本文整理汇总了C#中System.Security.AccessControl.CommonSecurityDescriptor.GetSddlForm方法的典型用法代码示例。如果您正苦于以下问题:C# CommonSecurityDescriptor.GetSddlForm方法的具体用法?C# CommonSecurityDescriptor.GetSddlForm怎么用?C# CommonSecurityDescriptor.GetSddlForm使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.Security.AccessControl.CommonSecurityDescriptor的用法示例。
在下文中一共展示了CommonSecurityDescriptor.GetSddlForm方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: AefaModifiedFlagIsStoredOnDiscretionaryAcl
public void AefaModifiedFlagIsStoredOnDiscretionaryAcl ()
{
CommonSecurityDescriptor csd1, csd2;
// Incidentally this shows the DiscretionaryAcl is NOT cloned.
csd1 = new CommonSecurityDescriptor (false, false, ControlFlags.None, null, null, null, null);
csd2 = new CommonSecurityDescriptor (false, false, ControlFlags.None, null, null, null, csd1.DiscretionaryAcl);
Assert.AreSame (csd1.DiscretionaryAcl, csd2.DiscretionaryAcl);
Assert.AreEqual ("", csd1.GetSddlForm (AccessControlSections.Access));
csd2.SetDiscretionaryAclProtection (false, true);
Assert.AreEqual ("D:(A;;0xffffffff;;;WD)", csd1.GetSddlForm (AccessControlSections.Access));
Assert.AreEqual ("D:(A;;0xffffffff;;;WD)", csd2.GetSddlForm (AccessControlSections.Access));
}示例2: BeginProcessing
/// <summary>
///
/// </summary>
/// <exception cref="InvalidOperationException">
/// 1. Either both "AssemblyName" and "ConfigurationTypeName" must be specified
/// or both must not be specified.
/// </exception>
protected override void BeginProcessing()
{
if (isSddlSpecified && showUISpecified)
{
string message = StringUtil.Format(RemotingErrorIdStrings.ShowUIAndSDDLCannotExist,
"SecurityDescriptorSddl",
"ShowSecurityDescriptorUI");
throw new PSInvalidOperationException(message);
}
if (isRunAsCredentialSpecified)
{
WriteWarning(RemotingErrorIdStrings.RunAsSessionConfigurationSecurityWarning);
}
if (isSddlSpecified)
{
// Constructor call should succeed. The sddl is check in the property setter
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor(false, false, sddl);
SecurityIdentifier networkSidIdentifier = new SecurityIdentifier(WellKnownSidType.NetworkSid, null);
bool networkDenyAllExists = false;
foreach (CommonAce ace in descriptor.DiscretionaryAcl)
{
if (ace.AceQualifier.Equals(AceQualifier.AccessDenied) && ace.SecurityIdentifier.Equals(networkSidIdentifier) && ace.AccessMask == 268435456)
{
networkDenyAllExists = true;
break;
}
}
switch (AccessMode)
{
case PSSessionConfigurationAccessMode.Local:
if (!networkDenyAllExists)
{
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, networkSidIdentifier, 268435456, InheritanceFlags.None, PropagationFlags.None);
sddl = descriptor.GetSddlForm(AccessControlSections.All);
}
break;
case PSSessionConfigurationAccessMode.Remote:
if (networkDenyAllExists)
{
// Remove the specific ACE
descriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, networkSidIdentifier, 268435456, InheritanceFlags.None, PropagationFlags.None);
// If the discretionaryAcl becomes empty, add the BA and RM which is the default WinRM behavior
if (descriptor.DiscretionaryAcl.Count == 0)
{
// BA
SecurityIdentifier baSidIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, baSidIdentifier, 268435456, InheritanceFlags.None, PropagationFlags.None);
// Only for Win8+
if (Environment.OSVersion.Version >= new Version(6, 2))
{
// Remote Management Users
SecurityIdentifier rmSidIdentifier = new SecurityIdentifier(RemoteManagementUsersSID);
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, rmSidIdentifier, 268435456, InheritanceFlags.None, PropagationFlags.None);
}
// Interactive Users
SecurityIdentifier iaSidIdentifier = new SecurityIdentifier(InteractiveUsersSID);
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, iaSidIdentifier, 268435456, InheritanceFlags.None, PropagationFlags.None);
