public FileEffectiveRights53ObjectCollector(WmiDataProvider wmiDataProvider) { this.WmiProvider = wmiDataProvider; this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); this.Cache = new Dictionary <string, IEnumerable <fileeffectiverights_item> >(); this.FlatCache = new Dictionary <string, fileeffectiverights_item>(); }
public FileEffectiveRights53ObjectCollector(WmiDataProvider wmiDataProvider) { this.WmiProvider = wmiDataProvider; this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); this.Cache = new Dictionary<string, IEnumerable<fileeffectiverights_item>>(); this.FlatCache = new Dictionary<string, fileeffectiverights_item>(); }
private WMIWinACE GetRegistryKeyACLForUser(string hive, string key, string trusteeSID) { var hiveID = (RegistryHive)RegistryHelper.GetHiveKeyIdFromHiveName(hive); var collectedUserDACL = AccessControlListProvider .GetRegistryKeyEffectiveRights(this.TargetInfo, hiveID, key, trusteeSID); var daclDissambler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); return(daclDissambler.GetSecurityDescriptorFromAccessMask(collectedUserDACL)); }
private void CheckWmiDataProviderInstance() { if (this.WmiDataProvider == null) { var newConnectionScope = this.CreateConnectedManagementScope(); this.WmiDataProvider = new WmiDataProvider(newConnectionScope); } if (this.WindowsSecurityDescriptorDisassembler == null) { this.WindowsSecurityDescriptorDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.SACL); } }
public void Should_be_possible_to_disassembly_windows_security_descriptor() { var winACLDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); var winACE = winACLDisassembler.GetSecurityDescriptorFromAccessMask(KEY_CREATE_LINK_PERMISSION); Assert.IsTrue(winACE.KEY_CREATE_LINK, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_LINK")); Assert.IsFalse(winACE.KEY_CREATE_SUB_KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_SUB_KEY")); Assert.IsFalse(winACE.KEY_ENUMERATE_SUB_KEYS, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_ENUMERATE_SUB_KEYS")); Assert.IsFalse(winACE.KEY_NOTIFY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_NOTIFY")); Assert.IsFalse(winACE.KEY_QUERY_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_QUERY_VALUE")); Assert.IsFalse(winACE.KEY_SET_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_SET_VALUE")); Assert.IsFalse(winACE.KEY_WOW64_32KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_32KEY")); Assert.IsFalse(winACE.KEY_WOW64_64KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_64KEY")); }
private void FillCollectedItemFromUserWinACEs( fileeffectiverights_item fileEffectiveRightsItem, object managementWinACEs) { var userTrusteeName = fileEffectiveRightsItem.trustee_name.Value; var daclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); var userDACLs = daclDisassembler.GetSecurityDescriptorsFromManagementObject(managementWinACEs, userTrusteeName, this.WmiDataProvider); var userEffectiveRights = this.CalculateUserEffectiveRightsForItem(userDACLs); if (userEffectiveRights == null) { throw new UserNotFoundException(); } this.AdjustGenericRights(userEffectiveRights); fileEffectiveRightsItem.trustee_name = null; fileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(userEffectiveRights.Trustee.SIDString); #region Setting File Effective Rights Entities fileEffectiveRightsItem.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.ACCESS_SYSTEM_SECURITY); fileEffectiveRightsItem.file_append_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_APPEND_DATA); fileEffectiveRightsItem.file_delete_child = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_DELETE_CHILD); fileEffectiveRightsItem.file_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_EXECUTE); fileEffectiveRightsItem.file_read_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_ATTRIBUTES); fileEffectiveRightsItem.file_read_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_DATA); fileEffectiveRightsItem.file_read_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_EA); fileEffectiveRightsItem.file_write_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_ATTRIBUTES); fileEffectiveRightsItem.file_write_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_DATA); fileEffectiveRightsItem.file_write_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_EA); fileEffectiveRightsItem.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_ALL); fileEffectiveRightsItem.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_EXECUTE); fileEffectiveRightsItem.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_READ); fileEffectiveRightsItem.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_WRITE); fileEffectiveRightsItem.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.DELETE); fileEffectiveRightsItem.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.READ_CONTROL); fileEffectiveRightsItem.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.SYNCHRONIZE); fileEffectiveRightsItem.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_DAC); fileEffectiveRightsItem.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_OWNER); #endregion }
