public override void Init()
{
FilesystemCell.InitOpenDirectoriesList();
if (!WindowsUsersAndGroups.ExistsGroup(prisonRestrictionsGroup))
{
WindowsUsersAndGroups.CreateGroup(prisonRestrictionsGroup);
// Take ownership of c:\Windows\System32\spool\drivers\color folder
FilesystemCell.TakeOwnership(Environment.UserName, @"c:\Windows\System32\spool\drivers\color");
// Take ownership of c:\windows\tracing folder
FilesystemCell.TakeOwnership(Environment.UserName, @"c:\windows\tracing");
// Remove access to c:\Windows\tracing
FilesystemCell.AddCreateSubdirDenyRule(prisonRestrictionsGroup, @"c:\windows\tracing");
// Remove file write access to c:\Users\Public
FilesystemCell.AddCreateFileDenyRule(prisonRestrictionsGroup, @"c:\windows\tracing", true);
// Remove access to c:\ProgramData
FilesystemCell.AddCreateSubdirDenyRule(prisonRestrictionsGroup, @"c:\ProgramData");
// Remove file write access to c:\Users\Public
FilesystemCell.AddCreateFileDenyRule(prisonRestrictionsGroup, @"c:\ProgramData", true);
// Remove directory create access to c:\Users\All Users
FilesystemCell.AddCreateSubdirDenyRule(prisonRestrictionsGroup, @"c:\Users\All Users", true);
// Remove file write access to c:\Users\Public\All Users
FilesystemCell.AddCreateFileDenyRule(prisonRestrictionsGroup, @"c:\Users\All Users", true);
// Remove directory create access to c:\Users\Public
FilesystemCell.AddCreateSubdirDenyRule(prisonRestrictionsGroup, @"c:\Users\Public", true);
// Remove file write access to c:\Users\Public\Public
FilesystemCell.AddCreateFileDenyRule(prisonRestrictionsGroup, @"c:\Users\Public", true);
//// Remove directory create & file create access to profile dir
//FilesystemCell.AddCreateSubdirDenyRule(prisonRestrictionsGroup, Path.Combine(@"c:\Users", prisonRestrictionsGroup), true);
//FilesystemCell.AddCreateFileDenyRule(prisonRestrictionsGroup, Path.Combine(@"c:\Users", prisonRestrictionsGroup), true);
// Remove access to other open directories
foreach (string directory in FilesystemCell.OpenDirs)
{
try
{
if (!directory.ToLower().StartsWith(prisonRestrictionsGroup))
{
// Remove directory create access
FilesystemCell.AddCreateSubdirDenyRule(prisonRestrictionsGroup, directory);
// Remove file write access
FilesystemCell.AddCreateFileDenyRule(prisonRestrictionsGroup, directory);
}
}
catch
{
}
}
}
}
public void Destroy()
{
this.TerminateProcesses();
if (this.createInfo.NetworkOutboundRateLimitBitsPerSecond > 0)
{
NetworkQos.RemoveOutboundThrottlePolicy(this.WindowsUsername);
if (this.createInfo.UrlPortAccess > 0)
{
NetworkQos.RemoveOutboundThrottlePolicy(this.createInfo.UrlPortAccess.ToString());
}
}
if (this.createInfo.UrlPortAccess > 0)
{
UrlsAcl.RemovePortAccess(this.createInfo.UrlPortAccess);
}
UserImpersonator.DeleteUserProfile(this.WindowsUsername, "");
WindowsUsersAndGroups.DeleteUser(this.WindowsUsername);
if (this.jobObject != null)
{
jobObject.Dispose();
jobObject = null;
}
this.Created = false;
}
public override void Apply(Prison prison)
{
if (prison == null)
{
throw new ArgumentNullException("prison");
}
WindowsUsersAndGroups.AddUserToGroup(prison.User.UserName, prisonRestrictionsGroup);
if (Directory.Exists(prison.PrisonHomePath))
{
prison.User.Profile.UnloadUserProfileUntilReleased();
Directory.Delete(prison.PrisonHomePath, true);
}
Directory.CreateDirectory(prison.PrisonHomePath);
DirectoryInfo deploymentDirInfo = new DirectoryInfo(prison.PrisonHomePath);
DirectorySecurity deploymentDirSecurity = deploymentDirInfo.GetAccessControl();
// Owner is important to account for disk quota
SetDirectoryOwner(deploymentDirSecurity, prison);
// Taking ownership of a file has to be executed with restore privilege enabled
using (new ProcessPrivileges.PrivilegeEnabler(Process.GetCurrentProcess(), ProcessPrivileges.Privilege.Restore))
{
deploymentDirInfo.SetAccessControl(deploymentDirSecurity);
}
}
public static string CreateDecoratedUser(string id, string password)
{
var windowsUsername = GenerateDecoratedUsername(id);
WindowsUsersAndGroups.CreateUser(windowsUsername, password, GenrateUserDescription(id));
return(windowsUsername);
}
// Check if the profile is loaded.
