public void FillItemTypeWithData(accesstoken_item itemTypeToFill, object collectedData)
{
var allCollectedAccessTokens = (List<string>)collectedData;
this.SetExistentAccessTokens(itemTypeToFill, allCollectedAccessTokens);
this.SetAbsentAccessTokens(itemTypeToFill);
}
public void Should_be_possible_to_collect_an_accesstoken_item_with_error_status()
{
var fakeItemWithError = new accesstoken_item() { status = StatusEnumeration.error, security_principle = new EntityItemStringType() { Value = "lfernandes" } };
var collectedItems = new AccessTokenObjectCollector().CollectDataForSystemItem(fakeItemWithError);
Assert.AreEqual(StatusEnumeration.error, collectedItems.Single().ItemType.status);
}
private IEnumerable<ItemType> CreateItemsToCollectFromSecurityPrincipleList(IList<string> securityPrinciples)
{
var itemsToCollect = new List<ItemType>();
foreach (var securityPrinciple in securityPrinciples)
{
var newItem = new accesstoken_item() { security_principle = OvalHelper.CreateItemEntityWithStringValue(securityPrinciple) };
itemsToCollect.Add(newItem);
}
return itemsToCollect;
}
public void Should_be_possible_to_collect_a_simple_accesstoken_object()
{
var fakeItemToCollect = new accesstoken_item() { security_principle = new EntityItemStringType() { Value = "mss\\lfernandes" } };
var systemDataSource = this.CreateMockedSystemDataSource(new string[] { "SeDebugPrivilege", "SeDenyRemoteInteractiveLogonRight", "SeDenyBatchLogonRight" }.ToList(), null);
var collectedItems = systemDataSource.CollectDataForSystemItem(fakeItemToCollect);
this.DoBasicAssert(collectedItems, 1);
var collectedAccessTokenItem = (accesstoken_item)collectedItems.Single().ItemType;
Assert.AreEqual(StatusEnumeration.exists, collectedAccessTokenItem.status, "Unexpected item type status was found.");
this.AssertSecurityPrincipalEntity(collectedAccessTokenItem);
this.AssertExistentAccessTokens(collectedAccessTokenItem);
this.AssertAbsentAccessTokens(collectedAccessTokenItem);
}
public void Should_be_possible_to_create_collected_accesstoken_item_if_an_error_occurs()
{
var fakeItemToCollect = new accesstoken_item() { security_principle = new EntityItemStringType() { Value = "mss\\lfernandes" } };
var systemDataSource = this.CreateMockedSystemDataSource(new string[] { }.ToList(), new Exception(TEST_EXCEPTION_MESSAGE));
var collectedItems = systemDataSource.CollectDataForSystemItem(fakeItemToCollect);
this.DoBasicAssert(collectedItems, 1);
var collectedItem = collectedItems.Single().ItemType;
Assert.AreEqual(StatusEnumeration.error, collectedItem.status);
Assert.IsNotNull(collectedItem.message);
Assert.IsTrue(collectedItem.message.First().Value.Contains("AccessTokenObjectCollector"));
}
private void AssertAbsentAccessTokens(accesstoken_item collectedAccessTokenItem)
{
this.assertAccessToken(collectedAccessTokenItem.seassignprimarytokenprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seauditprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sebackupprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sebatchlogonright, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sechangenotifyprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.secreateglobalprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.secreatepagefileprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.secreatepermanentprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.secreatesymboliclinkprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.secreatetokenprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sedenyinteractivelogonright, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sedenynetworklogonright, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sedenyservicelogonright, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seenabledelegationprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seimpersonateprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seincreasebasepriorityprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seincreasequotaprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seincreaseworkingsetprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seinteractivelogonright, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seloaddriverprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.selockmemoryprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.semachineaccountprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.semanagevolumeprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.senetworklogonright, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seprofilesingleprocessprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.serelabelprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seremoteinteractivelogonright, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seremoteshutdownprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.serestoreprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sesecurityprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seservicelogonright, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seshutdownprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sesyncagentprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sesystemenvironmentprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sesystemprofileprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.sesystemtimeprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.setakeownershipprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.setcbprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.setimezoneprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seundockprivilege, ABSENT);
this.assertAccessToken(collectedAccessTokenItem.seunsolicitedinputprivilege, ABSENT);