}
sddl = descriptor.GetSddlForm(AccessControlSections.All);
}
break;
case PSSessionConfigurationAccessMode.Disabled:
break;
}
}
if (!isSddlSpecified && !showUISpecified)
{
if (AccessMode.Equals(PSSessionConfigurationAccessMode.Local))
{
// If AccessMode is Local or Disabled and no SDDL specified, use the default local SDDL
sddl = GetLocalSddl();
}
else if (AccessMode.Equals(PSSessionConfigurationAccessMode.Remote))
{
// If AccessMode is Remote and no SDDL specified then use the default remote SDDL
sddl = GetRemoteSddl();
}
}
// check if we have compatible WSMan
RemotingCommandUtil.CheckRemotingCmdletPrerequisites();
PSSessionConfigurationCommandUtilities.ThrowIfNotAdministrator();
WSManConfigurationOption wsmanOption = transportOption as WSManConfigurationOption;
if (wsmanOption != null)
{
//.........这里部分代码省略.........
示例3: ComputeSDDLFromConfiguration
/// <summary>
/// Builds a session SDDL based on the provided configuration hashtable.
/// Retrieves RequiredGroups information to add conditional group membership restrictions to SDDL.
/// Retrieves RoleDefinitions information to include role user accounts.
/// </summary>
/// <param name="configTable"></param>
/// <param name="accessMode"></param>
/// <param name="error"></param>
/// <returns>SDDL</returns>
internal static string ComputeSDDLFromConfiguration(
Hashtable configTable,
PSSessionConfigurationAccessMode accessMode,
out ErrorRecord error)
{
Dbg.Assert(configTable != null, "configTable input parameter cannot be null.");
string sddl = string.Empty;
error = null;
// RoleDefinitions
if (configTable.ContainsKey(ConfigFileConstants.RoleDefinitions))
{
// Start with known good security descriptor.
if (accessMode == PSSessionConfigurationAccessMode.Local)
{
sddl = PSSessionConfigurationCommandBase.GetLocalSddl();
}
else if (accessMode == PSSessionConfigurationAccessMode.Remote)
{
sddl = PSSessionConfigurationCommandBase.GetRemoteSddl();
}
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor(false, false, sddl);
// Purge all existing access rules so that only role definition principals are granted access.
List<SecurityIdentifier> sidsToRemove = new List<SecurityIdentifier>();
foreach (CommonAce ace in descriptor.DiscretionaryAcl)
{
sidsToRemove.Add(ace.SecurityIdentifier);
}
foreach (var sidToRemove in sidsToRemove)
{
descriptor.PurgeAccessControl(sidToRemove);
}
Hashtable roleNamesHash = configTable[ConfigFileConstants.RoleDefinitions] as Hashtable;
foreach (object roleName in roleNamesHash.Keys)
{
string roleNameValue = roleName.ToString();
try
{
NTAccount ntAccount = new NTAccount(roleNameValue);
SecurityIdentifier accountSid = (SecurityIdentifier)ntAccount.Translate(typeof(SecurityIdentifier));
// AccessMask = 268435456 == 0x10000000 == GR == Generic Read
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, accountSid, 268435456, InheritanceFlags.None, PropagationFlags.None);
}
catch (IdentityNotMappedException e)
{
string message = StringUtil.Format(RemotingErrorIdStrings.CouldNotResolveRoleDefinitionPrincipal, roleNameValue, e.Message);
InvalidOperationException ioe = new InvalidOperationException(message, e);
error = new ErrorRecord(ioe, "CouldNotResolveRoleDefinitionPrincipal", ErrorCategory.ObjectNotFound, roleNameValue);
}
}
if (descriptor.DiscretionaryAcl.Count > 0)
{
sddl = descriptor.GetSddlForm(AccessControlSections.All);
// RequiredGroups
string conditionalGroupACE = CreateConditionalACEFromConfig(configTable);
if (conditionalGroupACE != null)
{
sddl = UpdateSDDLUsersWithGroupConditional(sddl, conditionalGroupACE);
}
}
}
return sddl;
}示例4: CreateTask
/// <summary>
/// Creates a new task in WTS with information from ScheduledJobDefinition.