// This is useful to load the profile only once.
public bool IsProfileLoaded()
{
var userSid = WindowsUsersAndGroups.GetLocalUserSid(this.prisonUser.UserName);
// If a profile is loaded the Registry hive will be loaded in HKEY_USERS\{User-SID}
var res = Registry.Users.GetSubKeyNames().Contains(userSid);
return(res);
}
public override void Lockdown(Prison prison)
{
WindowsUsersAndGroups.AddUserToGroup(prison.User.Username, prisonRestrictionsGroup);
if (Directory.Exists(prison.Rules.PrisonHomePath))
{
Directory.Delete(prison.Rules.PrisonHomePath, true);
}
Directory.CreateDirectory(prison.Rules.PrisonHomePath);
DirectoryInfo deploymentDirInfo = new DirectoryInfo(prison.Rules.PrisonHomePath);
DirectorySecurity deploymentDirSecurity = deploymentDirInfo.GetAccessControl();
// Owner is important to account for disk quota
deploymentDirSecurity.SetOwner(new NTAccount(prison.User.Username));
deploymentDirSecurity.SetAccessRule(
new FileSystemAccessRule(
prison.User.Username,
FileSystemRights.AppendData |
FileSystemRights.ChangePermissions |
FileSystemRights.CreateDirectories |
FileSystemRights.CreateFiles |
FileSystemRights.Delete |
FileSystemRights.DeleteSubdirectoriesAndFiles |
FileSystemRights.ExecuteFile |
FileSystemRights.FullControl |
FileSystemRights.ListDirectory |
FileSystemRights.Modify |
FileSystemRights.Read |
FileSystemRights.ReadAndExecute |
FileSystemRights.ReadAttributes |
FileSystemRights.ReadData |
FileSystemRights.ReadExtendedAttributes |
FileSystemRights.ReadPermissions |
FileSystemRights.Synchronize |
FileSystemRights.TakeOwnership |
FileSystemRights.Traverse |
FileSystemRights.Write |
FileSystemRights.WriteAttributes |
FileSystemRights.WriteData |
FileSystemRights.WriteExtendedAttributes,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None | PropagationFlags.InheritOnly,
AccessControlType.Allow));
// Taking ownership of a file has to be executed with0-031233332xpw0odooeoooooooooooooooooooooooooooooooooooooooooooooooooooooooooo restore privilege elevated privilages
using (new ProcessPrivileges.PrivilegeEnabler(Process.GetCurrentProcess(), ProcessPrivileges.Privilege.Restore))
{
deploymentDirInfo.SetAccessControl(deploymentDirSecurity);
}
}
/// <summary>
/// This should be a replacement for UnloadUserProfile (http://msdn.microsoft.com/en-us/library/windows/desktop/bb762282%28v=vs.85%29.aspx)
/// UnloadUserProfile cannot be invoked because the hProfile handle may not be available.