}
private void AssertExistentAccessTokens(accesstoken_item collectedAccessTokenItem)
{
this.assertAccessToken(collectedAccessTokenItem.sedebugprivilege, EXISTENT);
this.assertAccessToken(collectedAccessTokenItem.sedenyremoteInteractivelogonright, EXISTENT);
this.assertAccessToken(collectedAccessTokenItem.sedenybatchLogonright, EXISTENT);
}
private void AssertSecurityPrincipalEntity(accesstoken_item collectedAccessTokenItem)
{
Assert.IsNotNull(collectedAccessTokenItem.security_principle);
Assert.AreEqual("mss\\lfernandes", collectedAccessTokenItem.security_principle.Value);
}
private void SetAbsentAccessTokens(accesstoken_item accessTokenItemType)
{
if (accessTokenItemType.sesecurityprivilege == null)
accessTokenItemType.sesecurityprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.sebackupprivilege == null)
accessTokenItemType.sebackupprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.serestoreprivilege == null)
accessTokenItemType.serestoreprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.sesystemtimeprivilege == null)
accessTokenItemType.sesystemtimeprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seshutdownprivilege == null)
accessTokenItemType.seshutdownprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seremoteshutdownprivilege == null)
accessTokenItemType.seremoteshutdownprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.setakeownershipprivilege == null)
accessTokenItemType.setakeownershipprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.sedebugprivilege == null)
accessTokenItemType.sedebugprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.sesystemenvironmentprivilege == null)
accessTokenItemType.sesystemenvironmentprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.sesystemprofileprivilege == null)
accessTokenItemType.sesystemprofileprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seprofilesingleprocessprivilege == null)
accessTokenItemType.seprofilesingleprocessprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seincreasebasepriorityprivilege == null)
accessTokenItemType.seincreasebasepriorityprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seloaddriverprivilege == null)
accessTokenItemType.seloaddriverprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.secreatepagefileprivilege == null)
accessTokenItemType.secreatepagefileprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seincreasequotaprivilege == null)
accessTokenItemType.seincreasequotaprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.sechangenotifyprivilege == null)
accessTokenItemType.sechangenotifyprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seundockprivilege == null)
accessTokenItemType.seundockprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.semanagevolumeprivilege == null)
accessTokenItemType.semanagevolumeprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seimpersonateprivilege == null)
accessTokenItemType.seimpersonateprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.secreateglobalprivilege == null)
accessTokenItemType.secreateglobalprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.setimezoneprivilege == null)
accessTokenItemType.setimezoneprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.secreatesymboliclinkprivilege == null)
accessTokenItemType.secreatesymboliclinkprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seinteractivelogonright == null)
accessTokenItemType.seinteractivelogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.senetworklogonright == null)
accessTokenItemType.senetworklogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.sebatchlogonright == null)
accessTokenItemType.sebatchlogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.seremoteinteractivelogonright == null)
accessTokenItemType.seremoteinteractivelogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.seassignprimarytokenprivilege == null)
accessTokenItemType.seassignprimarytokenprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seauditprivilege == null)
accessTokenItemType.seauditprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.secreatepermanentprivilege == null)
accessTokenItemType.secreatepermanentprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.secreatetokenprivilege == null)
accessTokenItemType.secreatetokenprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seenabledelegationprivilege == null)
accessTokenItemType.seenabledelegationprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seincreaseworkingsetprivilege == null)
accessTokenItemType.seincreaseworkingsetprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.selockmemoryprivilege == null)
accessTokenItemType.selockmemoryprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.semachineaccountprivilege == null)
accessTokenItemType.semachineaccountprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.serelabelprivilege == null)
accessTokenItemType.serelabelprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.sesyncagentprivilege == null)
accessTokenItemType.sesyncagentprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.setcbprivilege == null)
accessTokenItemType.setcbprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seunsolicitedinputprivilege == null)
accessTokenItemType.seunsolicitedinputprivilege = this.CreateFalseEntityItem();
if (accessTokenItemType.seservicelogonright == null)
accessTokenItemType.seservicelogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.sedenybatchLogonright == null)
accessTokenItemType.sedenybatchLogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.sedenyinteractivelogonright == null)
accessTokenItemType.sedenyinteractivelogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.sedenynetworklogonright == null)
