本文整理汇总了C#中System.Security.AccessControl.RawAcl.InsertAce方法的典型用法代码示例。如果您正苦于以下问题:C# RawAcl.InsertAce方法的具体用法?C# RawAcl.InsertAce怎么用?C# RawAcl.InsertAce使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.Security.AccessControl.RawAcl的用法示例。
在下文中一共展示了RawAcl.InsertAce方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: AddAccessFailsOnNonCanonical
public void AddAccessFailsOnNonCanonical ()
{
SecurityIdentifier sid = new SecurityIdentifier ("BU");
RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
acl.InsertAce (0, new CommonAce (AceFlags.None, AceQualifier.AccessAllowed, 1, sid, false, null));
acl.InsertAce (1, new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 1, sid, false, null));
DiscretionaryAcl dacl = new DiscretionaryAcl (false, false, acl);
Assert.IsFalse (dacl.IsCanonical);
Assert.AreEqual (2, dacl.Count);
dacl.AddAccess (AccessControlType.Allow, sid, 1, InheritanceFlags.None, PropagationFlags.None);
}示例2: BuildSecurityDescriptor
private void BuildSecurityDescriptor()
{
NTAccount account;
SecurityIdentifier identifier;
CommonAce ace;
RawAcl rawAcl = new RawAcl(GenericAcl.AclRevision, 1);
int index = 0;
if (this.operationRoleMembers != null)
{
foreach (string str in this.operationRoleMembers)
{
account = new NTAccount(str);
identifier = (SecurityIdentifier) account.Translate(typeof(SecurityIdentifier));
ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
rawAcl.InsertAce(index, ace);
index++;
}
}
if (this.contractRoleMembers != null)
{
foreach (string str2 in this.contractRoleMembers)
{
account = new NTAccount(str2);
identifier = (SecurityIdentifier) account.Translate(typeof(SecurityIdentifier));
ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
rawAcl.InsertAce(index, ace);
index++;
}
}
if (this.serviceRoleMembers != null)
{
foreach (string str3 in this.serviceRoleMembers)
{
account = new NTAccount(str3);
identifier = (SecurityIdentifier) account.Translate(typeof(SecurityIdentifier));
ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, 1, identifier, false, null);
rawAcl.InsertAce(index, ace);
index++;
}
}
DiscretionaryAcl discretionaryAcl = new DiscretionaryAcl(true, false, rawAcl);
this.securityDescriptor = new CommonSecurityDescriptor(true, false, ControlFlags.DiscretionaryAclPresent, sidAdministrators, sidAdministrators, null, discretionaryAcl);
}示例3: IndexerMakesCopies
public void IndexerMakesCopies ()
{
// This behavior is mentioned in the DiscretionaryAcl RawAcl constructor overload.
// Turns out it applies to more than just the constructor.
SecurityIdentifier worldSid = new SecurityIdentifier ("WD");
// RawAcl does not make copies.
RawAcl acl = new RawAcl (RawAcl.AclRevision, 1);
CommonAce ace = new CommonAce (AceFlags.SuccessfulAccess, AceQualifier.SystemAudit, 1, worldSid, false, null);
acl.InsertAce (0, ace);
Assert.AreSame (acl [0], acl [0]);
// CommonAcl does.
SystemAcl sacl = new SystemAcl (false, false, acl);
Assert.AreNotSame (sacl [0], sacl [0]);
// Make sure the copying occurs in the constructor as well as the indexer.
ace.AceFlags = AceFlags.FailedAccess;
Assert.AreEqual (AceFlags.SuccessfulAccess, sacl [0].AceFlags);
}示例4: CreateRoundtripRawAcl
static RawAcl CreateRoundtripRawAcl ()
{
SecurityIdentifier sid = new SecurityIdentifier (WellKnownSidType.BuiltinUsersSid, null);
Assert.AreEqual (16, sid.BinaryLength);
GenericAce[] aces = new GenericAce[] {
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 1, sid,
ObjectAceFlags.ObjectAceTypePresent,
Guid.Empty, Guid.Empty, false, new byte[8]),
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 2, sid,
ObjectAceFlags.InheritedObjectAceTypePresent,
Guid.Empty, Guid.Empty, true, new byte[16]),
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
ObjectAceFlags.InheritedObjectAceTypePresent,
Guid.Empty, new Guid ("{8865FB90-A9EB-422F-A8BA-07ECA611D699}"), true, new byte[4]),
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
ObjectAceFlags.ObjectAceTypePresent|ObjectAceFlags.InheritedObjectAceTypePresent,
Guid.Empty, new Guid ("{B893007C-38D5-4827-A698-BA25F1E30BAC}"), true, new byte[4]),
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
ObjectAceFlags.None,
Guid.Empty, new Guid ("{C0F9DF22-C320-4400-B41F-754F69668640}"), true, new byte[4])
};
// Make sure this created right, first of all.
