Beispiel #1
0
        internal virtual bool IsAceMeaningless(GenericAce ace)
        {
            AceFlags flags = ace.AceFlags;

            KnownAce knownAce = ace as KnownAce;

            if (knownAce != null)
            {
                if (0 == knownAce.AccessMask)
                {
                    return(true);
                }
                if (0 != (flags & AceFlags.InheritOnly))
                {
                    if (knownAce is ObjectAce)
                    {
                        return(true);
                    }
                    if (!IsContainer)
                    {
                        return(true);
                    }
                    if (0 == (flags & (AceFlags.ContainerInherit | AceFlags.ObjectInherit)))
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
Beispiel #2
0
        /// <summary>确定指定的 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象是否等同于当前的 <see cref="T:System.Security.AccessControl.GenericAce" />。</summary>
        /// <returns>如果指定的 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象等于当前的 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象,则为 true;否则为 false。</returns>
        /// <param name="o">要与当前 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象进行比较的 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象。</param>
        public override sealed bool Equals(object o)
        {
            if (o == null)
            {
                return(false);
            }
            GenericAce genericAce = o as GenericAce;

            if (genericAce == (GenericAce)null || this.AceType != genericAce.AceType || this.AceFlags != genericAce.AceFlags)
            {
                return(false);
            }
            int binaryLength1 = this.BinaryLength;
            int binaryLength2 = genericAce.BinaryLength;

            if (binaryLength1 != binaryLength2)
            {
                return(false);
            }
            byte[] binaryForm1 = new byte[binaryLength1];
            byte[] binaryForm2 = new byte[binaryLength2];
            this.GetBinaryForm(binaryForm1, 0);
            genericAce.GetBinaryForm(binaryForm2, 0);
            for (int index = 0; index < binaryForm1.Length; ++index)
            {
                if ((int)binaryForm1[index] != (int)binaryForm2[index])
                {
                    return(false);
                }
            }
            return(true);
        }
        private static ComparisonResult CompareAces(GenericAce ace1, GenericAce ace2, bool isDacl)
        {
            int num  = isDacl ? DaclAcePriority(ace1) : SaclAcePriority(ace1);
            int num2 = isDacl ? DaclAcePriority(ace2) : SaclAcePriority(ace2);

            if (num < num2)
            {
                return(ComparisonResult.LessThan);
            }
            if (num > num2)
            {
                return(ComparisonResult.GreaterThan);
            }
            KnownAce ace  = ace1 as KnownAce;
            KnownAce ace3 = ace2 as KnownAce;

            if ((ace != null) && (ace3 != null))
            {
                int num3 = ace.SecurityIdentifier.CompareTo(ace3.SecurityIdentifier);
                if (num3 < 0)
                {
                    return(ComparisonResult.LessThan);
                }
                if (num3 > 0)
                {
                    return(ComparisonResult.GreaterThan);
                }
            }
            return(ComparisonResult.EqualTo);
        }
        private static int DaclAcePriority(GenericAce ace)
        {
            AceType aceType = ace.AceType;

            if (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)
            {
                return(0x1fffe + ace._indexInAcl);
            }
            switch (aceType)
            {
            case AceType.AccessDenied:
            case AceType.AccessDeniedCallback:
                return(0);

            case AceType.AccessDeniedObject:
            case AceType.AccessDeniedCallbackObject:
                return(1);

            case AceType.AccessAllowed:
            case AceType.AccessAllowedCallback:
                return(2);

            case AceType.AccessAllowedObject:
            case AceType.AccessAllowedCallbackObject:
                return(3);
            }
            return(0xffff + ace._indexInAcl);
        }
 internal CommonAcl(bool isContainer, bool isDS, System.Security.AccessControl.RawAcl rawAcl, bool trusted, bool isDacl)
 {
     if (rawAcl == null)
     {
         throw new ArgumentNullException("rawAcl");
     }
     this._isContainer = isContainer;
     this._isDS        = isDS;
     if (trusted)
     {
         this._acl = rawAcl;
         this.RemoveMeaninglessAcesAndFlags(isDacl);
     }
     else
     {
         this._acl = new System.Security.AccessControl.RawAcl(rawAcl.Revision, rawAcl.Count);
         for (int i = 0; i < rawAcl.Count; i++)
         {
             GenericAce ace = rawAcl[i].Copy();
             if (this.InspectAce(ref ace, isDacl))
             {
                 this._acl.InsertAce(this._acl.Count, ace);
             }
         }
     }
     if (this.CanonicalCheck(isDacl))
     {
         this.Canonicalize(true, isDacl);
         this._isCanonical = true;
     }
     else
     {
         this._isCanonical = false;
     }
 }
        public void RemoveAce(int index)
        {
            GenericAce ace = this._aces[index] as GenericAce;

