Пример #1
0
        protected override void ConfigureObjectCollector()
        {
            if (base.ObjectCollector == null)
            {
                var connectionScope = ((FileConnectionProvider)FileConnectionProvider).ConnectionScope;
                var newWmiDataProvider = new WmiDataProvider(connectionScope);
                var newFileProvider = new WindowsFileProvider(TargetInfo) { WmiDataProvider = newWmiDataProvider };

                ObjectCollector = new TextFileContentObjectCollector() { FileContentProvider = newFileProvider, TargetInfo = TargetInfo };
                FileDataSource = new FileObjectCollector() { WmiDataProvider = newWmiDataProvider };
            }

            if (base.ItemTypeGenerator == null)
            {
                var newFileProvider =
                    new WindowsFileProvider(this.TargetInfo)
                    {
                        WmiDataProvider =
                            WmiDataProviderFactory
                                .CreateWmiDataProviderForFileSearching(this.TargetInfo)
                    };

                var newOperationEvaluator =
                    new TextFileContentEntityOperationEvaluator(ObjectCollector, newFileProvider, FamilyEnumeration.windows);

                ItemTypeGenerator = new TextFileContentItemTypeGenerator()
                {
                    OperationEvaluator = newOperationEvaluator
                };
            }
        }
 public FileEffectiveRights53ObjectCollector(WmiDataProvider wmiDataProvider)
 {
     this.WmiProvider = wmiDataProvider;
     this.DaclDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
     this.Cache = new Dictionary<string, IEnumerable<fileeffectiverights_item>>();
     this.FlatCache = new Dictionary<string, fileeffectiverights_item>();
 }
        protected override void ConfigureObjectCollector()
        {
            if (base.ObjectCollector == null)
            {
                var newWmiProvider = new WmiDataProvider(((RegKeyEffectiveRights53ConnectionProvider)base.ConnectionProvider).ConnectionScope);
                base.ObjectCollector = new RegKeyEffectiveRightsObjectCollector() 
                { 
                    TargetInfo = this.TargetInfo, 
                    WmiDataProvider = newWmiProvider,
                    AccessControlListProvider = AccessControlListProvider.CreateInstance()
                };
            }

            if (base.ItemTypeGenerator == null)
                base.ItemTypeGenerator =
                    new RegKeyEffectiveRightsItemTypeGenerator()
                    {
                        OperationEvaluator = new RegKeyEffectiveRightsOperationEvaluator()
                        {
                            SystemDataSource = base.ObjectCollector
                        },

                        ObjectCollector = (RegKeyEffectiveRightsObjectCollector)base.ObjectCollector
                    };
            /* { SystemDataSource = base.ObjectCollector } */;
        }
Пример #4
0
        public static FileEffectiveRightsCollector GetInstance(WmiDataProvider wmiDataProvider)
        {
            WmiDataProvider = wmiDataProvider;
            if (Instance == null)
                Instance = new FileEffectiveRightsCollector();

            return Instance;
        }
Пример #5
0
 protected override void ConfigureObjectCollector()
 {
     if (this.ObjectCollector == null)
     {
         var wmiProvider = new WmiDataProvider(((FileConnectionProvider)ConnectionProvider).ConnectionScope);
         var accountProvider = new WindowsUsersProvider(wmiProvider, this.TargetInfo);
         
         ObjectCollector = new UserObjectCollector(accountProvider);
         if (ItemTypeGenerator == null)
             ItemTypeGenerator = new UserItemTypeGenerator(accountProvider);
     }
 }
        private void CheckWmiDataProviderInstance()
        {
            if (this.WmiDataProvider == null)
            {
                var newConnectionScope = this.CreateConnectedManagementScope();
                this.WmiDataProvider = new WmiDataProvider(newConnectionScope);
            }

            if (this.WindowsSecurityDescriptorDisassembler == null)
                this.WindowsSecurityDescriptorDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.SACL);
        }
 public RegistryEntityOperationEvaluator(BaseObjectCollector systemDataSource, WmiDataProvider wmiDataProvider)
 {
     this.systemDataSource = systemDataSource;
     this.wmiDataProvider = wmiDataProvider;
 }
 private void ConfigureCollector()
 {
     this.wmiDataProvider = new WmiDataProvider(this.connectionProvider.ConnectionScope);
     this.systemInformationCollector = new WindowsSystemInformationCollector(wmiDataProvider);
 }
Пример #9
0
        public void Should_be_possible_to_generate_itemTypes_from_objectType_with_PatternMatchOperation_on_key_and_name_entities_at_same_time()
        {
            var objectType = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithOnlyObjects.xml", "oval:modulo:obj:12345");
            var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex("", 2);
            var fakeWmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();
            var itemTypeGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = fakeWmiDataProvider };

            var generatedItems = itemTypeGenerator.GetItemsToCollect(objectType, VariableHelper.CreateEmptyEvaluatedVariables());

