert.True(TestRemoveAccessSpecific(discretionaryAcl, rawAcl, (AccessControlType)accessControlType,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags))
               ;


            //Case 3, accessMask = 0
            Assert.Throws<ArgumentException>(() =>
            {
                isContainer = true;
                isDS = false;
                accessControlType = 1;
                sid = "BA";
                accessMask = 0;
                inheritanceFlags = 3;
                propagationFlags = 3;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
                discretionaryAcl.RemoveAccessSpecific((AccessControlType)accessControlType,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);



            });

            //Case 4, null sid
            Assert.Throws<ArgumentNullException>(() =>
            {
                isContainer = true;
                isDS = false;
                accessControlType = 1;
                accessMask = 1;
                sid = "BA";
                inheritanceFlags = 3;
                propagationFlags = 3;
                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);
                discretionaryAcl.RemoveAccessSpecific((AccessControlType)accessControlType, null, accessMask, (InheritanceFlags)inheritanceFlags, (PropagationFlags)propagationFlags);



            });

            //Case 5, all the ACEs in the Dacl are non-qualified ACE, no remove

            isContainer = true;
            isDS = false;

            inheritanceFlags = 1;//InheritanceFlags.ContainerInherit
            propagationFlags = 2; //PropagationFlags.InheritOnly

            accessControlType = 0;
            sid = "BA";
            accessMask = 1;

            rawAcl = new RawAcl(0, 1);
            opaque = new byte[4];
            gAce = new CustomAce(AceType.MaxDefinedAceType + 1, AceFlags.InheritanceFlags, opaque); ;
            rawAcl.InsertAce(0, gAce);
            discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

            //After Mark changes design to make ACL with any CustomAce, CompoundAce uncanonical and
            //forbid the modification on uncanonical ACL, this case will throw InvalidOperationException
            Assert.Throws<InvalidOperationException>(() =>
            {
                TestRemoveAccessSpecific
                        (discretionaryAcl, rawAcl,
                        (AccessControlType)accessControlType,
                        new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)),
                        accessMask,
                        (InheritanceFlags)inheritanceFlags,
                        (PropagationFlags)propagationFlags);

            });

            //Case 7, Remove Specific Ace of NOT(AccessControlType.Allow |AccessControlType.Denied) to the DiscretionaryAcl with no ACE, 
            // should throw appropriate exception for wrong parameter, bug#287188

            Assert.Throws<ArgumentOutOfRangeException>(() =>
            {
                isContainer = true;
                isDS = false;

                inheritanceFlags = 1;//InheritanceFlags.ContainerInherit
                propagationFlags = 2; //PropagationFlags.InheritOnly

                accessControlType = 100;
                sid = "BA";
                accessMask = 1;

                rawAcl = new RawAcl(0, 1);
                discretionaryAcl = new DiscretionaryAcl(isContainer, isDS, rawAcl);

                discretionaryAcl.RemoveAccessSpecific((AccessControlType)accessControlType,
                    new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)),
                    accessMask,
                    (InheritanceFlags)inheritanceFlags,
                    (PropagationFlags)propagationFlags);


            });
        }
        public static void BasicValidationTestCases()
        {

            RawAcl rawAcl = null;
            byte[] binaryForm = null;
            int offset = 0;

            GenericAce gAce = null;
            byte revision = 0;
            int capacity = 0;
            //CustomAce constructor parameters
            AceType aceType = AceType.AccessAllowed;
            AceFlags aceFlag = AceFlags.None;
            byte[] opaque = null;
            //CompoundAce constructor additional parameters
            int accessMask = 0;
            CompoundAceType compoundAceType = CompoundAceType.Impersonation;
            string sid = "BA";
            //CommonAce constructor additional parameters
            AceQualifier aceQualifier = 0;
            //ObjectAce constructor additional parameters
            ObjectAceFlags objectAceFlag = 0;
            Guid objectAceType;
            Guid inheritedObjectAceType;

            //case 1, a valid binary representation with revision 0, 1 SystemAudit CommonAce
            revision = 0;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            binaryForm = new byte[rawAcl.BinaryLength];
            rawAcl.GetBinaryForm(binaryForm, 0);
            Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));

            //case 2, a valid binary representation with revision 255, 1 AccessAllowed CommonAce
            revision = 255;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            binaryForm = new byte[rawAcl.BinaryLength];
            rawAcl.GetBinaryForm(binaryForm, 0);
            Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));


            //case 3, a valid binary representation with revision 127, 1 CustomAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceType = AceType.MaxDefinedAceType + 1;
            aceFlag = (AceFlags)223; //all flags ored together
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(0, gAce);
            binaryForm = new byte[rawAcl.BinaryLength];
            rawAcl.GetBinaryForm(binaryForm, 0);
            Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));

            //case 4, a valid binary representation with revision 1, 1 CompoundAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = (AceFlags)223; //all flags ored together
            accessMask = 1;
            compoundAceType = CompoundAceType.Impersonation;
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
            rawAcl.InsertAce(0, gAce);
            binaryForm = new byte[rawAcl.BinaryLength];
            rawAcl.GetBinaryForm(binaryForm, 0);
            Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));


            //case 5, a valid binary representation with revision 1, 1 ObjectAce
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            aceFlag = (AceFlags)223; //all flags ored together
            aceQualifier = AceQualifier.AccessAllowed;
            accessMask = 1;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(0, gAce);
            binaryForm = new byte[rawAcl.BinaryLength];
            rawAcl.GetBinaryForm(binaryForm, 0);
            Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 1, rawAcl.BinaryLength));