            this._aces.RemoveAt(index);
            this._binaryLength -= ace.BinaryLength;
        }
 public static void DecodeAcl(GenericAce acl, StringBuilder sb, StringBuilder domainSb, StringBuilder usernameSb)
 {
     sb.Append("(")
               .Append("AceType=")
               .Append(acl.AceType)
               .Append("; AceFlags=")
               .Append(acl.AceFlags)
               .Append("; AuditFlags=")
               .Append(acl.AuditFlags)
               .Append("; InheritnaceFlags=")
               .Append(acl.InheritanceFlags)
               .Append("; IsInherited=")
               .Append(acl.IsInherited)
               .Append("; PropagationFlags=")
               .Append(acl.PropagationFlags);
     try
     {
         var k = acl as KnownAce;
         if (k != null)
             GetUser(k.SecurityIdentifier, sb, domainSb, usernameSb);
     }
     catch
     {
     }
     sb.Append(")");
 }
Beispiel #8
0
 public void InsertAce(int index, GenericAce ace)
 {
     if (ace == null)
     {
         throw new ArgumentNullException("ace");
     }
     list.Insert(index, ace);
 }
	// Insert an access control element into this ACL.
	public void InsertAce(int index, GenericAce ace)
			{
				if(ace == null)
				{
					throw new ArgumentNullException("ace");
				}
				elements.Insert(index, ace);
			}
Beispiel #10
0
 /// <summary>为指定的 <see cref="T:System.Security.Principal.SecurityIdentifier" /> 对象设置指定的审核规则。在指定对象类型或继承的对象类型时,为目录对象的访问控制列表 (ACL) 使用此方法。</summary>
 /// <param name="auditFlags">要设置的审核条件。</param>
 /// <param name="sid">要为其设置审核规则的 <see cref="T:System.Security.Principal.SecurityIdentifier" />。</param>
 /// <param name="accessMask">新审核规则的访问掩码。</param>
 /// <param name="inheritanceFlags">指定新审核规则的继承属性的标志。</param>
 /// <param name="propagationFlags">指定新审核规则的继承传播属性的标志。</param>
 /// <param name="objectFlags">指定 <paramref name="objectType" /> 和 <paramref name="inheritedObjectType" /> 参数是否包含非 null 值的标志。</param>
 /// <param name="objectType">新审核规则所应用到的对象的类标识。</param>
 /// <param name="inheritedObjectType">可以继承新审核规则的子对象的类标识。</param>
 public void SetAudit(AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType)
 {
     if (!this.IsDS)
     {
         throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_OnlyValidForDS"));
     }
     this.CheckFlags(inheritanceFlags, propagationFlags);
     this.SetQualifiedAce(sid, AceQualifier.SystemAudit, accessMask, GenericAce.AceFlagsFromAuditFlags(auditFlags) | GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), objectFlags, objectType, inheritedObjectType);
 }
		public void CopyTo (GenericAce [] array, int index)
		{
			if (array == null)
				throw new ArgumentNullException ("array");
			if (index < 0 || array.Length - index < Count)
				throw new ArgumentOutOfRangeException ("index", "Index must be non-negative integer and must not exceed array length - count");
			for (int i = 0; i < Count; i++)
				array [i + index] = this [i];
		}
 private void RemoveMeaninglessAcesAndFlags(bool isDacl)
 {
     for (int i = this._acl.Count - 1; i >= 0; i--)
     {
         GenericAce ace = this._acl[i];
         if (!this.InspectAce(ref ace, isDacl))
         {
             this._acl.RemoveAce(i);
         }
     }
 }
        private bool InspectAce(ref GenericAce ace, bool isDacl)
        {
            KnownAce ace2 = ace as KnownAce;

            if ((ace2 != null) && (ace2.AccessMask == 0))
            {
                return(false);
            }
            if (!this.IsContainer)
            {
                if (((byte)(ace.AceFlags & AceFlags.InheritOnly)) != 0)
                {
                    return(false);
                }
                if (((byte)(ace.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit))) != 0)
                {
                    ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 240));
                }
            }
            else
            {
                if (((((byte)(ace.AceFlags & AceFlags.InheritOnly)) != 0) && (((byte)(ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte)(ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
                {
                    return(false);
                }
                if (((((byte)(ace.AceFlags & (AceFlags.None | AceFlags.NoPropagateInherit))) != 0) && (((byte)(ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte)(ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
                {
                    ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 0xfb));
                }
            }
            QualifiedAce ace3 = ace2 as QualifiedAce;