accessTokenItemType.sedenynetworklogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.sedenyremoteInteractivelogonright == null)
accessTokenItemType.sedenyremoteInteractivelogonright = this.CreateFalseEntityItem();
if (accessTokenItemType.sedenyservicelogonright == null)
accessTokenItemType.sedenyservicelogonright = this.CreateFalseEntityItem();
}
private void SetExistentAccessTokens(accesstoken_item accessTokenItemType, List<string> collectedAccessTokens)
{
foreach (string accessToken in collectedAccessTokens)
{
switch (accessToken)
{
case "SeSecurityPrivilege": accessTokenItemType.sesecurityprivilege = CreateTrueEntityItem(); break;
case "SeBackupPrivilege": accessTokenItemType.sebackupprivilege = CreateTrueEntityItem(); break;
case "SeRestorePrivilege": accessTokenItemType.serestoreprivilege = CreateTrueEntityItem(); break;
case "SeSystemtimePrivilege": accessTokenItemType.sesystemtimeprivilege = CreateTrueEntityItem(); break;
case "SeShutdownPrivilege": accessTokenItemType.seshutdownprivilege = CreateTrueEntityItem(); break;
case "SeRemoteShutdownPrivilege": accessTokenItemType.seremoteshutdownprivilege = CreateTrueEntityItem(); break;
case "SeTakeOwnershipPrivilege": accessTokenItemType.setakeownershipprivilege = CreateTrueEntityItem(); break;
case "SeDebugPrivilege": accessTokenItemType.sedebugprivilege = CreateTrueEntityItem(); break;
case "SeSystemEnvironmentPrivilege": accessTokenItemType.sesystemenvironmentprivilege = CreateTrueEntityItem(); break;
case "SeSystemProfilePrivilege": accessTokenItemType.sesystemprofileprivilege = CreateTrueEntityItem(); break;
case "SeProfileSingleProcessPrivilege": accessTokenItemType.seprofilesingleprocessprivilege = CreateTrueEntityItem(); break;
case "SeIncreaseBasePriorityPrivilege": accessTokenItemType.seincreasebasepriorityprivilege = CreateTrueEntityItem(); break;
case "SeLoadDriverPrivilege": accessTokenItemType.seloaddriverprivilege = CreateTrueEntityItem(); break;
case "SeCreatePagefilePrivilege": accessTokenItemType.secreatepagefileprivilege = CreateTrueEntityItem(); break;
case "SeIncreaseQuotaPrivilege": accessTokenItemType.seincreasequotaprivilege = CreateTrueEntityItem(); break;
case "SeChangeNotifyPrivilege": accessTokenItemType.sechangenotifyprivilege = CreateTrueEntityItem(); break;
case "SeUndockPrivilege": accessTokenItemType.seundockprivilege = CreateTrueEntityItem(); break;
case "SeManageVolumePrivilege": accessTokenItemType.semanagevolumeprivilege = CreateTrueEntityItem(); break;
case "SeImpersonatePrivilege": accessTokenItemType.seimpersonateprivilege = CreateTrueEntityItem(); break;
case "SeCreateGlobalPrivilege": accessTokenItemType.secreateglobalprivilege = CreateTrueEntityItem(); break;
case "SeTimeZonePrivilege": accessTokenItemType.setimezoneprivilege = CreateTrueEntityItem(); break;
case "SeCreateSymbolicLinkPrivilege": accessTokenItemType.secreatesymboliclinkprivilege = CreateTrueEntityItem(); break;
case "SeInteractiveLogonRight": accessTokenItemType.seinteractivelogonright = CreateTrueEntityItem(); break;
case "SeNetworkLogonRight": accessTokenItemType.senetworklogonright = CreateTrueEntityItem(); break;
case "SeBatchLogonRight": accessTokenItemType.sebatchlogonright = CreateTrueEntityItem(); break;
case "SeRemoteInteractiveLogonRight": accessTokenItemType.seremoteinteractivelogonright = CreateTrueEntityItem(); break;
case "SeAssignPrimaryTokenPrivilege": accessTokenItemType.seassignprimarytokenprivilege = CreateTrueEntityItem(); break;
case "SeAuditPrivilege": accessTokenItemType.seauditprivilege = CreateTrueEntityItem(); break;
case "SeCreatePermanentPrivilege": accessTokenItemType.secreatepermanentprivilege = CreateTrueEntityItem(); break;
case "SeCreateTokenPrivilege": accessTokenItemType.secreatetokenprivilege = CreateTrueEntityItem(); break;
case "SeEnableDelegationPrivilege": accessTokenItemType.seenabledelegationprivilege = CreateTrueEntityItem(); break;
case "SeIncreaseWorkingSetPrivilege": accessTokenItemType.seincreaseworkingsetprivilege = CreateTrueEntityItem(); break;
case "SeLockMemoryPrivilege": accessTokenItemType.selockmemoryprivilege = CreateTrueEntityItem(); break;
case "SeMachineAccountPrivilege": accessTokenItemType.semachineaccountprivilege = CreateTrueEntityItem(); break;
case "SeRelabelPrivilege": accessTokenItemType.serelabelprivilege = CreateTrueEntityItem(); break;
case "SeSyncAgentPrivilege": accessTokenItemType.sesyncagentprivilege = CreateTrueEntityItem(); break;
case "SeTcbPrivilege": accessTokenItemType.setcbprivilege = CreateTrueEntityItem(); break;
case "SeUnsolicitedInputPrivilege": accessTokenItemType.seunsolicitedinputprivilege = CreateTrueEntityItem(); break;
case "SeServiceLogonRight": accessTokenItemType.seservicelogonright = CreateTrueEntityItem(); break;
case "SeDenyBatchLogonRight": accessTokenItemType.sedenybatchLogonright = CreateTrueEntityItem(); break;
case "SeDenyInteractiveLogonRight": accessTokenItemType.sedenyinteractivelogonright = CreateTrueEntityItem(); break;
case "SeDenyNetworkLogonRight": accessTokenItemType.sedenynetworklogonright = CreateTrueEntityItem(); break;
case "SeDenyRemoteInteractiveLogonRight": accessTokenItemType.sedenyremoteInteractivelogonright = CreateTrueEntityItem(); break;
case "SeDenyServiceLogonRight": accessTokenItemType.sedenyservicelogonright = CreateTrueEntityItem(); break;
}
}
}
private string TryToGetAccountNameFromItem(accesstoken_item accesstokenItem)
{
var entityItem = accesstokenItem.security_principle;
bool isSecurityPrincipalUndefined = ((entityItem == null) || (string.IsNullOrWhiteSpace(entityItem.Value)));
return isSecurityPrincipalUndefined ? string.Empty : entityItem.Value;
}