/// </summary>
public void UnloadUserProfile()
{
var userSid = WindowsUsersAndGroups.GetLocalUserSid(this.prisonUser.UserName);
var userHive = Registry.Users.OpenSubKey(userSid);
userHive.Handle.SetHandleAsInvalid();
if (!NativeMethods.UnloadUserProfile(this.prisonUser.LogonToken.DangerousGetHandle(), userHive.Handle.DangerousGetHandle()))
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
public void Delete()
{
if (!this.created)
{
throw new InvalidOperationException("This user has not been created yet.");
}
if (!WindowsUsersAndGroups.ExistsUser(this.username))
{
throw new InvalidOperationException("Cannot find this windows user.");
}
WindowsUsersAndGroups.DeleteUser(this.username);
}
public void Create()
{
if (this.created)
{
throw new InvalidOperationException("This user has already been created.");
}
if (WindowsUsersAndGroups.ExistsUser(this.username))
{
throw new InvalidOperationException("This windows user already exists.");
}
WindowsUsersAndGroups.CreateUser(this.username, this.password);
Persistence.SaveValue("prison_users", this.username, this.password);
this.created = true;
}
public override void Apply(Prison prison)
{
if (prison == null)
{
throw new ArgumentNullException("prison");
}
if (WindowsUsersAndGroups.ExistsGroup(IISGroupName))
{
WindowsUsersAndGroups.AddUserToGroup(prison.User.UserName, IISGroupName);
}
else
{
Logger.Warning("Prison {0} not added to IIS Users group {1}. The group was not found.", prison.Id, IISGroupName);
}
}
public void BasicTest()
{
string rnd = (DateTime.Now.Ticks % 100).ToString();
string userbase = "UhuruTestUser" + rnd;
string user1 = userbase + "1";
string user2 = userbase + "2";
string groupbase = "UhuruTestGroup" + rnd;
string group1 = groupbase + "1";
string group2 = groupbase + "2";
// test users
WindowsUsersAndGroups.CreateUser(user1, "test1234#");
WindowsUsersAndGroups.CreateUser(user2, "test1234#", "Delete me pls...");
using (new UserImpersonator(user2, "", "test1234#", true))
{
}
UserImpersonator.DeleteUserProfile(user2, "");
Assert.IsTrue(WindowsUsersAndGroups.ExistsUser(user2));
Assert.IsTrue(WindowsUsersAndGroups.GetUsers().Contains(user2));
WindowsUsersAndGroups.DeleteUser(user2);
Assert.IsFalse(WindowsUsersAndGroups.GetUsers().Contains(user2));
Assert.IsFalse(WindowsUsersAndGroups.ExistsUser(user2));
// test groups
WindowsUsersAndGroups.CreateGroup(group1);
WindowsUsersAndGroups.CreateGroup(group2, "delete me too...");
Assert.IsTrue(WindowsUsersAndGroups.ExistsGroup(group2));
Assert.IsTrue(WindowsUsersAndGroups.GetGroups().Contains(group2));
WindowsUsersAndGroups.DeleteGroup(group2);
Assert.IsFalse(WindowsUsersAndGroups.GetGroups().Contains(group2));
Assert.IsFalse(WindowsUsersAndGroups.ExistsGroup(group2));
// test users and groups
Assert.IsFalse(WindowsUsersAndGroups.IsUserMemberOfGroup(user1, group1));
WindowsUsersAndGroups.AddUserToGroup(user1, group1);
Assert.IsTrue(WindowsUsersAndGroups.IsUserMemberOfGroup(user1, group1));
WindowsUsersAndGroups.RemoveUserFromGroup(user1, group1);
Assert.IsFalse(WindowsUsersAndGroups.IsUserMemberOfGroup(user1, group1));
WindowsUsersAndGroups.DeleteGroup(group1);
WindowsUsersAndGroups.DeleteUser(user1);
}
public void CreateVirtualDirectory()
{
string name = Guid.NewGuid().ToString("N");
string testDir = Path.Combine(Path.GetTempPath(), name);
Directory.CreateDirectory(testDir);
string username = Uhuru.Utilities.Credentials.GenerateCredential(5);
string groupname = Uhuru.Utilities.Credentials.GenerateCredential(5);