            if (isDacl)
            {
                ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 0x3f));
                if (((ace3 != null) && (ace3.AceQualifier != AceQualifier.AccessAllowed)) && (ace3.AceQualifier != AceQualifier.AccessDenied))
                {
                    return(false);
                }
            }
            else
            {
                if (((byte)(ace.AceFlags & AceFlags.AuditFlags)) == 0)
                {
                    return(false);
                }
                if ((ace3 != null) && (ace3.AceQualifier != AceQualifier.SystemAudit))
                {
                    return(false);
                }
            }
            return(true);
        }
Beispiel #14
0
 /// <summary>Inserts the specified Access Control Entry (ACE) at the specified index.</summary>
 /// <param name="index">The position at which to add the new ACE. Specify the value of the <see cref="P:System.Security.AccessControl.RawAcl.Count" /> property to insert an ACE at the end of the <see cref="T:System.Security.AccessControl.RawAcl" /> object.</param>
 /// <param name="ace">The ACE to insert.</param>
 /// <exception cref="T:System.ArgumentOutOfRangeException">
 ///         <paramref name="offset" /> is negative or too high to allow the entire <see cref="T:System.Security.AccessControl.GenericAcl" /> to be copied into <paramref name="array" />.</exception>
 // Token: 0x06001EA4 RID: 7844 RVA: 0x0006B114 File Offset: 0x00069314
 public void InsertAce(int index, GenericAce ace)
 {
     if (ace == null)
     {
         throw new ArgumentNullException("ace");
     }
     if (this.BinaryLength + ace.BinaryLength > GenericAcl.MaxBinaryLength)
     {
         throw new OverflowException(Environment.GetResourceString("AccessControl_AclTooLong"));
     }
     this._aces.Insert(index, ace);
 }
 public void RemoveInheritedAces()
 {
     this.ThrowIfNotCanonical();
     for (int i = this._acl.Count - 1; i >= 0; i--)
     {
         GenericAce ace = this._acl[i];
         if (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)
         {
             this._acl.RemoveAce(i);
         }
     }
     this.OnAclModificationTried();
 }
 public void InsertAce(int index, GenericAce ace)
 {
     if (ace == null)
     {
         throw new ArgumentNullException("ace");
     }
     if ((this._binaryLength + ace.BinaryLength) > GenericAcl.MaxBinaryLength)
     {
         throw new OverflowException(Environment.GetResourceString("AccessControl_AclTooLong"));
     }
     this._aces.Insert(index, ace);
     this._binaryLength += ace.BinaryLength;
 }
 public override void GetBinaryForm(byte[] binaryForm, int offset)
 {
     this.MarshalHeader(binaryForm, offset);
     offset += 8;
     for (int i = 0; i < this.Count; i++)
     {
         GenericAce ace = this._aces[i] as GenericAce;
         ace.GetBinaryForm(binaryForm, offset);
         int binaryLength = ace.BinaryLength;
         if ((binaryLength % 4) != 0)
         {
             throw new SystemException();
         }
         offset += binaryLength;
     }
 }
Beispiel #18
0
 /// <summary>将 <see cref="T:System.Security.AccessControl.RawAcl" /> 对象的内容封送到指定字节数组中,其位置从指定的偏移量开始。</summary>
 /// <param name="binaryForm">将 <see cref="T:System.Security.AccessControl.RawAcl" /> 的内容封送到的字节数组。</param>
 /// <param name="offset">开始封送的偏移量。</param>
 /// <exception cref="T:System.ArgumentOutOfRangeException">
 /// <paramref name="offset" /> 如果为负数或过高,则会将整个 <see cref="T:System.Security.AccessControl.RawAcl" /> 复制到 <paramref name="array" />。</exception>
 public override void GetBinaryForm(byte[] binaryForm, int offset)
 {
     this.MarshalHeader(binaryForm, offset);
     offset += 8;
     for (int index = 0; index < this.Count; ++index)
     {
         GenericAce genericAce  = this._aces[index] as GenericAce;
         byte[]     binaryForm1 = binaryForm;
         int        offset1     = offset;
         genericAce.GetBinaryForm(binaryForm1, offset1);
         int binaryLength = genericAce.BinaryLength;
         if (binaryLength % 4 != 0)
         {
             throw new SystemException();
         }
         offset += binaryLength;
     }
 }
 private void QuickSort(int left, int right, bool isDacl)
 {
     if (left < right)
     {
         int        num  = left;
         int        num2 = right;
         GenericAce ace  = this._acl[left];
         int        num3 = left;
         while (left < right)
         {
             while ((CompareAces(this._acl[right], ace, isDacl) != ComparisonResult.LessThan) && (left < right))
             {
                 right--;
             }
             if (left != right)
             {
                 this._acl[left] = this._acl[right];
                 left++;
             }
             while ((ComparisonResult.GreaterThan != CompareAces(this._acl[left], ace, isDacl)) && (left < right))
             {
                 left++;
             }
             if (left != right)
             {
                 this._acl[right] = this._acl[left];
                 right--;
             }
         }
         this._acl[left] = ace;
         num3            = left;
         left            = num;
         right           = num2;
         if (left < num3)
         {
             this.QuickSort(left, num3 - 1, isDacl);
         }
         if (right > num3)
         {
             this.QuickSort(num3 + 1, right, isDacl);
         }
     }
 }
Beispiel #20
0
 internal static bool ParseBinaryForm(byte[] binaryForm, int offset, out int accessMask, out CompoundAceType compoundAceType, out SecurityIdentifier sid)
 {
     GenericAce.VerifyHeader(binaryForm, offset);
     if (binaryForm.Length - offset >= 12 + SecurityIdentifier.MinBinaryLength)
     {
         int num1 = offset + 4;
         int num2 = 0;
         accessMask = (int)binaryForm[num1 + 0] + ((int)binaryForm[num1 + 1] << 8) + ((int)binaryForm[num1 + 2] << 16) + ((int)binaryForm[num1 + 3] << 24);
         int num3 = num2 + 4;
         compoundAceType = (CompoundAceType)((int)binaryForm[num1 + num3 + 0] + ((int)binaryForm[num1 + num3 + 1] << 8));
         int num4 = num3 + 4;
         sid = new SecurityIdentifier(binaryForm, num1 + num4);
         return(true);
     }
     accessMask      = 0;
     compoundAceType = (CompoundAceType)0;
     sid             = (SecurityIdentifier)null;
     return(false);
 }
Beispiel #21
0
        void MergeExplicitAces()
        {
            int explicitCount = GetCanonicalExplicitAceCount();

            for (int i = 0; i < explicitCount - 1;)
            {
                GenericAce mergedAce = MergeExplicitAcePair(raw_acl [i], raw_acl [i + 1]);
                if (null != mergedAce)
                {
                    raw_acl [i] = mergedAce;
                    raw_acl.RemoveAce(i + 1);
                    explicitCount--;
                }
                else
                {
                    i++;
                }
            }
        }
Beispiel #22
0
 internal static bool ParseBinaryForm(byte[] binaryForm, int offset, out int accessMask, out System.Security.AccessControl.CompoundAceType compoundAceType, out SecurityIdentifier sid)
 {
     GenericAce.VerifyHeader(binaryForm, offset);
     if ((binaryForm.Length - offset) >= (12 + SecurityIdentifier.MinBinaryLength))
     {
         int index = offset + 4;
         int num2  = 0;
         accessMask      = ((binaryForm[index] + (binaryForm[index + 1] << 8)) + (binaryForm[index + 2] << 0x10)) + (binaryForm[index + 3] << 0x18);
         num2           += 4;
         compoundAceType = (System.Security.AccessControl.CompoundAceType)(binaryForm[index + num2] + (binaryForm[(index + num2) + 1] << 8));
         num2           += 4;
         sid             = new SecurityIdentifier(binaryForm, index + num2);
         return(true);
     }
     accessMask      = 0;
     compoundAceType = (System.Security.AccessControl.CompoundAceType) 0;
     sid             = null;
     return(false);
 }
Beispiel #23
0
        internal void SetBinaryForm(byte[] binaryForm, int offset)
        {
            int count;
            int length;

            RawAcl.VerifyHeader(binaryForm, offset, out this._revision, out count, out length);
            int num1 = length + offset;

            offset    += 8;
            this._aces = new ArrayList(count);
            int num2 = 8;

            for (int index = 0; index < count; ++index)
            {
                GenericAce fromBinaryForm = GenericAce.CreateFromBinaryForm(binaryForm, offset);
                int        binaryLength   = fromBinaryForm.BinaryLength;
                if (num2 + binaryLength > GenericAcl.MaxBinaryLength)
                {
                    throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAclBinaryForm"), "binaryForm");
                }
                this._aces.Add((object)fromBinaryForm);
                if (binaryLength % 4 != 0)
                {
                    throw new SystemException();
                }
                num2 += binaryLength;
                if ((int)this._revision == (int)GenericAcl.AclRevisionDS)
                {
                    offset += (int)binaryForm[offset + 2] + ((int)binaryForm[offset + 3] << 8);
                }
                else
                {
                    offset += binaryLength;
                }
                if (offset > num1)
                {
                    throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAclBinaryForm"), "binaryForm");
                }
            }
        }
Beispiel #24
0
		static RawAcl CreateRoundtripRawAcl ()
		{
			SecurityIdentifier sid = new SecurityIdentifier (WellKnownSidType.BuiltinUsersSid, null);
			Assert.AreEqual (16, sid.BinaryLength);
			