/// </summary>
/// <param name="definition">ScheduledJobDefinition</param>
public void CreateTask(
ScheduledJobDefinition definition)
{
if (definition == null)
{
throw new PSArgumentNullException("definition");
}
// Create task definition
ITaskDefinition iTaskDefinition = _taskScheduler.NewTask(0);
// Add task options.
AddTaskOptions(iTaskDefinition, definition.Options);
// Add task triggers.
foreach (ScheduledJobTrigger jobTrigger in definition.JobTriggers)
{
AddTaskTrigger(iTaskDefinition, jobTrigger);
}
// Add task action.
AddTaskAction(iTaskDefinition, definition);
// Create a security descriptor for the current user so that only the user
// (and Local System account) can see/access the registered task.
string startSddl = "D:P(A;;GA;;;SY)(A;;GA;;;BA)"; // DACL Allow Generic Access to System and BUILTIN\Administrators.
System.Security.Principal.SecurityIdentifier userSid =
System.Security.Principal.WindowsIdentity.GetCurrent().User;
CommonSecurityDescriptor SDesc = new CommonSecurityDescriptor(false, false, startSddl);
SDesc.DiscretionaryAcl.AddAccess(AccessControlType.Allow, userSid, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
string sddl = SDesc.GetSddlForm(AccessControlSections.All);
// Register this new task with the Task Scheduler.
if (definition.Credential == null)
{
// Register task to run as currently logged on user.
_iRootFolder.RegisterTaskDefinition(
definition.Name,
iTaskDefinition,
(int)_TASK_CREATION.TASK_CREATE,
null, // User name
null, // Password
_TASK_LOGON_TYPE.TASK_LOGON_S4U,
sddl);
}
else
{
// Register task to run under provided user account/credentials.
_iRootFolder.RegisterTaskDefinition(
definition.Name,
iTaskDefinition,
(int)_TASK_CREATION.TASK_CREATE,
definition.Credential.UserName,
GetCredentialPassword(definition.Credential),
_TASK_LOGON_TYPE.TASK_LOGON_PASSWORD,
sddl);
}
}示例5: GetSddlFormAefaRemovesDacl
public void GetSddlFormAefaRemovesDacl ()
{
CommonSecurityDescriptor csd = new CommonSecurityDescriptor
(false, false, ControlFlags.None, null, null, null, null);
Assert.AreEqual (1, csd.DiscretionaryAcl.Count);
Assert.AreEqual ("", csd.GetSddlForm (AccessControlSections.Access));
Assert.AreEqual (ControlFlags.DiscretionaryAclPresent
| ControlFlags.SelfRelative,
csd.ControlFlags);
Assert.AreSame (csd.DiscretionaryAcl, csd.DiscretionaryAcl);
Assert.AreNotSame (csd.DiscretionaryAcl[0], csd.DiscretionaryAcl[0]);
Assert.AreEqual ("", csd.GetSddlForm (AccessControlSections.Access));
csd.SetDiscretionaryAclProtection (false, true);
Assert.AreEqual ("D:(A;;0xffffffff;;;WD)", csd.GetSddlForm (AccessControlSections.Access));
Assert.AreSame (csd.DiscretionaryAcl, csd.DiscretionaryAcl);
Assert.AreNotSame (csd.DiscretionaryAcl[0], csd.DiscretionaryAcl[0]);
Assert.AreEqual (ControlFlags.DiscretionaryAclPresent
| ControlFlags.SelfRelative,
csd.ControlFlags);
csd.SetDiscretionaryAclProtection (true, true);
Assert.AreEqual (1, csd.DiscretionaryAcl.Count);
Assert.AreEqual ("D:P(A;;0xffffffff;;;WD)", csd.GetSddlForm (AccessControlSections.Access));
Assert.AreEqual (ControlFlags.DiscretionaryAclPresent
| ControlFlags.DiscretionaryAclProtected
| ControlFlags.SelfRelative,
csd.ControlFlags);
csd.SetDiscretionaryAclProtection (false, false);
Assert.AreEqual (1, csd.DiscretionaryAcl.Count);
Assert.AreEqual ("D:(A;;0xffffffff;;;WD)", csd.GetSddlForm (AccessControlSections.Access));
Assert.AreEqual (ControlFlags.DiscretionaryAclPresent