string password = "******";
string decoratedUsername = Uhuru.Utilities.WindowsVCAPUsers.CreateDecoratedUser(username, password);
WindowsUsersAndGroups.CreateGroup(groupname, "Delete me. Uhuru test.");
int port = Uhuru.Utilities.NetworkInterface.GrabEphemeralPort();
FtpUtilities.CreateFtpSite(name, testDir, port);
Assert.IsFalse(FtpUtilities.HasUserAccess(name, decoratedUsername));
Assert.IsFalse(FtpUtilities.HasGroupAccess(name, groupname));
FtpUtilities.AddUserAccess(name, decoratedUsername);
FtpUtilities.AddGroupAccess(name, groupname);
Assert.IsTrue(FtpUtilities.HasUserAccess(name, decoratedUsername));
Assert.IsTrue(FtpUtilities.HasGroupAccess(name, groupname));
FtpUtilities.DeleteUserAccess(name, decoratedUsername);
FtpUtilities.DeleteGroupAccess(name, groupname);
Assert.IsTrue(FtpUtilities.Exists(name));
Assert.IsTrue(FtpUtilities.GetFtpSties().Contains(name));
Assert.IsFalse(FtpUtilities.HasUserAccess(name, decoratedUsername));
Assert.IsFalse(FtpUtilities.HasGroupAccess(name, groupname));
FtpUtilities.DeleteFtpSite(name);
Assert.IsFalse(FtpUtilities.Exists(name));
Assert.IsFalse(FtpUtilities.GetFtpSties().Contains(name));
WindowsUsersAndGroups.DeleteGroup(groupname);
Uhuru.Utilities.WindowsVCAPUsers.DeleteDecoratedBasedUser(username);
}
public override void Apply(Prison prison)
{
try
{
var hklm = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64);
string sqlPath = hklm.OpenSubKey(@"SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\Setup", true).GetValue("SQLPath", string.Empty).ToString();
if (!string.IsNullOrWhiteSpace(sqlPath) && Directory.Exists(sqlPath))
{
AllowReadOfBaseMSSQLInstance(sqlPath, prison);
string instanceName = string.Format("Instance{0}", prison.Rules.UrlPortAccess);
hklm.OpenSubKey(@"SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL", true).SetValue(instanceName, string.Format("MSSQL10_50.{0}", instanceName), RegistryValueKind.String);
string instanceRegistryKey1 = string.Format(@"SOFTWARE\Microsoft\Microsoft SQL Server\{0}", instanceName);
hklm.CreateSubKey(instanceRegistryKey1);
string instanceRegistryKey2 = string.Format(@"SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.{0}", instanceName);
hklm.CreateSubKey(instanceRegistryKey2);
string instanceRegistryKey3 = string.Format(@"SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server\{0}", instanceName);
hklm.CreateSubKey(instanceRegistryKey3);
//HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters
// Give registry access
this.GrantRegistryAccess(instanceRegistryKey1, prison);
this.GrantRegistryAccess(instanceRegistryKey2, prison);
this.GrantRegistryAccess(instanceRegistryKey3, prison);
this.GrantRegistryAccess(@"SYSTEM\CurrentControlSet\Services\WinSock2\Parameters", prison);
this.GrantRegistryAccess(@"Software", prison);
}
//HKU\.DEFAULT\Software\Microsoft\SystemCertificates\MY
// TODO: assign each privilege manually instead
WindowsUsersAndGroups.AddUserToGroup(prison.User.Username, string.Format(MSSQLGroupName, System.Environment.MachineName));
}
catch (Exception ex)
{
Logger.Error("There was an error while applying MsSqlInstance Prison Rule: {0} - {1}", ex.Message, ex.StackTrace);
throw;
}
}
/// <summary>
/// This should be a replacement for UnloadUserProfile (http://msdn.microsoft.com/en-us/library/windows/desktop/bb762282%28v=vs.85%29.aspx)
/// UnloadUserProfile cannot be invoked because the hProfile handle may not be available.