			GenericAce[] aces = new GenericAce[] {
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 1, sid,
				               ObjectAceFlags.ObjectAceTypePresent,
				               Guid.Empty, Guid.Empty, false, new byte[8]),
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 2, sid,
				               ObjectAceFlags.InheritedObjectAceTypePresent,
				               Guid.Empty, Guid.Empty, true, new byte[16]),
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
				               ObjectAceFlags.InheritedObjectAceTypePresent,
				               Guid.Empty, new Guid ("{8865FB90-A9EB-422F-A8BA-07ECA611D699}"), true, new byte[4]),
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
				               ObjectAceFlags.ObjectAceTypePresent|ObjectAceFlags.InheritedObjectAceTypePresent,
				               Guid.Empty, new Guid ("{B893007C-38D5-4827-A698-BA25F1E30BAC}"), true, new byte[4]),
				new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
				               ObjectAceFlags.None,
				               Guid.Empty, new Guid ("{C0F9DF22-C320-4400-B41F-754F69668640}"), true, new byte[4])
			};
			
			// Make sure this created right, first of all.
			Assert.AreEqual (AceType.AccessAllowedObject, aces [0].AceType);
			Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [1].AceType);
			Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [2].AceType);
			Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [3].AceType);
			Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [4].AceType);
			Assert.AreEqual (52, aces [0].BinaryLength);
			Assert.AreEqual (60, aces [1].BinaryLength);
			Assert.AreEqual (48, aces [2].BinaryLength);
			Assert.AreEqual (64, aces [3].BinaryLength);
			Assert.AreEqual (32, aces [4].BinaryLength);

			RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
			for (int i = 0; i < aces.Length; i ++)
				acl.InsertAce (i, aces[i]);
			return acl;
		}
Beispiel #25
0
        // Token: 0x06001E9B RID: 7835 RVA: 0x0006AEC8 File Offset: 0x000690C8
        internal void SetBinaryForm(byte[] binaryForm, int offset)
        {
            int num;
            int num2;

            RawAcl.VerifyHeader(binaryForm, offset, out this._revision, out num, out num2);
            num2      += offset;
            offset    += 8;
            this._aces = new ArrayList(num);
            int num3 = 8;

            for (int i = 0; i < num; i++)
            {
                GenericAce genericAce   = GenericAce.CreateFromBinaryForm(binaryForm, offset);
                int        binaryLength = genericAce.BinaryLength;
                if (num3 + binaryLength > GenericAcl.MaxBinaryLength)
                {
                    throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAclBinaryForm"), "binaryForm");
                }
                this._aces.Add(genericAce);
                if (binaryLength % 4 != 0)
                {
                    throw new SystemException();
                }
                num3 += binaryLength;
                if (this._revision == GenericAcl.AclRevisionDS)
                {
                    offset += (int)binaryForm[offset + 2] + ((int)binaryForm[offset + 3] << 8);
                }
                else
                {
                    offset += binaryLength;
                }
                if (offset > num2)
                {
                    throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAclBinaryForm"), "binaryForm");
                }
            }
        }
Beispiel #26
0
        internal override bool IsAceMeaningless(GenericAce ace)
        {
            if (base.IsAceMeaningless(ace))
            {
                return(true);
            }
            if (AuditFlags.None != ace.AuditFlags)
            {
                return(true);
            }

            QualifiedAce qace = ace as QualifiedAce;

            if (null != qace)
            {
                if (!(AceQualifier.AccessAllowed == qace.AceQualifier ||
                      AceQualifier.AccessDenied == qace.AceQualifier))
                {
                    return(true);
                }
            }

            return(false);
        }
        private static int SaclAcePriority(GenericAce ace)
        {
            AceType aceType = ace.AceType;

            if (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)
            {
                return(0x1fffe + ace._indexInAcl);
            }
            switch (aceType)
            {
            case AceType.SystemAudit:
            case AceType.SystemAlarm:
            case AceType.SystemAuditCallback:
            case AceType.SystemAlarmCallback:
                return(0);

            case AceType.SystemAuditObject:
            case AceType.SystemAlarmObject:
            case AceType.SystemAuditCallbackObject:
            case AceType.SystemAlarmCallbackObject:
                return(1);
            }
            return(0xffff + ace._indexInAcl);
        }
Beispiel #28
0
        public sealed override bool Equals(object o)
        {
            if (o == null)
            {
                return(false);
            }
            GenericAce ace = o as GenericAce;

            if (ace == null)
            {
                return(false);
            }
            if ((this.AceType != ace.AceType) || (this.AceFlags != ace.AceFlags))
            {
                return(false);
            }
            int binaryLength = this.BinaryLength;
            int num2         = ace.BinaryLength;

            if (binaryLength != num2)
            {
                return(false);
            }
            byte[] binaryForm = new byte[binaryLength];
            byte[] buffer2    = new byte[num2];
            this.GetBinaryForm(binaryForm, 0);
            ace.GetBinaryForm(buffer2, 0);
            for (int i = 0; i < binaryForm.Length; i++)
            {
                if (binaryForm[i] != buffer2[i])
                {
                    return(false);
                }
            }
            return(true);
        }
        /// <summary>Determines whether the specified <see cref="T:System.Security.AccessControl.GenericAce" /> object is equal to the current <see cref="T:System.Security.AccessControl.GenericAce" /> object.</summary>
        /// <param name="o">The <see cref="T:System.Security.AccessControl.GenericAce" /> object to compare to the current <see cref="T:System.Security.AccessControl.GenericAce" /> object.</param>
        /// <returns>
        ///     <see langword="true" /> if the specified <see cref="T:System.Security.AccessControl.GenericAce" /> object is equal to the current <see cref="T:System.Security.AccessControl.GenericAce" /> object; otherwise, <see langword="false" />.</returns>
        // Token: 0x06001E51 RID: 7761 RVA: 0x00069F24 File Offset: 0x00068124
        public sealed override bool Equals(object o)
        {
            if (o == null)
            {
                return(false);
            }
            GenericAce genericAce = o as GenericAce;