            Assert.IsNotNull(generatedItems, "The result of GetItemsToCollect method cannot be null.");
            Assert.AreEqual(4, generatedItems.Count(), "Unexpected generated items type count");
        }
Пример #10
0
        public void Should_be_possible_to_generate_itemTypes_from_objectTypes_with_variables_and_regex()
        {
            string hiveHKLM = eHiveNames.HKEY_LOCAL_MACHINE.ToString();
            string startKey = "SOFTWARE\\Microsoft\\Windows";
            var ovalObject = WindowsTestHelper.GetObjectFromDefinitions("definitionsWithLocalVariable.xml", "oval:modulo:obj:5000");

            var fakeDataSource = WindowsTestHelper.GetDataSourceFakeWithRegex(startKey, 1);
            WmiDataProvider wmiDataProvider = new WmiDataProvider();// new WmiDataProviderFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess();

            VariableValue variable = new VariableValue(ovalObject.id, "oval:org.mitre.oval:var:3000", new List<string>() { "CurrentType" });
            VariablesEvaluated variables = new VariablesEvaluated(new List<VariableValue>() { variable });

            var itemGenerator = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataSource, WmiDataProvider = wmiDataProvider };
            var itemsToCollect = itemGenerator.GetItemsToCollect(ovalObject, variables).Cast<registry_item>();

            Assert.AreEqual(2, itemsToCollect.Count());
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(0), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentBuild", "CurrentType");
            this.AssertGeneratedRegistryItem(itemsToCollect.ElementAt(1), hiveHKLM, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "CurrentType");
        }
Пример #11
0
        private void CreateWmiDataProviderFromWmiItem(wmi_item wmiItem)
        {
            if (this.WmiDataProvider == null)
            {
                var wmiNamespace = String.Format(@"{0}\{1}", this.TargetInfo.GetAddress(), [email protected]);
                var wmiNamespacePath = new System.Management.ManagementPath(wmiNamespace);
                var wmiConnectionOptions = WmiDataProviderFactory.CreateConnectionOptions(this.TargetInfo);
                var wmiManagementScope = new System.Management.ManagementScope(wmiNamespacePath, wmiConnectionOptions);
                wmiManagementScope.Connect();

                this.WmiDataProvider = new WmiDataProvider(wmiManagementScope);
            }
        }
        /// <summary>
        /// Creates a list of WinACEs objects from security descriptor management object.
        /// </summary>
        /// <param name="rootManagementObject">The result of invoked method which returns the Security Descriptor as ManagementBaseObject.</param>
        /// <param name="trusteeName">The username formatted such as: "[DOMAIN]\[USERNAME]". For local users use the machine name on [DOMAIN]</param>
        /// <returns>Returns a List of WMIWinACE objects.</returns>
        public virtual IEnumerable<WMIWinACE> GetSecurityDescriptorsFromManagementObject(object rootManagementObject, string userTrusteeName, WmiDataProvider wmiProvider)
        {
            ManagementBaseObject[] ACLs = this.getACLFromManagementObject((ManagementBaseObject)rootManagementObject);

            var result = new List<WMIWinACE>();
            foreach (var acl in ACLs)
            {
                var aclTrustee = (ManagementBaseObject)acl.Properties["Trustee"].Value;
                if (this.DoesACLBelongToUser(aclTrustee, userTrusteeName, wmiProvider))
                {
                    WMIWinACE newWinACE = new WMIWinACE();
                    newWinACE.AccessMask = this.getPropertyValueAsUnsiggnedInteger(acl, "AccessMask");
                    newWinACE.AceFlags = this.getPropertyValueAsUnsiggnedInteger(acl, "AceFlags");
                    newWinACE.AceType = this.getPropertyValueAsUnsiggnedInteger(acl, "AceType");
                    newWinACE.Trustee = this.getWinTrusteeFromManagementObject(aclTrustee);
                    newWinACE.CalculateFileAccessRightsFromAccessMask();