/// </summary>
private void UnloadUserProfile()
{
InitializeLogonToken();
var userSid = WindowsUsersAndGroups.GetLocalUserSid(this.User.Username);
var usersHive = Registry.Users.Handle.DangerousGetHandle();
var userHive = Registry.Users.OpenSubKey(userSid);
userHive.Handle.SetHandleAsInvalid();
var res = Native.UnloadUserProfile(logonToken.DangerousGetHandle(), userHive.Handle.DangerousGetHandle());
if (res == false)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
}
public void Create()
{
if (this.created)
{
throw new InvalidOperationException("This user has already been created.");
}
if (WindowsUsersAndGroups.UserExists(this.username))
{
throw new InvalidOperationException("This windows user already exists.");
}
WindowsUsersAndGroups.CreateUser(this.username, this.password);
this.userSID = WindowsUsersAndGroups.GetLocalUserSid(this.username);
this.created = true;
}
public void Create()
{
if (this.created)
{
throw new InvalidOperationException("This user has already been created.");
}
if (WindowsUsersAndGroups.ExistsUser(this.username))
{
throw new InvalidOperationException("This windows user already exists.");
}
WindowsUsersAndGroups.CreateUser(this.username, this.password);
this.userSID = new NTAccount(null, this.username).Translate(typeof(SecurityIdentifier)).Value;
Persistence.SaveValue("prison_users", this.username, this.password);
this.created = true;
}
public override void Init()
{
if (!WindowsUsersAndGroups.ExistsGroup(prisonRestrictionsGroup))
{
WindowsUsersAndGroups.CreateGroup(prisonRestrictionsGroup, "Members of this group are users used to sandbox Windows Prison Containers");
}
string windowsFolder = Environment.GetFolderPath(Environment.SpecialFolder.Windows);
string windowsRoot = Directory.GetDirectoryRoot(windowsFolder);
string publicDocumentsPath = Environment.GetFolderPath(Environment.SpecialFolder.CommonDocuments);
var publicDocumentsDirectory = new DirectoryInfo(publicDocumentsPath);
string publicPath = publicDocumentsDirectory.Parent.FullName;
string[] offLimitsDirectories = new string[]
{
windowsRoot,
Environment.GetFolderPath(Environment.SpecialFolder.CommonProgramFiles),
Environment.GetFolderPath(Environment.SpecialFolder.CommonProgramFilesX86),
Environment.GetFolderPath(Environment.SpecialFolder.Fonts),
Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData),
Path.Combine(windowsFolder, "tracing"),
publicPath,
Environment.GetFolderPath(Environment.SpecialFolder.CommonAdminTools),
Environment.GetFolderPath(Environment.SpecialFolder.CommonDesktopDirectory),
Environment.GetFolderPath(Environment.SpecialFolder.CommonDocuments),
Environment.GetFolderPath(Environment.SpecialFolder.CommonMusic),
Environment.GetFolderPath(Environment.SpecialFolder.CommonOemLinks),
Environment.GetFolderPath(Environment.SpecialFolder.CommonPictures),
Environment.GetFolderPath(Environment.SpecialFolder.CommonPrograms),
Environment.GetFolderPath(Environment.SpecialFolder.CommonStartMenu),
Environment.GetFolderPath(Environment.SpecialFolder.CommonStartup),
Environment.GetFolderPath(Environment.SpecialFolder.CommonTemplates),
Environment.GetFolderPath(Environment.SpecialFolder.CommonVideos),
};
foreach (string dir in offLimitsDirectories)
{
Filesystem.AddCreateSubdirDenyRule(prisonRestrictionsGroup, dir, false);
Filesystem.AddCreateFileDenyRule(prisonRestrictionsGroup, dir, false);