| ControlFlags.SelfRelative,
csd.ControlFlags);
}示例6: BeginProcessing
protected override void BeginProcessing()
{
if (base.isSddlSpecified && base.showUISpecified)
{
throw new PSInvalidOperationException(StringUtil.Format(RemotingErrorIdStrings.ShowUIAndSDDLCannotExist, "SecurityDescriptorSddl", "ShowSecurityDescriptorUI"));
}
if (base.isRunAsCredentialSpecified)
{
base.WriteWarning(RemotingErrorIdStrings.RunAsSessionConfigurationSecurityWarning);
}
if (base.isSddlSpecified)
{
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor(false, false, base.sddl);
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.NetworkSid, null);
bool flag = false;
AceEnumerator enumerator = descriptor.DiscretionaryAcl.GetEnumerator();
while (enumerator.MoveNext())
{
CommonAce current = (CommonAce) enumerator.Current;
if ((current.AceQualifier.Equals(AceQualifier.AccessDenied) && current.SecurityIdentifier.Equals(sid)) && (current.AccessMask == 0x10000000))
{
flag = true;
break;
}
}
switch (base.AccessMode)
{
case PSSessionConfigurationAccessMode.Local:
if (!flag)
{
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
base.sddl = descriptor.GetSddlForm(AccessControlSections.All);
}
break;
case PSSessionConfigurationAccessMode.Remote:
if (flag)
{
descriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
if (descriptor.DiscretionaryAcl.Count == 0)
{
SecurityIdentifier identifier2 = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, identifier2, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
if ((Environment.OSVersion.Version.Major >= 6) && (Environment.OSVersion.Version.Minor >= 2))
{
SecurityIdentifier identifier3 = new SecurityIdentifier("S-1-5-32-580");
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, identifier3, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
}
}
base.sddl = descriptor.GetSddlForm(AccessControlSections.All);
}
break;
}
}
if (!base.isSddlSpecified && !base.showUISpecified)
{
if (base.AccessMode.Equals(PSSessionConfigurationAccessMode.Local))
{
base.sddl = PSSessionConfigurationCommandBase.GetLocalSddl();
base.isSddlSpecified = true;
}
else if (base.AccessMode.Equals(PSSessionConfigurationAccessMode.Remote))
{
base.sddl = PSSessionConfigurationCommandBase.GetRemoteSddl();
base.isSddlSpecified = true;
}
}
RemotingCommandUtil.CheckRemotingCmdletPrerequisites();
PSSessionConfigurationCommandUtilities.ThrowIfNotAdministrator();
WSManConfigurationOption transportOption = base.transportOption as WSManConfigurationOption;
if (((transportOption != null) && transportOption.ProcessIdleTimeoutSec.HasValue) && !base.isUseSharedProcessSpecified)
{
PSInvalidOperationException exception = new PSInvalidOperationException(StringUtil.Format(RemotingErrorIdStrings.InvalidConfigurationXMLAttribute, "ProcessIdleTimeoutSec", "UseSharedProcess"));
base.ThrowTerminatingError(exception.ErrorRecord);
}
}示例7: BeginProcessing
protected override void BeginProcessing()
{
if (base.isUseSharedProcessSpecified)
{
using (PowerShell shell = PowerShell.Create())
{
shell.AddScript(string.Format(CultureInfo.InvariantCulture, @"(get-item 'WSMan::localhost\Plugin\{0}\InitializationParameters\sessiontype' -ErrorAction SilentlyContinue).Value", new object[] { CommandMetadata.EscapeSingleQuotedString(base.Name) }));
Collection<PSObject> collection = shell.Invoke(new object[] { base.Name });
if (collection != null)
{
int count = collection.Count;
}
