Beispiel #1
0
 internal ServiceAccessCheckResult(string name, AccessMask granted_access,
                                   SecurityDescriptor sd, TokenInformation token_info,
                                   ServiceAccessRights trigger_granted_access,
                                   ServiceAccessRights original_granted_access,
                                   RunningService service)
     : base(name, "Service", granted_access,
            ServiceUtils.GetServiceGenericMapping(), sd,
            typeof(ServiceAccessRights), false, token_info)
 {
     TriggerGrantedAccess  = trigger_granted_access;
     OriginalGrantedAccess = original_granted_access;
     Service = service;
 }
 public AccessCheckResult CreateResult(AccessMask granted_access, TokenInformation token_info)
 {
     if (Folder)
     {
         return(new AccessCheckResult(Path, "Scheduled Task", granted_access, _file_type.GenericMapping,
                                      new SecurityDescriptor(SecurityDescriptor), typeof(FileDirectoryAccessRights), true, token_info));
     }
     else
     {
         return(new ScheduledTaskAccessCheckResult(this, granted_access, new SecurityDescriptor(SecurityDescriptor),
                                                   _file_type.GenericMapping, token_info));
     }
 }
 internal ProcessAccessCheckResult(string name, string image_path, int process_id, int session_id,
                                   string command_line, AccessMask granted_access, bool is_thread, bool is_dead, string user,
                                   NtType type, SecurityDescriptor sd, TokenInformation token_info) : base(name, type.Name, granted_access,
                                                                                                           type.GenericMapping, sd, type.AccessRightsType, false, token_info)
 {
     ProcessImagePath   = image_path;
     ProcessId          = process_id;
     ProcessCommandLine = command_line;
     IsThread           = is_thread;
     IsDead             = is_dead;
     SessionId          = session_id;
     User = user;
 }
 internal AccessCheckResult(string name, string type_name, AccessMask granted_access,
                            GenericMapping generic_mapping, string sddl, Type enum_type, TokenInformation token_info)
 {
     Name                       = name;
     TypeName                   = type_name;
     GrantedAccess              = granted_access;
     GenericMapping             = generic_mapping;
     TokenInfo                  = token_info;
     SecurityDescriptor         = sddl;
     IsRead                     = generic_mapping.HasRead(granted_access);
     IsWrite                    = generic_mapping.HasWrite(granted_access);
     IsExecute                  = generic_mapping.HasExecute(granted_access);
     IsAll                      = generic_mapping.HasAll(granted_access);
     GrantedAccessString        = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, false);
     GrantedGenericAccessString = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, true);
     TokenId                    = token_info.TokenId.ToInt64();
 }
Beispiel #5
0
 internal AccessCheckResult(string name, string type_name, AccessMask granted_access,
                            GenericMapping generic_mapping, SecurityDescriptor sd,
                            Type enum_type, bool is_directory, TokenInformation token_info)
 {
     Name               = name;
     TypeName           = type_name;
     GrantedAccess      = granted_access;
     GenericMapping     = generic_mapping;
     TokenInfo          = token_info;
     SecurityDescriptor = sd?.ToSddl() ?? string.Empty;
     Owner              = sd?.Owner?.Sid.ToString() ?? string.Empty;
     IsRead             = generic_mapping.HasRead(granted_access);
     IsWrite            = generic_mapping.HasWrite(granted_access) ||
                          granted_access.IsAccessGranted(GenericAccessRights.WriteDac) ||
                          granted_access.IsAccessGranted(GenericAccessRights.WriteOwner) ||
                          granted_access.IsAccessGranted(GenericAccessRights.Delete);
     IsExecute                  = generic_mapping.HasExecute(granted_access);
     IsAll                      = generic_mapping.HasAll(granted_access);
     GrantedAccessString        = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, false);
     GrantedGenericAccessString = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, true);
     TokenId                    = token_info.TokenId.ToInt64();
     IsDirectory                = is_directory;
 }
 internal HandleAccessCheckResult(MaximumAccess maximum_access, NtHandle handle, string name, string type_name, AccessMask granted_access,
                                  GenericMapping generic_mapping, string sddl, Type enum_type, bool is_directory, TokenInformation token_info)
     : base(name, type_name, granted_access, generic_mapping,
            !string.IsNullOrWhiteSpace(sddl) ? new SecurityDescriptor(sddl) : null,
            enum_type, is_directory, token_info)
 {
     if (maximum_access != null)
     {
         MaximumAccess   = maximum_access.Access;
         DifferentAccess = (granted_access & MaximumAccess) != granted_access;
     }
     ProcessId = handle.ProcessId;
     Handle    = handle.Handle;
     Object    = handle.Object;
 }
 private void WriteAccessCheckResult(ProcessDetails process, ThreadDetails thread, AccessMask granted_access,
                                     GenericMapping generic_mapping, string sddl, TokenInformation token)
 {
     if (thread == null)
     {
         WriteObject(new ProcessAccessCheckResult(process.Name, process.ImagePath, process.ProcessId, process.SessionId,
                                                  process.CommandLine, granted_access, _process_type, sddl, token));
     }
     else
     {
         WriteObject(new ThreadAccessCheckResult(process.Name, process.ImagePath, thread.ThreadId,
                                                 thread.Description, process.ProcessId, process.SessionId, process.CommandLine, granted_access, _process_type, sddl, token));
     }
 }
 internal ScheduledTaskAccessCheckResult(GetAccessibleScheduledTaskCmdlet.TaskSchedulerEntry entry, AccessMask granted_access,
                                         SecurityDescriptor sd, GenericMapping generic_mapping, TokenInformation token_info)
     : base(entry.Path, GetAccessibleScheduledTaskCmdlet.TypeName, granted_access,
            generic_mapping, sd,
            typeof(FileAccessRights), false, token_info)
 {
     Enabled          = entry.Enabled;
     Hidden           = entry.Hidden;
     AllowDemandStart = entry.AllowDemandStart;
     Xml         = entry.Xml;
     LogonType   = entry.LogonType;
     RunLevel    = entry.RunLevel;
     Principal   = entry.Principal;
     Actions     = entry.Actions;
     ActionCount = Actions.Count();
 }
 internal void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access,
                                      GenericMapping generic_mapping, string sddl, Type enum_type, bool is_directory, TokenInformation token_info)
 {
     WriteObject(new AccessCheckResult(name, type_name, granted_access, generic_mapping, sddl, enum_type, is_directory, token_info));
 }
 public TokenEntry(NtToken token, NtToken imp_token, NtProcess process)
 {
     Information = new TokenInformation(token, process);
     Token       = DuplicateToken(imp_token);
 }
Beispiel #11
0
 internal DeviceAccessCheckResult(string name, bool namespace_path, FileDeviceType device_type, FileDeviceCharacteristics device_chars,
                                  AccessMask granted_access, SecurityDescriptor sd, TokenInformation token_info) : base(name, "Device",
                                                                                                                        granted_access, NtType.GetTypeByType <NtFile>().GenericMapping, sd, typeof(FileAccessRights), false, token_info)
 {
     NamespacePath   = namespace_path;
     DeviceType      = device_type;
     Characteristics = device_chars;
 }
Beispiel #12
0
 private protected override void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access, GenericMapping generic_mapping, SecurityDescriptor sd, Type enum_type, bool is_directory, TokenInformation token_info)
 {
     _cmdlet.WriteAccessCheckResult(name, type_name, granted_access, generic_mapping, sd, enum_type, is_directory, token_info);
 }
 public TokenEntry(NtToken token)
 {
     Information = new TokenInformation(token);
     Token       = DuplicateToken(token);
 }