            if (genericAce == null)
            {
                return(false);
            }
            if (this.AceType != genericAce.AceType || this.AceFlags != genericAce.AceFlags)
            {
                return(false);
            }
            int binaryLength  = this.BinaryLength;
            int binaryLength2 = genericAce.BinaryLength;

            if (binaryLength != binaryLength2)
            {
                return(false);
            }
            byte[] array  = new byte[binaryLength];
            byte[] array2 = new byte[binaryLength2];
            this.GetBinaryForm(array, 0);
            genericAce.GetBinaryForm(array2, 0);
            for (int i = 0; i < array.Length; i++)
            {
                if (array[i] != array2[i])
                {
                    return(false);
                }
            }
            return(true);
        }
Beispiel #30
0
        public RawAcl(byte [] binaryForm, int offset)
        {
            if (binaryForm == null)
            {
                throw new ArgumentNullException("binaryForm");
            }

            if (offset < 0 || offset > binaryForm.Length - 8)
            {
                throw new ArgumentOutOfRangeException("offset", offset, "Offset out of range");
            }

            revision = binaryForm[offset];
            if (revision != AclRevision && revision != AclRevisionDS)
            {
                throw new ArgumentException("Invalid ACL - unknown revision", "binaryForm");
            }

            int binaryLength = ReadUShort(binaryForm, offset + 2);

            if (offset > binaryForm.Length - binaryLength)
            {
                throw new ArgumentException("Invalid ACL - truncated", "binaryForm");
            }

            int pos     = offset + 8;
            int numAces = ReadUShort(binaryForm, offset + 4);

            list = new List <GenericAce>(numAces);
            for (int i = 0; i < numAces; ++i)
            {
                GenericAce newAce = GenericAce.CreateFromBinaryForm(binaryForm, pos);
                list.Add(newAce);
                pos += newAce.BinaryLength;
            }
        }
Beispiel #31
0
        // A canonical ACL must have ACES sorted according to the following order:
        // 1. Access-denied on the object
        // 2. Access-denied on a child or property
        // 3. Access-allowed on the object
        // 4. Access-allowed on a child or property
        // 5. All inherited ACEs
        private static byte GetComparisonValue(GenericAce ace)
        {
            if ((ace.AceFlags & AceFlags.Inherited) != 0)
            {
                return(5);
            }
            switch (ace.AceType)
            {
            case AceType.AccessDenied:
            case AceType.AccessDeniedCallback:
            case AceType.SystemAudit:
            case AceType.SystemAlarm:
            case AceType.SystemAuditCallback:
            case AceType.SystemAlarmCallback:
                return(0);

            case AceType.AccessDeniedObject:
            case AceType.AccessDeniedCallbackObject:
            case AceType.SystemAuditObject:
            case AceType.SystemAlarmObject:
            case AceType.SystemAuditCallbackObject:
            case AceType.SystemAlarmCallbackObject:
                return(1);

            case AceType.AccessAllowed:
            case AceType.AccessAllowedCallback:
                return(2);

            case AceType.AccessAllowedObject:
            case AceType.AccessAllowedCallbackObject:
                return(3);

            default:
                return(4);
            }
        }
Beispiel #32
0
        internal static RawAcl ParseSddlForm(string sddlForm,
                                             bool isDacl,
                                             ref ControlFlags sdFlags,
                                             ref int pos)
        {
            ParseFlags(sddlForm, isDacl, ref sdFlags, ref pos);

            byte revision          = GenericAcl.AclRevision;
            List <GenericAce> aces = new List <GenericAce>();

            while (pos < sddlForm.Length && sddlForm[pos] == '(')
            {
                GenericAce ace = GenericAce.CreateFromSddlForm(
                    sddlForm, ref pos);
                if ((ace as ObjectAce) != null)
                {
                    revision = GenericAcl.AclRevisionDS;
                }
                aces.Add(ace);
            }


            return(new RawAcl(revision, aces));
        }
Beispiel #33
0
        internal override bool IsAceMeaningless(GenericAce ace)
        {
            if (base.IsAceMeaningless(ace))
            {
                return(true);
            }
            if (!IsValidAuditFlags(ace.AuditFlags))
            {
                return(true);
            }

            QualifiedAce qace = ace as QualifiedAce;

            if (null != qace)
            {
                if (!(AceQualifier.SystemAudit == qace.AceQualifier ||
                      AceQualifier.SystemAlarm == qace.AceQualifier))
                {
                    return(true);
                }
            }

            return(false);
        }
 // Parameters:
 //   index:
 //     The position at which to add the new ACE. Specify the value of the System.Security.AccessControl.RawAcl.Count
 //     property to insert an ACE at the end of the System.Security.AccessControl.RawAcl
 //     object.
 //
 //   ace:
 //     The ACE to insert.
 //
 // Exceptions:
 //   System.ArgumentOutOfRangeException:
 //     offset is negative or too high to allow the entire System.Security.AccessControl.GenericAcl
 //     to be copied into array.
 public void InsertAce(int index, GenericAce ace);
Beispiel #35
0
		internal override bool IsAceMeaningless (GenericAce ace)
		{
			if (base.IsAceMeaningless (ace)) return true;
			
			QualifiedAce qace = ace as QualifiedAce;
			if (null != qace) {
				return !(AceQualifier.AccessAllowed == qace.AceQualifier ||
				         AceQualifier.AccessDenied  == qace.AceQualifier);
			}

