/// <summary>
/// Indicates whether a specific type of kernel object can be opened.
/// </summary>
/// <param name="typename">The kernel typename to check.</param>
/// <returns>True if this type of object can be opened.</returns>
public static bool CanOpenType(string typename)
{
NtType type = NtType.GetTypeByName(typename, false);
if (type == null)
{
return(false);
}
return(type.CanOpen);
}
private AccessMask MapGeneric(string typename, AccessMask access_mask)
{
if (!MapGenericRights)
{
return(access_mask);
}
NtType type = NtType.GetTypeByName(typename, false);
System.Diagnostics.Debug.Assert(type != null);
return(type.MapGenericRights(access_mask));
}
private static NtType GetTypeObject(SpecificAccessType type)
{
if (type == SpecificAccessType.ALPCPort)
{
return(NtType.GetTypeByType <NtAlpc>());
}
else
{
return(NtType.GetTypeByName(type.ToString(), false));
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="base_object">Base object for security descriptor</param>
/// <param name="token">Token for determining user rights</param>
/// <param name="is_directory">True if a directory security descriptor</param>
public SecurityDescriptor(NtObject base_object, NtToken token, bool is_directory) : this()
{
if ((base_object == null) && (token == null))
{
throw new ArgumentNullException();
}
SecurityDescriptor parent_sd = null;
if (base_object != null)
{
parent_sd = base_object.SecurityDescriptor;
}
SecurityDescriptor creator_sd = null;
if (token != null)
{
creator_sd = new SecurityDescriptor();
creator_sd.Owner = new SecurityDescriptorSid(token.Owner, false);
creator_sd.Group = new SecurityDescriptorSid(token.PrimaryGroup, false);
creator_sd.Dacl = token.DefaultDacl;
}
NtType type = NtType.GetTypeByName(base_object.NtTypeName);
SafeBuffer parent_sd_buffer = SafeHGlobalBuffer.Null;
SafeBuffer creator_sd_buffer = SafeHGlobalBuffer.Null;
SafeSecurityObjectHandle security_obj = null;
try
{
if (parent_sd != null)
{
parent_sd_buffer = parent_sd.ToSafeBuffer();
}
if (creator_sd != null)
{
creator_sd_buffer = creator_sd.ToSafeBuffer();
}
GenericMapping mapping = type.GenericMapping;
NtRtl.RtlNewSecurityObject(parent_sd_buffer, creator_sd_buffer, out security_obj, is_directory,
token != null ? token.Handle : SafeKernelObjectHandle.Null, ref mapping).ToNtException();
ParseSecurityDescriptor(security_obj);
}
finally
{
parent_sd_buffer?.Close();
creator_sd_buffer?.Close();
security_obj?.Close();
}
}
/// <summary>
/// Overridden ProcessRecord
/// </summary>
protected override void ProcessRecord()
{
AccessMask mask = AccessMask;
mask |= MapGeneric("File", FileAccess);
mask |= MapGeneric("File", FileDirectoryAccess);
mask |= MapGeneric("IoCompletion", IoCompletionAccess);
mask |= MapGeneric("Mutant", MutantAccess);
mask |= MapGeneric("Semaphore", SemaphoreAccess);
mask |= MapGeneric("RegistryTransaction", RegistryTransactionAccess);
mask |= MapGeneric("ALPC Port", AlpcPortAccess);
mask |= MapGeneric("Section", SectionAccess);
mask |= MapGeneric("Key", KeyAccess);
mask |= MapGeneric("Event", EventAccess);
mask |= MapGeneric("SymbolicLink", SymbolicLinkAccess);
mask |= MapGeneric("Token", TokenAccess);
mask |= GenericAccess;
mask |= MapGeneric("Directory", DirectoryAccess);
mask |= MapGeneric("Thread", ThreadAccess);
mask |= MapGeneric("DebugObject", DebugObjectAccess);
mask |= MapGeneric("Job", JobAccess);
mask |= MapGeneric("Process", ProcessAccess);
mask |= (uint)ManadatoryLabelPolicy;
if (ToGenericAccess)
{
WriteObject(mask.ToGenericAccess());
}
else if (ToMandatoryLabelPolicy)
{
WriteObject(mask.ToMandatoryLabelPolicy());
}
else if (String.IsNullOrEmpty(ToSpecificAccess))
{
WriteObject(mask);
}
else
{
NtType type = NtType.GetTypeByName(ToSpecificAccess, false);
if (type == null)
{
throw new ArgumentException(String.Format("'{0}' is not a valid NT type name", ToSpecificAccess));
}
WriteObject(mask.ToSpecificAccess(type.AccessRightsType));
}
}
private static NtType GetTypeObject(SpecificAccessType type)
{
switch (type)
{
case SpecificAccessType.Transaction:
return NtType.GetTypeByType<NtTransaction>();
case SpecificAccessType.TransactionManager:
return NtType.GetTypeByType<NtTransactionManager>();
case SpecificAccessType.ResourceManager:
return NtType.GetTypeByType<NtResourceManager>();
case SpecificAccessType.Enlistment:
return NtType.GetTypeByType<NtEnlistment>();
case SpecificAccessType.ALPCPort:
return NtType.GetTypeByType<NtAlpc>();
}
return NtType.GetTypeByName(type.ToString(), false);
}
/// <summary>
/// Open an NT object with a specified type.