Assert.AreEqual (AceType.AccessAllowedObject, aces [0].AceType);
Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [1].AceType);
Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [2].AceType);
Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [3].AceType);
Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [4].AceType);
Assert.AreEqual (52, aces [0].BinaryLength);
Assert.AreEqual (60, aces [1].BinaryLength);
Assert.AreEqual (48, aces [2].BinaryLength);
Assert.AreEqual (64, aces [3].BinaryLength);
Assert.AreEqual (32, aces [4].BinaryLength);
RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
for (int i = 0; i < aces.Length; i ++)
acl.InsertAce (i, aces[i]);
return acl;
}示例5: GetBinaryForm
public void GetBinaryForm ()
{
RawAcl acl = new RawAcl (1, 0);
byte[] buffer = new byte[acl.BinaryLength];
acl.GetBinaryForm (buffer, 0);
byte[] sdBinary = new byte[] { 0x01, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00 };
Assert.AreEqual (sdBinary, buffer);
SecurityIdentifier builtInAdmins = new SecurityIdentifier (WellKnownSidType.BuiltinAdministratorsSid, null);
CommonAce ace = new CommonAce (AceFlags.None, AceQualifier.AccessAllowed, 0x7FFFFFFF, builtInAdmins, false, null);
acl.InsertAce (0, ace);
buffer = new byte[acl.BinaryLength];
acl.GetBinaryForm (buffer, 0);
sdBinary = new byte[] {
0x01, 0x00, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x18, 0x00, 0xFF, 0xFF, 0xFF, 0x7F, 0x01, 0x02, 0x00, 0x00,
0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02,
0x00, 0x00 };
Assert.AreEqual (sdBinary, buffer);
}示例6: CommonAcl
//
// Creates an ACL from a raw ACL
// - 'trusted' (internal) callers get to pass the raw ACL
// that this object will take ownership of
// - 'untrusted' callers are handled by creating a local
// copy of the ACL passed in
//
internal CommonAcl( bool isContainer, bool isDS, RawAcl rawAcl, bool trusted, bool isDacl )
: base()
{
if ( rawAcl == null )
{
throw new ArgumentNullException( "rawAcl" );
}
Contract.EndContractBlock();
_isContainer = isContainer;
_isDS = isDS;
if (trusted)
{
//
// In the trusted case, we take over ownership of the ACL passed in
//
_acl = rawAcl;
RemoveMeaninglessAcesAndFlags( isDacl );
}
else
{
//
// In the untrusted case, we create our own raw ACL to keep the ACEs in
//
_acl = new RawAcl( rawAcl.Revision, rawAcl.Count );
for ( int i = 0; i < rawAcl.Count; i++ )
{
//
// Clone each ACE prior to putting it in
//
GenericAce ace = rawAcl[i].Copy();
//
// Avoid inserting meaningless ACEs
//
if ( true == InspectAce( ref ace, isDacl ))
{
_acl.InsertAce( _acl.Count, ace );
}
}
}
//
// See whether the ACL is canonical to begin with
//
if ( true == CanonicalCheck( isDacl ))
{
//
// Sort and compact the array
//
Canonicalize( true, isDacl );
_isCanonical = true;
}
else
{
_isCanonical = false;
}
}示例7: CanonicalizeDacl
private static void CanonicalizeDacl(NativeObjectSecurity objectSecurity)
{
if (objectSecurity == null) { throw new ArgumentNullException("objectSecurity"); }
if (objectSecurity.AreAccessRulesCanonical) { return; }
// A canonical ACL must have ACES sorted according to the following order:
// 1. Access-denied on the object
// 2. Access-denied on a child or property
// 3. Access-allowed on the object
// 4. Access-allowed on a child or property
// 5. All inherited ACEs
RawSecurityDescriptor descriptor = new RawSecurityDescriptor(objectSecurity.GetSecurityDescriptorSddlForm(AccessControlSections.Access));
List<CommonAce> implicitDenyDacl = new List<CommonAce>();
List<CommonAce> implicitDenyObjectDacl = new List<CommonAce>();
List<CommonAce> inheritedDacl = new List<CommonAce>();
List<CommonAce> implicitAllowDacl = new List<CommonAce>();
List<CommonAce> implicitAllowObjectDacl = new List<CommonAce>();
foreach (CommonAce ace in descriptor.DiscretionaryAcl)
{
if ((ace.AceFlags & AceFlags.Inherited) == AceFlags.Inherited) { inheritedDacl.Add(ace); }
else
{
switch (ace.AceType)
{
case AceType.AccessAllowed:
implicitAllowDacl.Add(ace);
break;
case AceType.AccessDenied:
implicitDenyDacl.Add(ace);
break;
case AceType.AccessAllowedObject:
implicitAllowObjectDacl.Add(ace);
break;
case AceType.AccessDeniedObject:
implicitDenyObjectDacl.Add(ace);
break;
}
}
}
Int32 aceIndex = 0;
RawAcl newDacl = new RawAcl(descriptor.DiscretionaryAcl.Revision, descriptor.DiscretionaryAcl.Count);
implicitDenyDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
implicitDenyObjectDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
implicitAllowDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
implicitAllowObjectDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
inheritedDacl.ForEach(x => newDacl.InsertAce(aceIndex++, x));
if (aceIndex != descriptor.DiscretionaryAcl.Count)
{
System.Diagnostics.Debug.Fail("The DACL cannot be canonicalized since it would potentially result in a loss of information");
return;
}
descriptor.DiscretionaryAcl = newDacl;
objectSecurity.SetSecurityDescriptorSddlForm(descriptor.GetSddlForm(AccessControlSections.Access), AccessControlSections.Access);
}示例8: MakeRawAcl
static RawAcl MakeRawAcl (GenericAce[] aces)
{
RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
for (int i = 0; i < aces.Length; i ++) { acl.InsertAce (i, aces [i]); }
return acl;
}示例9: InheritAcl
private static RawAcl InheritAcl(RawAcl parentAcl, bool isContainer)
{
AceFlags inheritTest = isContainer ? AceFlags.ContainerInherit : AceFlags.ObjectInherit;
RawAcl newAcl = null;
if (parentAcl != null)
{
newAcl = new RawAcl(parentAcl.Revision, parentAcl.Count);
foreach (GenericAce ace in parentAcl)
{
if ((ace.AceFlags & inheritTest) != 0)
{
GenericAce newAce = ace.Copy();
AceFlags newFlags = ace.AceFlags;
if ((newFlags & AceFlags.NoPropagateInherit) != 0)
{
newFlags &= ~(AceFlags.ContainerInherit | AceFlags.ObjectInherit | AceFlags.NoPropagateInherit);
}
newFlags &= ~AceFlags.InheritOnly;
newFlags |= AceFlags.Inherited;
newAce.AceFlags = newFlags;
newAcl.InsertAce(newAcl.Count, newAce);
}
}
}
return newAcl;
}示例10: ProtectionPreserveInheritanceIgnoredUnlessProtectedTrueDescriptor
static CommonSecurityDescriptor ProtectionPreserveInheritanceIgnoredUnlessProtectedTrueDescriptor()
{
SecurityIdentifier sid = new SecurityIdentifier ("WD");
RawAcl acl = new RawAcl (GenericAcl.AclRevision, 1);
acl.InsertAce (0, new CommonAce (AceFlags.None, AceQualifier.AccessDenied, 1, sid, false, null));
acl.InsertAce (1, new CommonAce (AceFlags.Inherited, AceQualifier.AccessAllowed, 1, sid, false, null));
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(false, false, ControlFlags.None, null, null, null, null);
descriptor.DiscretionaryAcl = new DiscretionaryAcl (false, false, acl);
return descriptor;
}示例11: BuildSecurityDescriptor
private void BuildSecurityDescriptor()
{
Fx.Assert((null == securityDescriptor), "SecurityDescriptor must be NULL");
NTAccount name;
SecurityIdentifier sid;
CommonAce ace;
RawAcl acl = new RawAcl(GenericAcl.AclRevision, 1);
int index = 0;
if (operationRoleMembers != null)
{
foreach (string userName in operationRoleMembers)
{
name = new NTAccount(userName);
sid = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
acl.InsertAce(index, ace);
index++;
}
}
if (contractRoleMembers != null)
{
foreach (string userName in contractRoleMembers)
{
name = new NTAccount(userName);
sid = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
acl.InsertAce(index, ace);
index++;
}
}
if (serviceRoleMembers != null)
{
foreach (string userName in serviceRoleMembers)
{
name = new NTAccount(userName);
sid = (SecurityIdentifier)name.Translate(typeof(SecurityIdentifier));
ace = new CommonAce(AceFlags.None, AceQualifier.AccessAllowed, (int)ComRights.EXECUTE, sid, false, null);
acl.InsertAce(index, ace);
index++;
}
}
DiscretionaryAcl dacl = new DiscretionaryAcl(true, false, acl);
securityDescriptor = new CommonSecurityDescriptor(true, false, ControlFlags.DiscretionaryAclPresent, sidAdministrators, sidAdministrators, null, dacl);
}示例12: ObjectSecurityRemovesWhatItCannotCreate
[Category ("NotWorking")] // Mono does not have a working CustomAce implementation yet.
public void ObjectSecurityRemovesWhatItCannotCreate ()
{
RawAcl acl = new RawAcl (GenericAcl.AclRevision, 1);
acl.InsertAce (0, new CustomAce ((AceType)255, AceFlags.None, new byte[4]));
DiscretionaryAcl dacl = new DiscretionaryAcl (true, true, acl);
Assert.AreEqual (1, dacl.Count);
CommonSecurityDescriptor descriptor = new CommonSecurityDescriptor
(true, true, ControlFlags.None, null, null, null, dacl);
TestSecurity security = new TestSecurity (descriptor);
AuthorizationRuleCollection rules = security.GetAccessRules (true, true, typeof (SecurityIdentifier));
Assert.AreEqual (0, rules.Count);
}