private WMIWinACE GetRegistryKeyACLForUser(string hive, string key, string trusteeSID)
{
var hiveID = (RegistryHive)RegistryHelper.GetHiveKeyIdFromHiveName(hive);
var collectedUserDACL =
AccessControlListProvider
.GetRegistryKeyEffectiveRights(this.TargetInfo, hiveID, key, trusteeSID);
var daclDissambler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
return(daclDissambler.GetSecurityDescriptorFromAccessMask(collectedUserDACL));
}
public void Should_be_possible_to_disassembly_windows_security_descriptor()
{
var winACLDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
var winACE = winACLDisassembler.GetSecurityDescriptorFromAccessMask(KEY_CREATE_LINK_PERMISSION);
Assert.IsTrue(winACE.KEY_CREATE_LINK, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_LINK"));
Assert.IsFalse(winACE.KEY_CREATE_SUB_KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_SUB_KEY"));
Assert.IsFalse(winACE.KEY_ENUMERATE_SUB_KEYS, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_ENUMERATE_SUB_KEYS"));
Assert.IsFalse(winACE.KEY_NOTIFY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_NOTIFY"));
Assert.IsFalse(winACE.KEY_QUERY_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_QUERY_VALUE"));
Assert.IsFalse(winACE.KEY_SET_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_SET_VALUE"));
Assert.IsFalse(winACE.KEY_WOW64_32KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_32KEY"));
Assert.IsFalse(winACE.KEY_WOW64_64KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_64KEY"));
}
private WMIWinACE GetRegistryKeyACLForUser(string hive, string key, string trusteeSID)
{
var hiveID = (RegistryHive)RegistryHelper.GetHiveKeyIdFromHiveName(hive);
var collectedUserDACL =
AccessControlListProvider
.GetRegistryKeyEffectiveRights(this.TargetInfo, hiveID, key, trusteeSID);
var daclDissambler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
return daclDissambler.GetSecurityDescriptorFromAccessMask(collectedUserDACL);
}
public void Should_be_possible_to_disassembly_windows_security_descriptor()
{
var winACLDisassembler = new WindowsSecurityDescriptorDisassembler(SecurityDescriptorType.DACL);
var winACE = winACLDisassembler.GetSecurityDescriptorFromAccessMask(KEY_CREATE_LINK_PERMISSION);
Assert.IsTrue(winACE.KEY_CREATE_LINK, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_LINK"));
Assert.IsFalse(winACE.KEY_CREATE_SUB_KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_CREATE_SUB_KEY"));
Assert.IsFalse(winACE.KEY_ENUMERATE_SUB_KEYS, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_ENUMERATE_SUB_KEYS"));
Assert.IsFalse(winACE.KEY_NOTIFY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_NOTIFY"));
Assert.IsFalse(winACE.KEY_QUERY_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_QUERY_VALUE"));
Assert.IsFalse(winACE.KEY_SET_VALUE, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_SET_VALUE"));
Assert.IsFalse(winACE.KEY_WOW64_32KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_32KEY"));
Assert.IsFalse(winACE.KEY_WOW64_64KEY, string.Format(UNEXPECTED_REGISTRY_KEY_PERMISSION, "KEY_WOW64_64KEY"));
}