}
}
public override void Apply(Prison prison)
{
WindowsUsersAndGroups.AddUserToGroup(prison.User.Username, prisonRestrictionsGroup);
if (Directory.Exists(prison.Rules.PrisonHomePath))
{
Directory.Delete(prison.Rules.PrisonHomePath, true);
}
Directory.CreateDirectory(prison.Rules.PrisonHomePath);
DirectoryInfo deploymentDirInfo = new DirectoryInfo(prison.Rules.PrisonHomePath);
DirectorySecurity deploymentDirSecurity = deploymentDirInfo.GetAccessControl();
// Owner is important to account for disk quota
SetDirectoryOwner(deploymentDirSecurity, prison);
// Taking ownership of a file has to be executed with0-031233332xpw0odooeoooooooooooooooooooooooooooooooooooooooooooooooooooooooooo restore privilege elevated privilages
using (new ProcessPrivileges.PrivilegeEnabler(Process.GetCurrentProcess(), ProcessPrivileges.Privilege.Restore))
{
deploymentDirInfo.SetAccessControl(deploymentDirSecurity);
}
}
public static PrisonUser[] ListUsers()
{
List <PrisonUser> result = new List <PrisonUser>();
string[] allUsers = WindowsUsersAndGroups.GetUsers();
foreach (string user in allUsers)
{
if (user.StartsWith(PrisonUser.GlobalPrefix))
{
string password = (string)Persistence.ReadValue("prison_users", user);
// If we can't find the user's password, ignore the account
if (!string.IsNullOrWhiteSpace(password))
{
result.Add(new PrisonUser(PrisonUser.GetUsernamePrefix(user), user, password, true));
}
}
}
return(result.ToArray());
}
static void Main(string[] args)
{
Console.WriteLine("--- PrisonProcess REPL ---\n");
Console.WriteLine("Use the following keys:");
Console.WriteLine("\tc: Create a new cmd prison");
Console.WriteLine("\tn: Create a new notepad prison");
Console.WriteLine("\td: Destroy all prissons");
Console.WriteLine("\tq: Quit");
List <ProcessPrison> prisonss = new List <ProcessPrison>();
DiskQuotaManager.StartQuotaInitialization();
while (!DiskQuotaManager.IsQuotaInitialized())
{
Thread.Sleep(100);
}
var usersDesc = WindowsUsersAndGroups.GetUsersDescription();
foreach (var desc in usersDesc.Values)
{
try
{
var id = ProcessPrison.GetIdFromUserDescription(desc);
var ppci = new ProcessPrisonCreateInfo();
ppci.Id = id;
ppci.TotalPrivateMemoryLimitBytes = 128 * 1024 * 1024;
ppci.DiskQuotaBytes = 128 * 1024 * 1024;
ppci.DiskQuotaPath = @"C:\Users\Public";
// Cannot impersonate the user to create new processes or access the user's env.
ppci.WindowsPassword = "******";
var pp = new ProcessPrison();
pp.Attach(ppci);
prisonss.Add(pp);
}
catch (ArgumentException)
{
}
}
while (true)
{
var key = Console.ReadKey();
if (key.Key == ConsoleKey.Q && key.Modifiers == ConsoleModifiers.Shift)
{
break;
}
switch (key.Key)
{
case ConsoleKey.C:
{
var ppci = new ProcessPrisonCreateInfo();
ppci.TotalPrivateMemoryLimitBytes = 128 * 1000 * 1000;
ppci.DiskQuotaBytes = 128 * 1024 * 1024;
ppci.DiskQuotaPath = @"C:\Users\Public";
ppci.NetworkOutboundRateLimitBitsPerSecond = 80 * 1000;
var pp = new ProcessPrison();
pp.Create(ppci);
pp.SetUsersEnvironmentVariable("prison", pp.Id);
var ri = new ProcessPrisonRunInfo();
ri.Interactive = true;
ri.FileName = @"C:\Windows\System32\cmd.exe";
ri.Arguments = String.Format(" /k title {1} & echo Wedcome to prisson {0}. & echo Running under user {1} & echo Private virtual memory limit: {2} B", pp.Id, pp.WindowsUsername, ppci.TotalPrivateMemoryLimitBytes);