            //case 6, a valid binary representation with revision 1, no Ace
            revision = 127;
            capacity = 1;
            rawAcl = new RawAcl(revision, capacity);
            binaryForm = new byte[rawAcl.BinaryLength];
            rawAcl.GetBinaryForm(binaryForm, 0);
            Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 0, rawAcl.BinaryLength));

            //case 7, a valid binary representation with revision 1, and all Aces from case 1 to 5
            revision = 127;
            capacity = 5;
            rawAcl = new RawAcl(revision, capacity);
            //SystemAudit CommonAce
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            //Access Allowed CommonAce
            gAce = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), false, null);
            rawAcl.InsertAce(0, gAce);
            //CustomAce
            aceType = AceType.MaxDefinedAceType + 1;
            aceFlag = (AceFlags)223; //all flags ored together
            opaque = null;
            gAce = new CustomAce(aceType, aceFlag, opaque);
            rawAcl.InsertAce(0, gAce);
            //CompoundAce
            aceFlag = (AceFlags)223; //all flags ored together
            accessMask = 1;
            compoundAceType = CompoundAceType.Impersonation;
            gAce = new CompoundAce(aceFlag, accessMask, compoundAceType, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)));
            rawAcl.InsertAce(0, gAce);
            //ObjectAce
            aceFlag = (AceFlags)223; //all flags ored together
            aceQualifier = AceQualifier.AccessAllowed;
            accessMask = 1;
            objectAceFlag = ObjectAceFlags.ObjectAceTypePresent | ObjectAceFlags.InheritedObjectAceTypePresent;
            objectAceType = new Guid("11111111-1111-1111-1111-111111111111");
            inheritedObjectAceType = new Guid("22222222-2222-2222-2222-222222222222");
            gAce = new ObjectAce(aceFlag, aceQualifier, accessMask, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(sid)), objectAceFlag, objectAceType, inheritedObjectAceType, false, null);
            rawAcl.InsertAce(0, gAce);
            binaryForm = new byte[rawAcl.BinaryLength];
            rawAcl.GetBinaryForm(binaryForm, 0);
            Assert.True(TestCreateFromBinaryForm(binaryForm, offset, revision, 5, rawAcl.BinaryLength));

        }
Exemplo n.º 60
0
        public static void BasicValidationTestCases()
        {
            RawAcl rawAcl = null;
            SystemAcl systemAcl = null;

            GenericAce gAce = null;
            GenericAce verifierGAce = null;
            string owner1 = "BO";
            string owner2 = "BA";
            string owner3 = "BG";
            int index = 0;

            // case 1, only one ACE, get at index 0
            rawAcl = new RawAcl(1, 1);
            index = 0;
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner1)), false, null);
            rawAcl.InsertAce(0, gAce);
            systemAcl = new SystemAcl(false, false, rawAcl);
            verifierGAce = systemAcl[index];
            Assert.True(TestIndex(gAce, verifierGAce));

            //case 2, two ACEs, index at Count -1
            rawAcl = new RawAcl(1, 2);
            //208 has SuccessfulAccess, FailedAccess and Inherited
            gAce = new CommonAce((AceFlags)208, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner1)), false, null);
            rawAcl.InsertAce(0, gAce);
            //gAce = new CommonAce(AceFlags.FailedAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(owner2), false, null);                    
            gAce = new CommonAce(AceFlags.FailedAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner1)), false, null);
            rawAcl.InsertAce(1, gAce);
            systemAcl = new SystemAcl(false, false, rawAcl);
            gAce = rawAcl[1];
            index = systemAcl.Count - 1;

            verifierGAce = systemAcl[index];
            Assert.True(TestIndex(gAce, verifierGAce));

            //case 3, only three ACEs, index at Count/2
            rawAcl = new RawAcl(1, 3);
            //215 has all AceFlags except InheritOnly                    
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.OI | FlagsForAce.CI | FlagsForAce.NP | FlagsForAce.IH), AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner2)), false, null);
            rawAcl.InsertAce(0, gAce);
            //208 has SuccessfulAccess, FailedAccess and Inherited
            gAce = new CommonAce((AceFlags)(FlagsForAce.AuditFlags | FlagsForAce.IH), AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner1)), false, null);
            rawAcl.InsertAce(1, gAce);

            gAce = new CommonAce(AceFlags.FailedAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid(owner3)), false, null);
            rawAcl.InsertAce(2, gAce);
            systemAcl = new SystemAcl(false, false, rawAcl);
            gAce = rawAcl[1];
            index = systemAcl.Count / 2;
            verifierGAce = systemAcl[index];
            Assert.True(TestIndex(gAce, verifierGAce));
            //case 4, 3 ACEs, test merge, index at Count -1
            rawAcl = new RawAcl(1, 2);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BA")), false, null);
            rawAcl.InsertAce(0, gAce);
            gAce = new CommonAce(AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(1, gAce);
            gAce = new CommonAce(AceFlags.FailedAccess, AceQualifier.SystemAudit, 1, new SecurityIdentifier(Utils.TranslateStringConstFormatSidToStandardFormatSid("BG")), false, null);
            rawAcl.InsertAce(2, gAce);
            systemAcl = new SystemAcl(false, false, rawAcl);
            gAce = rawAcl[1];
            gAce.AceFlags = AceFlags.SuccessfulAccess | AceFlags.FailedAccess;
            index = systemAcl.Count - 1;

            verifierGAce = systemAcl[index];
            Assert.True(TestIndex(gAce, verifierGAce));
        }