                    result.Add(newWinACE);
                }
            }

            return result;
        }
Пример #13
0
 public WindowsFileProvider(TargetInfo targetInfo, WmiDataProvider wmiDataProvider) : this(targetInfo)
 {
     this.WmiDataProvider = wmiDataProvider;
 }
Пример #14
0
 private void CreateItemTypeGeneratorInstance()
 {
     if (base.ItemTypeGenerator == null)
     {
         var newWmiDataProvider = new WmiDataProvider(this.WMIConnectionProvider.ConnectionScope);
         var newAccountProvider = new WindowsUsersProvider(newWmiDataProvider, this.TargetInfo);
         base.ItemTypeGenerator = new AccessTokenItemTypeGenerator(newAccountProvider);
     }
 }
 public WindowsSystemInformationCollectorTest()
 {
     this.WmiDataProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestExecutingQueriesForSystemInfo();
     this.FakeTargetInfo = ProbeHelper.CreateFakeTarget("MSS-RJ-215", "MSS", "lcosta", "password");
 }
 public WindowsSystemInformationCollector(WmiDataProvider wmiDataProvider)
 {
     this.wmiDataProvider = wmiDataProvider;
 }
Пример #17
0
 private void WmiProviderMustNotHaveBeenUsed(WmiDataProvider wmiProvider)
 {
     wmiProvider.AssertWasNotCalled<WmiDataProvider>(wmi => wmi.ExecuteWQL(null));
 }
Пример #18
0
 private void CheckIfWmiProviderWasUsedProperly(WmiDataProvider usedWmiProvider, string wqlThatShouldBeUsed)
 {
     usedWmiProvider.AssertWasCalled<WmiDataProvider>(wmi => wmi.ExecuteWQL(wqlThatShouldBeUsed));
 }
Пример #19
0
 private void CreateExpectationForGetGroupComponent(WmiDataProvider fakeWmiProvider, string groupName)
 {
     var fakeWin32GroupUserRecords = new List<WmiObject>();
     var groupComponent = GroupComponent(FAKE_COMPUTER_NAME, groupName);
     var wqlAdministratorsUsers = new WQLBuilder().WithWmiClass("Win32_GroupUser").AddParameter("GroupComponent", groupComponent).Build();
     Expect.Call(fakeWmiProvider.ExecuteWQL(wqlAdministratorsUsers)).Return(new[] { NewWmiObjectForFakeGroupUser("fakeUser") });
 }
Пример #20
0
 public WindowsUsersProvider(WmiDataProvider wmiDataProvider, TargetInfo targetInfo)
 {
     this.WmiProvider = wmiDataProvider;
     this.TargetInfo = targetInfo;
 }
        private bool DoesACLBelongToUser(ManagementBaseObject daclTrustee, string userTrusteeName, WmiDataProvider wmiProvider)
        {
            var winTrustee = this.getWinTrusteeFromManagementObject(daclTrustee);
            if (userTrusteeName.Equals(winTrustee.SIDString))
                return true;

            string username = this.getPropertyValueAsString(daclTrustee, "Name");
            var wql = new WQLBuilder().WithWmiClass("Win32_Account").AddParameter("SID", userTrusteeName).Build();
            var accountName = wmiProvider.ExecuteWQL(wql);

            if ((accountName.Count() > 0) && accountName.First().GetValueOf("Name").ToString().Equals(username, StringComparison.InvariantCultureIgnoreCase))
                return true;

            string userDomain = this.getPropertyValueAsString(daclTrustee, "Domain");
            string[] trusteeParts = userTrusteeName.Split(new string[] { @"\" }, StringSplitOptions.RemoveEmptyEntries);

            bool matchUsername = username.Equals(trusteeParts.Last(), StringComparison.CurrentCultureIgnoreCase);
            bool matchUserDomain = userDomain.Equals(trusteeParts.First(), StringComparison.CurrentCultureIgnoreCase);

            bool isSystemAccount = (userTrusteeName.IndexOf(@"\") < 0);
            return isSystemAccount ? matchUsername : (matchUsername && matchUserDomain);
        }
Пример #22
0
 private void CheckWmiDataProviderInstance()
 {
     if (this.WmiDataProvider == null)
     {
         var managementPath = string.Format(@"\\{0}\root\cimv2", this.TargetInfo.GetAddress());
         this.WmiDataProvider = new WmiDataProvider(new ManagementScope(managementPath));
     }
 }
Пример #23
0
 public WindowsGroupAccountProvider(WmiDataProvider wmiDataProvider, TargetInfo targetInfo)
 {
     this.WmiDataProvider = wmiDataProvider;
     this.TargetInfo = targetInfo;
 }
Пример #24
0
 private void CreateObjectCollector()
 {
     if (base.ObjectCollector == null)
     {
         var wmiConnectionScope = ((FileConnectionProvider)this.ConnectionProvider).ConnectionScope;
         var newWmiProvider = new WmiDataProvider(wmiConnectionScope);
         base.ObjectCollector = new FileEffectiveRights53ObjectCollector() { WmiDataProvider = newWmiProvider };
     }
 }