/// </summary>
/// <param name="typename">The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type.</param>
/// <param name="path">The path to the object to open.</param>
/// <param name="root">A root directory to open from.</param>
/// <param name="access">Generic access rights to the object.</param>
/// <returns>The opened object.</returns>
/// <exception cref="NtException">Thrown if an error occurred opening the object.</exception>
/// <exception cref="ArgumentException">Thrown if type of resource couldn't be found.</exception>
public static NtObject OpenWithType(string typename, string path, NtObject root, AccessMask access)
{
if (typename == null)
{
typename = NtDirectory.GetDirectoryEntryType(path, root);
if (typename == null)
{
throw new ArgumentException(String.Format("Can't find type for path {0}", path));
}
}
NtType type = NtType.GetTypeByName(typename, false);
if (type != null && type.CanOpen)
{
return(type.Open(path, root, access));
}
else
{
throw new ArgumentException(String.Format("Can't open type {0}", typename));
}
}
/// <summary>
/// Open an NT object with a specified type.
/// </summary>
/// <param name="typename">The name of the type to open (e.g. Event). If null the method will try and lookup the appropriate type.</param>
/// <param name="path">The path to the object to open.</param>
/// <param name="root">A root directory to open from.</param>
/// <param name="access">Generic access rights to the object.</param>
/// <param name="attributes">Attributes to open the object.</param>
/// <param name="security_quality_of_service">Security quality of service.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The opened object.</returns>
/// <exception cref="NtException">Thrown if an error occurred opening the object.</exception>
public static NtResult <NtObject> OpenWithType(string typename, string path, NtObject root,
AttributeFlags attributes, AccessMask access, SecurityQualityOfService security_quality_of_service, bool throw_on_error)
{
using (var obj_attr = new ObjectAttributes(path, attributes, root, security_quality_of_service, null))
{
if (typename == null)
{
typename = NtDirectory.GetDirectoryEntryType(path, root);
}
// Brute force the open.
if (typename == null)
{
foreach (var nttype in NtType.GetTypes().Where(t => t.CanOpen))
{
var result = nttype.Open(obj_attr, access, false);
if (result.IsSuccess)
{
return(result);
}
}
return(NtStatus.STATUS_OBJECT_TYPE_MISMATCH.CreateResultFromError <NtObject>(true));
}
NtType type = NtType.GetTypeByName(typename, false);
if (type != null && type.CanOpen)
{
return(type.Open(obj_attr, access, throw_on_error));
}
else
{
return(NtStatus.STATUS_OBJECT_TYPE_MISMATCH.CreateResultFromError <NtObject>(true));
}
}
}
/// <summary>
/// Convert a handle to a known object type.
/// </summary>
/// <param name="handle">The handle.</param>
/// <returns>The object type.</returns>
public static NtObject FromHandle(SafeKernelObjectHandle handle)
{
return(NtType.GetTypeByName(handle.NtTypeName, true).FromHandle(handle));
}
/// <summary>
/// Get the granted access as a string
/// </summary>
/// <returns>The string form of the granted access</returns>
public string GetGrantedAccessString()
{
NtType type = NtType.GetTypeByName(NtTypeName);
return(AccessRightsToString(GrantedAccess, type));
}
private void ReadStateData(NtKeyValue value)
{
_security_descriptor = new SecurityDescriptor(value.Data, NtType.GetTypeByName(WNF_NT_TYPE_NAME));
}