public RegKeyEffectiveRightsObjectCollector() { this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); }
private WMIWinACE GetRegistryKeyACLForUser(string hive, string key, string trusteeSID) { var hiveID = (RegistryHive)RegistryHelper.GetHiveKeyIdFromHiveName(hive); var collectedUserDACL = AccessControlListProvider .GetRegistryKeyEffectiveRights(this.TargetInfo, hiveID, key, trusteeSID); var daclDissambler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); return daclDissambler.GetSecurityDescriptorFromAccessMask(collectedUserDACL); }
public RegKeyEffectiveRightsObjectCollector() { this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); }
public void Should_be_possible_to_disassembly_windows_security_descriptor() { var winACLDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); var winACE = winACLDisassembler.GetSecurityDescriptorFromAccessMask(KEY_CREATE_LINK_PERMISSION); Assert.IsTrue(winACE.KEY_CREATE_LINK, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_LINK")); Assert.IsFalse(winACE.KEY_CREATE_SUB_KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_SUB_KEY")); Assert.IsFalse(winACE.KEY_ENUMERATE_SUB_KEYS, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_ENUMERATE_SUB_KEYS")); Assert.IsFalse(winACE.KEY_NOTIFY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_NOTIFY")); Assert.IsFalse(winACE.KEY_QUERY_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_QUERY_VALUE")); Assert.IsFalse(winACE.KEY_SET_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_SET_VALUE")); Assert.IsFalse(winACE.KEY_WOW64_32KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_32KEY")); Assert.IsFalse(winACE.KEY_WOW64_64KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_64KEY")); }
private void CheckWmiDataProviderInstance() { if (this.WmiDataProvider == null) { var newConnectionScope = this.CreateConnectedManagementScope(); this.WmiDataProvider = new WmiDataProvider(newConnectionScope); } if (this.WindowsSecurityDescriptorDisassembler == null) this.WindowsSecurityDescriptorDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.SACL); }
private void FillCollectedItemFromUserWinACEs( fileeffectiverights_item fileEffectiveRightsItem, object managementWinACEs) { var userTrusteeName = fileEffectiveRightsItem.trustee_name.Value; var daclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL); var userDACLs = daclDisassembler.GetSecurityDescriptorsFromManagementObject(managementWinACEs, userTrusteeName, this.WmiDataProvider); var userEffectiveRights = this.CalculateUserEffectiveRightsForItem(userDACLs); if (userEffectiveRights == null) throw new UserNotFoundException(); this.AdjustGenericRights(userEffectiveRights); fileEffectiveRightsItem.trustee_name = null; fileEffectiveRightsItem.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(userEffectiveRights.Trustee.SIDString); #region Setting File Effective Rights Entities fileEffectiveRightsItem.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.ACCESS_SYSTEM_SECURITY); fileEffectiveRightsItem.file_append_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_APPEND_DATA); fileEffectiveRightsItem.file_delete_child = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_DELETE_CHILD); fileEffectiveRightsItem.file_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_EXECUTE); fileEffectiveRightsItem.file_read_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_ATTRIBUTES); fileEffectiveRightsItem.file_read_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_DATA); fileEffectiveRightsItem.file_read_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_READ_EA); fileEffectiveRightsItem.file_write_attributes = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_ATTRIBUTES); fileEffectiveRightsItem.file_write_data = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_DATA); fileEffectiveRightsItem.file_write_ea = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.FILE_WRITE_EA); fileEffectiveRightsItem.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_ALL); fileEffectiveRightsItem.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_EXECUTE); fileEffectiveRightsItem.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_READ); fileEffectiveRightsItem.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.GENERIC_WRITE); fileEffectiveRightsItem.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.DELETE); fileEffectiveRightsItem.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.READ_CONTROL); fileEffectiveRightsItem.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.SYNCHRONIZE); fileEffectiveRightsItem.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_DAC); fileEffectiveRightsItem.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(userEffectiveRights.WRITE_OWNER); #endregion }