|
|
using System;
using System.Text;
namespace WmiSecurity
{
/// <summary>
/// Contains ACE string creation data and methods.
/// </summary>
public class AceString
{
// WMI Namespace security constants
public const uint WBEM_ENABLE = 1;
public const uint WBEM_METHOD_EXECUTE = 2;
public const uint WBEM_FULL_WRITE_REP = 4;
public const uint WBEM_PARTIAL_WRITE_REP = 8;
public const uint WBEM_WRITE_PROVIDER = 16;
public const uint WBEM_REMOTE_ACCESS = 32;
public const uint READ_CONTROL = 64;
public const uint WRITE_DAC = 128;
public const int npos = -1;
private bool m_bRecurse;
private bool m_bAccessAllowed;
private StringBuilder m_sbAceString;
private StringBuilder m_sbRights;
public AceString()
{
m_sbAceString=new StringBuilder();
m_sbRights = new StringBuilder();
m_bRecurse=false;
m_bAccessAllowed=true;
}
protected void Reset()
{
m_sbAceString=new StringBuilder();
m_sbRights = new StringBuilder();
m_bRecurse=false;
m_bAccessAllowed=true;
}
protected string GetAceString()
{
return m_sbAceString.ToString();
}
protected void SetRecursive(bool b)
{
m_bRecurse=b;
}
protected void SetAccessAllowed(bool b)
{
m_bAccessAllowed=b;
}
protected void CreateFinalAceString(string sTrustee)
{
try
{
if(m_bAccessAllowed==true)
m_sbAceString.Append("A;"); //sddl access allowed
else
m_sbAceString.Append("D;"); //sddl access denied
if(m_bRecurse==true)
m_sbAceString.Append("CI;"); //recurse through subcontainers
else
m_sbAceString.Append(";"); //Initial container only
// Now add the rights...
if(m_sbRights.Length==0)
throw new Exception("AceString.CreateFinalSidString: empty rights string");
else
m_sbAceString.Append(m_sbRights + ";");
// We don't do anything for Object Guid or Inherit Object Guid
// in this version...
m_sbAceString.Append(";;");
}
catch(System.Exception asEx)
{
throw new Exception("AceString.CreateFinalSidString exception: " + asEx.Message);
}
// Now add the trustee, can be in SID form or in predefined SDDL
// account constants (i.e. PU for power user..)
if(sTrustee.Length==0)
throw new Exception("AceString.CreateFinalSidString: no Trustee specified");
else
m_sbAceString.Append(sTrustee);
}
protected void CreateAceStringFromWmiRight(uint uiWmiRight)
{
switch(uiWmiRight)
{
case WBEM_REMOTE_ACCESS:
AddRight("WP");
break;
case WBEM_METHOD_EXECUTE:
AddRight("DC");
break;
case WBEM_FULL_WRITE_REP:
AddRight("LC");
AddRight("SW");
AddRight("RP");
break;
case WBEM_PARTIAL_WRITE_REP:
AddRight("SW");
break;
case WBEM_WRITE_PROVIDER:
AddRight("RP");
break;
case WBEM_ENABLE:
AddRight("CC");
break;
case READ_CONTROL:
AddRight("RC");
break;
case WRITE_DAC:
AddRight("WD");
break;
default:
throw new Exception("AceString.CreateAceStringFromRight: Invalid Wmi right specified: " + uiWmiRight.ToString());
}
}
private void AddRight(string s)
{
try
{
// Check right string syntax
switch(s.ToUpper())
{
case "WP":
break;
case "DC":
break;
case "LC":
break;
case "SW":
break;
case "RP":
break;
case "CC":
break;
case "WD":
break;
case "RC":
break;
}
// Insert into string only 1x
if(m_sbRights.ToString().IndexOf(s)==npos)
{
m_sbRights.Append(s);
}
}
catch(System.Exception arex)
{
throw new Exception("AceString.AddRight exception: "+ arex.Message);
}
}
}
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.
Software developer for the past 10 years in the Windows environment. Married, with two teenagers, and no money!
Submit an article or tip