			return false;
		}
 private bool InspectAce(ref GenericAce ace, bool isDacl)
 {
     KnownAce ace2 = ace as KnownAce;
     if ((ace2 != null) && (ace2.AccessMask == 0))
     {
         return false;
     }
     if (!this.IsContainer)
     {
         if (((byte) (ace.AceFlags & AceFlags.InheritOnly)) != 0)
         {
             return false;
         }
         if (((byte) (ace.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit))) != 0)
         {
             ace.AceFlags = (AceFlags) ((byte) (((int) ace.AceFlags) & 240));
         }
     }
     else
     {
         if (((((byte) (ace.AceFlags & AceFlags.InheritOnly)) != 0) && (((byte) (ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte) (ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
         {
             return false;
         }
         if (((((byte) (ace.AceFlags & (AceFlags.None | AceFlags.NoPropagateInherit))) != 0) && (((byte) (ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte) (ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
         {
             ace.AceFlags = (AceFlags) ((byte) (((int) ace.AceFlags) & 0xfb));
         }
     }
     QualifiedAce ace3 = ace2 as QualifiedAce;
     if (isDacl)
     {
         ace.AceFlags = (AceFlags) ((byte) (((int) ace.AceFlags) & 0x3f));
         if (((ace3 != null) && (ace3.AceQualifier != AceQualifier.AccessAllowed)) && (ace3.AceQualifier != AceQualifier.AccessDenied))
         {
             return false;
         }
     }
     else
     {
         if (((byte) (ace.AceFlags & AceFlags.AuditFlags)) == 0)
         {
             return false;
         }
         if ((ace3 != null) && (ace3.AceQualifier != AceQualifier.SystemAudit))
         {
             return false;
         }
     }
     return true;
 }
Beispiel #37
0
		public void ContiguousRangeSorting ()
		{
			SecurityIdentifier[] sids = new SecurityIdentifier[] {
				new SecurityIdentifier (WellKnownSidType.BuiltinAdministratorsSid, null), // S-1-5-32-544
				new SecurityIdentifier (WellKnownSidType.BuiltinUsersSid, null),	  // S-1-5-32-545
				new SecurityIdentifier (WellKnownSidType.WorldSid, null), 		  // S-1-1-0
				new SecurityIdentifier ("S-1-5-40"),
				new SecurityIdentifier ("S-1-5-30-123"),
				new SecurityIdentifier ("S-1-5-32-99"),
				new SecurityIdentifier ("S-1-5-23-45-67"),
				new SecurityIdentifier ("S-1-5-32-5432"),
				new SecurityIdentifier ("S-1-0-2"),
				new SecurityIdentifier ("S-1-6-0")
			};

			GenericAce[] aces = new GenericAce[sids.Length];
			for (int i = 0; i < aces.Length; i ++)
				aces [i] = new CommonAce (AceFlags.None, AceQualifier.AccessAllowed, 1, sids[i], false, null);
			RawAcl acl = MakeRawAcl (aces);

			DiscretionaryAcl dacl = new DiscretionaryAcl (false, false, acl);
			Assert.IsTrue (dacl.IsCanonical);
			Assert.AreEqual (sids[8], ((CommonAce)dacl [0]).SecurityIdentifier); // S-1-0-2
			Assert.AreEqual (sids[2], ((CommonAce)dacl [1]).SecurityIdentifier); // S-1-1-0
			Assert.AreEqual (sids[3], ((CommonAce)dacl [2]).SecurityIdentifier); // S-1-5-40
			Assert.AreEqual (sids[4], ((CommonAce)dacl [3]).SecurityIdentifier); // S-1-5-30-123
			Assert.AreEqual (sids[5], ((CommonAce)dacl [4]).SecurityIdentifier); // S-1-5-32-99
			Assert.AreEqual (sids[0], ((CommonAce)dacl [5]).SecurityIdentifier); // S-1-5-32-544
			Assert.AreEqual (sids[1], ((CommonAce)dacl [6]).SecurityIdentifier); // S-1-5-32-545
			Assert.AreEqual (sids[7], ((CommonAce)dacl [7]).SecurityIdentifier); // S-1-5-32-5432
			Assert.AreEqual (sids[6], ((CommonAce)dacl [8]).SecurityIdentifier); // S-1-5-23-45-67
			Assert.AreEqual (sids[9], ((CommonAce)dacl [9]).SecurityIdentifier); // S-1-6-0
		}
Beispiel #38
0
		internal virtual bool IsAceMeaningless (GenericAce ace)
		{
			AceFlags flags = ace.AceFlags;

			KnownAce knownAce = ace as KnownAce;
			if (knownAce != null) {
				if (0 == knownAce.AccessMask) return true;
				if (0 != (flags & AceFlags.InheritOnly)) {
					if (knownAce is ObjectAce) return true;
					if (!IsContainer) return true;
					if (0 == (flags & (AceFlags.ContainerInherit|AceFlags.ObjectInherit))) return true;
				}
			}

			return false;
		}
Beispiel #39
0
		GenericAce MergeExplicitAcePair (GenericAce ace1, GenericAce ace2)
		{
			QualifiedAce qace1 = ace1 as QualifiedAce;
			QualifiedAce qace2 = ace2 as QualifiedAce;
			if (!(null != qace1 && null != qace2)) return null;
			if (!(qace1.AceFlags == qace2.AceFlags && qace1.AceQualifier == qace2.AceQualifier)) return null;
			if (!(qace1.SecurityIdentifier == qace2.SecurityIdentifier)) return null;
			
			CommonAce cace1 = ace1 as CommonAce;
			CommonAce cace2 = ace2 as CommonAce;
			if (null != cace1 && null != cace2) {
				return new CommonAce (cace1.AceFlags, cace1.AceQualifier, cace1.AccessMask|cace2.AccessMask,
					cace1.SecurityIdentifier, cace1.IsCallback, cace1.GetOpaque());
			}
			
			ObjectAce oace1 = ace1 as ObjectAce;
			ObjectAce oace2 = ace2 as ObjectAce;
			if (null != oace1 && null != oace2) {
				// See DiscretionaryAclTest.GuidEmptyMergesRegardlessOfFlagsAndOpaqueDataIsNotConsidered
				Guid type1, inheritedType1; GetObjectAceTypeGuids(oace1, out type1, out inheritedType1);
				Guid type2, inheritedType2; GetObjectAceTypeGuids(oace2, out type2, out inheritedType2);
				
				if (type1 == type2 && inheritedType1 == inheritedType2) {
					return new ObjectAce (oace1.AceFlags, oace1.AceQualifier, oace1.AccessMask|oace2.AccessMask,
						oace1.SecurityIdentifier,
						oace1.ObjectAceFlags, oace1.ObjectAceType, oace1.InheritedObjectAceType,
						oace1.IsCallback, oace1.GetOpaque());
				}
			}
			