ri.Arguments += " & echo. & echo Cmd bomb for memory test: & echo 'set loop=cmd /k ^%loop^%' & echo 'cmd /k %loop%'";
ri.Arguments += " & echo. & echo Ruby file server for network test: & echo 'rackup -b 'run Rack::Directory.new(\"\")''";
pp.RunProcess(ri);
prisonss.Add(pp);
}
break;
case ConsoleKey.N:
{
var ppci = new ProcessPrisonCreateInfo();
ppci.TotalPrivateMemoryLimitBytes = 128 * 1024 * 1024;
ppci.DiskQuotaBytes = 128 * 1024 * 1024;
ppci.DiskQuotaPath = @"C:\Users\Public";
var pp = new ProcessPrison();
pp.Create(ppci);
pp.SetUsersEnvironmentVariable("prison", pp.Id);
var ri = new ProcessPrisonRunInfo();
ri.Interactive = true;
ri.FileName = @"C:\Windows\System32\notepad.exe";
pp.RunProcess(ri);
prisonss.Add(pp);
}
break;
case ConsoleKey.D:
foreach (var prison in prisonss)
{
prison.Destroy();
}
prisonss.Clear();
break;
case ConsoleKey.Q:
return;
}
}
var createInfo = new ProcessPrisonCreateInfo();
var p = new ProcessPrison();
p.Create(createInfo);
var envs = p.GetUsersEnvironmentVariables();
var runInfo = new ProcessPrisonRunInfo();
runInfo.Interactive = false;
runInfo.FileName = @"C:\Windows\System32\cmd.exe";
runInfo.FileName = @"C:\Windows\System32\PING.EXE";
// runInfo.Arguments = @"/c echo %PATH% & ping 10.0.0.10" ;
runInfo.Arguments = @" /k rackup -b ""run lambda {|env| [200, {'Content-Type'=>'text/html'}, 'Hello World']}"" -P 2345";
runInfo.Arguments = " 10.0.0.10 -t";
runInfo.WorkingDirectory = @"C:\Users\Public";
runInfo.FileName = @"C:\Windows\System32\mspaint.exe";
runInfo.Arguments = "";
p.RunProcess(runInfo);
//p.RunProcess(@"C:\Windows\System32\mspaint.exe");
Console.ReadKey();
p.Destroy();
}
public void StressTest()
{
int n = 200;
string rnd = (DateTime.Now.Ticks % 100).ToString();
string userbase = "UTestUser" + rnd;
string user1 = userbase + "1";
string user2 = userbase + "2";
string groupbase = "UTestGroup" + rnd;
string group1 = groupbase + "1";
string group2 = groupbase + "2";
for (int i = 0; i < n; i++)
{
WindowsUsersAndGroups.CreateUser(user1 + i.ToString(), "test1234#");
WindowsUsersAndGroups.CreateUser(user2 + i.ToString(), "test1234#", "Delete me pls...");
WindowsUsersAndGroups.DeleteUser(user2 + i.ToString());
WindowsUsersAndGroups.CreateGroup(group1 + i.ToString());
WindowsUsersAndGroups.CreateGroup(group2 + i.ToString(), "delete me too...");
WindowsUsersAndGroups.DeleteGroup(group2 + i.ToString());
}
for (int i = 0; i < n; i++)
{
Assert.IsFalse(WindowsUsersAndGroups.IsUserMemberOfGroup(user1 + i.ToString(), group1 + i.ToString()));
WindowsUsersAndGroups.AddUserToGroup(user1 + i.ToString(), group1 + i.ToString());
Assert.IsTrue(WindowsUsersAndGroups.IsUserMemberOfGroup(user1 + i.ToString(), group1 + i.ToString()));
WindowsUsersAndGroups.RemoveUserFromGroup(user1 + i.ToString(), group1 + i.ToString());
Assert.IsFalse(WindowsUsersAndGroups.IsUserMemberOfGroup(user1 + i.ToString(), group1 + i.ToString()));
}
bool fail = false;
Exception ex = null;
for (int i = 0; i < n; i++)
{
try
{
WindowsUsersAndGroups.DeleteGroup(group1 + i.ToString());
}
catch (Exception e)
{
ex = e;
fail = true;
}
try
{
WindowsUsersAndGroups.DeleteUser(user1 + i.ToString());
}
catch (Exception e)
{
ex = e;
fail = true;
}
}
if (fail)
{
throw ex;
}
}
public override void Apply(Prison prison)
{
WindowsUsersAndGroups.AddUserToGroup(prison.User.Username, IISGroupName);
}