if (((base.UseSharedProcess == 0) && (collection[0] != null)) && (string.Compare(collection[0].ToString(), "Workflow", StringComparison.OrdinalIgnoreCase) == 0))
{
throw new PSInvalidOperationException(RemotingErrorIdStrings.UseSharedProcessCannotBeFalseForWorkflowSessionType);
}
}
}
if (base.isSddlSpecified && base.showUISpecified)
{
throw new PSInvalidOperationException(StringUtil.Format(RemotingErrorIdStrings.ShowUIAndSDDLCannotExist, "SecurityDescriptorSddl", "ShowSecurityDescriptorUI"));
}
if (base.isRunAsCredentialSpecified)
{
base.WriteWarning(RemotingErrorIdStrings.RunAsSessionConfigurationSecurityWarning);
}
if (base.isSddlSpecified && base.accessModeSpecified)
{
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor(false, false, base.sddl);
SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.NetworkSid, null);
bool flag = false;
AceEnumerator enumerator = descriptor.DiscretionaryAcl.GetEnumerator();
while (enumerator.MoveNext())
{
CommonAce current = (CommonAce) enumerator.Current;
if ((current.AceQualifier.Equals(AceQualifier.AccessDenied) && current.SecurityIdentifier.Equals(sid)) && (current.AccessMask == 0x10000000))
{
flag = true;
break;
}
}
switch (base.AccessMode)
{
case PSSessionConfigurationAccessMode.Local:
if (!flag)
{
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
base.sddl = descriptor.GetSddlForm(AccessControlSections.All);
}
break;
case PSSessionConfigurationAccessMode.Remote:
if (flag)
{
descriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
if (descriptor.DiscretionaryAcl.Count == 0)
{
SecurityIdentifier identifier2 = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, identifier2, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
if ((Environment.OSVersion.Version.Major >= 6) && (Environment.OSVersion.Version.Minor >= 2))
{
SecurityIdentifier identifier3 = new SecurityIdentifier("S-1-5-32-580");
descriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, identifier3, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
}
}
base.sddl = descriptor.GetSddlForm(AccessControlSections.All);
}
break;
}
}
RemotingCommandUtil.CheckRemotingCmdletPrerequisites();
PSSessionConfigurationCommandUtilities.ThrowIfNotAdministrator();
}示例8: CreateTask
public void CreateTask(ScheduledJobDefinition definition)
{
if (definition != null)
{
ITaskDefinition variable = this._taskScheduler.NewTask(0);
this.AddTaskOptions(variable, definition.Options);
foreach (ScheduledJobTrigger jobTrigger in definition.JobTriggers)
{
this.AddTaskTrigger(variable, jobTrigger);
}
this.AddTaskAction(variable, definition);
string str = "D:P(A;;GA;;;SY)(A;;GA;;;BA)";
SecurityIdentifier user = WindowsIdentity.GetCurrent().User;
CommonSecurityDescriptor commonSecurityDescriptor = new CommonSecurityDescriptor(false, false, str);
commonSecurityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, user, 0x10000000, InheritanceFlags.None, PropagationFlags.None);
string sddlForm = commonSecurityDescriptor.GetSddlForm(AccessControlSections.All);
if (definition.Credential != null)
{
this._iRootFolder.RegisterTaskDefinition(definition.Name, variable, 2, definition.Credential.UserName, this.GetCredentialPassword(definition.Credential), _TASK_LOGON_TYPE.TASK_LOGON_PASSWORD, sddlForm);
return;
}
else
{
this._iRootFolder.RegisterTaskDefinition(definition.Name, variable, 2, null, null, _TASK_LOGON_TYPE.TASK_LOGON_S4U, sddlForm);
return;
}
}
else
{
throw new PSArgumentNullException("definition");
}
}