			return null;
		}
Beispiel #40
0
        //
        // Compares two system ACEs and returns
        //    LessThan if ace1 < ace2
        //    EqualTo if ace1 == ace2
        //    GreaterThan if ace1 > ace2
        //
        // The order is:
        //        - explicit audit or alarm ACEs
        //        - explicit audit or alarm object ACEs
        //        - inherited ACEs (in the original order )
        //        - user-defined ACEs (in the original order )
        //

        private static int SaclAcePriority( GenericAce ace )
        {
            int result;
            AceType type = ace.AceType;

            if (( ace.AceFlags & AceFlags.Inherited ) != 0 )
            {
                result = 2 * ushort.MaxValue + ace._indexInAcl;
            }
            else if ( type == AceType.SystemAudit ||
                type == AceType.SystemAlarm ||
                type == AceType.SystemAuditCallback ||
                type == AceType.SystemAlarmCallback )
            {
                result = 0;
            }
            else if ( type == AceType.SystemAuditObject ||
                type == AceType.SystemAlarmObject ||
                type == AceType.SystemAuditCallbackObject ||
                type == AceType.SystemAlarmCallbackObject )
            {
                result = 1;
            }
            else
            {
                result = ushort.MaxValue + ace._indexInAcl;
            }

            return result;
        }
Beispiel #41
0
 /// <summary>Removes the specified access control rule from the current <see cref="T:System.Security.AccessControl.DiscretionaryAcl" /> object.</summary>
 /// <param name="accessType">The type of access control (allow or deny) to remove.</param>
 /// <param name="sid">The <see cref="T:System.Security.Principal.SecurityIdentifier" /> for which to remove an access control rule.</param>
 /// <param name="accessMask">The access mask for the rule to be removed.</param>
 /// <param name="inheritanceFlags">Flags that specify the inheritance properties of the rule to be removed.</param>
 /// <param name="propagationFlags">Flags that specify the inheritance propagation properties for the rule to be removed.</param>
 /// <returns>
 ///     <see langword="true" /> if this method successfully removes the specified access; otherwise, <see langword="false" />.</returns>
 // Token: 0x06001EEA RID: 7914 RVA: 0x0006CD78 File Offset: 0x0006AF78
 public bool RemoveAccess(AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
 {
     base.CheckAccessType(accessType);
     this.everyOneFullAccessForNullDacl = false;
     return(base.RemoveQualifiedAces(sid, (accessType == AccessControlType.Allow) ? AceQualifier.AccessAllowed : AceQualifier.AccessDenied, accessMask, GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), false, ObjectAceFlags.None, Guid.Empty, Guid.Empty));
 }
        private static int SaclAcePriority(GenericAce ace)
        {
            AceType aceType = ace.AceType;
            if (((byte) (ace.AceFlags & AceFlags.Inherited)) != 0)
            {
                return (0x1fffe + ace._indexInAcl);
            }
            switch (aceType)
            {
                case AceType.SystemAudit:
                case AceType.SystemAlarm:
                case AceType.SystemAuditCallback:
                case AceType.SystemAlarmCallback:
                    return 0;

                case AceType.SystemAuditObject:
                case AceType.SystemAlarmObject:
                case AceType.SystemAuditCallbackObject:
                case AceType.SystemAlarmCallbackObject:
                    return 1;
            }
            return (0xffff + ace._indexInAcl);
        }
Beispiel #43
0
 public GenericAce Copy()
 {
     byte[] buffer = new byte[BinaryLength];
     GetBinaryForm(buffer, 0);
     return(GenericAce.CreateFromBinaryForm(buffer, 0));
 }
Beispiel #44
0
        //
        // Inspects the ACE, modifies it by stripping away unnecessary or
        // meaningless flags.
        // Returns 'true' if the ACE should remain in the ACL, 'false' otherwise
        //

        private bool InspectAce( ref GenericAce ace, bool isDacl )
        {
            const AceFlags AuditFlags =
                AceFlags.SuccessfulAccess |
                AceFlags.FailedAccess;

            const AceFlags InheritFlags =
                AceFlags.ObjectInherit |
                AceFlags.ContainerInherit |
                AceFlags.NoPropagateInherit |
                AceFlags.InheritOnly;

            //
            // Any ACE without at least one bit set in the access mask can be removed
            //

            KnownAce knownAce = ace as KnownAce;

            if ( knownAce != null )
            {
                if ( knownAce.AccessMask == 0 )
                {
                    return false;
                }
            }

            if ( !IsContainer )
            {
                //
                // On a leaf object ACL, inheritance bits are meaningless.
                // Specifically, an ACE marked "inherit-only" will never participate
                // in access control and can be removed.
                // Similarly, an ACE marked "container-inherit", "no-propagate-inherit"
                // or "object-inherit" can have those bits cleared since they carry
                // no meaning.
                //

                if (( ace.AceFlags & AceFlags.InheritOnly ) != 0 )
                {
                    return false;
                }

                if (( ace.AceFlags & InheritFlags ) != 0 )
                {
                    unchecked { ace.AceFlags &= ~InheritFlags; }
                }
            }
            else
            {
                //
                // Without either "container inherit" or "object inherit" to go with it,
                // the InheritOnly bit is meaningless and the entire ACE can be removed.
                //

                if ((( ace.AceFlags & AceFlags.InheritOnly ) != 0 ) &&
                    (( ace.AceFlags & AceFlags.ContainerInherit ) == 0 ) &&
                    (( ace.AceFlags & AceFlags.ObjectInherit ) == 0 ))
                {
                    return false;
                }

                //
                // Without either "container inherit" or "object inherit" to go with it,
                // the NoPropagateInherit bit is meaningless and can be turned off.
                //
                if ((( ace.AceFlags & AceFlags.NoPropagateInherit ) != 0 ) &&
                    (( ace.AceFlags & AceFlags.ContainerInherit ) == 0 ) &&
                    (( ace.AceFlags & AceFlags.ObjectInherit ) == 0 ))
                {
                    unchecked { ace.AceFlags &= ~AceFlags.NoPropagateInherit; }
                }
            }

            QualifiedAce qualifiedAce = knownAce as QualifiedAce;

            if ( isDacl )
            {
                //
                // There is no place for audit flags on a DACL
                //

                unchecked { ace.AceFlags &= ~AuditFlags; }

                if ( qualifiedAce != null )
                {
                    //
                    // Qualified ACEs in a DACL must be allow or deny ACEs
                    //

                    if ( qualifiedAce.AceQualifier != AceQualifier.AccessAllowed &&
                        qualifiedAce.AceQualifier != AceQualifier.AccessDenied )
                    {
                        return false;
                    }
                }
            }
            else
            {
                //
                // On a SACL, any ACE that does not specify Success or Failure
                // flags can be removed
                //

                if (( ace.AceFlags & AuditFlags ) == 0 )
                {
                    return false;
                }

                //
                // Qualified ACEs in a SACL must be audit ACEs
                //

                if ( qualifiedAce != null )
                {
                    if ( qualifiedAce.AceQualifier != AceQualifier.SystemAudit )
                    {
                        return false;
                    }
                }
            }
            return true;
        }
Beispiel #45
0
		static RawAcl MakeRawAcl (GenericAce[] aces)
		{
			RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
			for (int i = 0; i < aces.Length; i ++) { acl.InsertAce (i, aces [i]); }
			return acl;
		}
Beispiel #46
0
        //
        // Adds an ACE at the specified index
        //

        public void InsertAce( int index, GenericAce ace )
        {
            if ( ace == null )
            {
                throw new ArgumentNullException( "ace" );
            }
            Contract.EndContractBlock();

            if ( BinaryLength + ace.BinaryLength > MaxBinaryLength )
            {
                throw new OverflowException( Environment.GetResourceString( "AccessControl_AclTooLong" ));
            }

            _aces.Insert( index, ace );
        }
        private static int DaclAcePriority(GenericAce ace)
        {
            AceType aceType = ace.AceType;
            if (((byte) (ace.AceFlags & AceFlags.Inherited)) != 0)
            {
                return (0x1fffe + ace._indexInAcl);
            }
            switch (aceType)
            {
                case AceType.AccessDenied:
                case AceType.AccessDeniedCallback:
                    return 0;

                case AceType.AccessDeniedObject:
                case AceType.AccessDeniedCallbackObject:
                    return 1;

                case AceType.AccessAllowed:
                case AceType.AccessAllowedCallback:
                    return 2;

                case AceType.AccessAllowedObject:
                case AceType.AccessAllowedCallbackObject:
                    return 3;
            }
            return (0xffff + ace._indexInAcl);
        }
 private static ComparisonResult CompareAces(GenericAce ace1, GenericAce ace2, bool isDacl)
 {
     int num = isDacl ? DaclAcePriority(ace1) : SaclAcePriority(ace1);
     int num2 = isDacl ? DaclAcePriority(ace2) : SaclAcePriority(ace2);
     if (num < num2)
     {
         return ComparisonResult.LessThan;
     }
     if (num > num2)
     {
         return ComparisonResult.GreaterThan;
     }
     KnownAce ace = ace1 as KnownAce;
     KnownAce ace3 = ace2 as KnownAce;
     if ((ace != null) && (ace3 != null))
     {
         int num3 = ace.SecurityIdentifier.CompareTo(ace3.SecurityIdentifier);
         if (num3 < 0)
         {
             return ComparisonResult.LessThan;
         }
         if (num3 > 0)
         {
             return ComparisonResult.GreaterThan;
         }
     }
     return ComparisonResult.EqualTo;
 }
Beispiel #49
0
 public void CopyTo( GenericAce[] array, int index ) 
 {
     (( ICollection )this ).CopyTo( array, index );
 }
Beispiel #50
0
        //
        // Adds an ACE at the specified index
        //

        public void InsertAce( int index, GenericAce ace )
        {
            if ( ace == null )
            {
                throw new ArgumentNullException( nameof(ace));
            }
            Contract.EndContractBlock();

            if ( BinaryLength + ace.BinaryLength > MaxBinaryLength )
            {
                throw new OverflowException( SR.AccessControl_AclTooLong );
            }

            _aces.Insert( index, ace );
        }
Beispiel #51
0
        //
        // Compares two discretionary ACEs and returns
        //    LessThan if ace1 < ace2
        //    EqualTo if ace1 == ace2
        //    GreaterThan if ace1 > ace2
        //
        // The order is:
        //        - explicit Access Denied ACEs
        //          [regular aces first, then object aces]
        //        - explicit Access Allowed ACEs
        //          [regular aces first, then object aces]
        //        - inherited ACEs (in the original order )
        //        - user-defined ACEs (in the original order )
        //

        private static int DaclAcePriority( GenericAce ace)
        {
            int result;
            AceType type = ace.AceType;

            if (( ace.AceFlags & AceFlags.Inherited ) != 0 )
            {
                //
                // inherited aces are at the end as a group
                //

                result = 2 * ushort.MaxValue + ace._indexInAcl;
            }
            else if ( type == AceType.AccessDenied ||
                type == AceType.AccessDeniedCallback )
            {
                result = 0;
            }
            else if ( type == AceType.AccessDeniedObject ||
                type == AceType.AccessDeniedCallbackObject )
            {
                result = 1;
            }
            else if ( type == AceType.AccessAllowed ||
                type == AceType.AccessAllowedCallback )
            {
                result = 2;
            }
            else if ( type == AceType.AccessAllowedObject ||
                type == AceType.AccessAllowedCallbackObject )
            {
                result = 3;
            }
            else
            {
                //
                // custom aces are at the second group
                //
                result = ushort.MaxValue + ace._indexInAcl;
            }

            return result;
        }
 public void CopyTo(GenericAce[] array, int index)
 {
 }
Beispiel #53
0
        private static ComparisonResult CompareAces( GenericAce ace1, GenericAce ace2, bool isDacl )
        {
            int ace1Priority = isDacl ? DaclAcePriority( ace1 ) : SaclAcePriority( ace1 );
            int ace2Priority = isDacl ? DaclAcePriority( ace2 ) : SaclAcePriority( ace2 );

            if ( ace1Priority < ace2Priority )
            {
                return ComparisonResult.LessThan;
            }
            else if ( ace1Priority > ace2Priority )
            {
                return ComparisonResult.GreaterThan;
            }
            else
            {
                KnownAce k_ace1 = ace1 as KnownAce;
                KnownAce k_ace2 = ace2 as KnownAce;

                if ( k_ace1 != null && k_ace2 != null )
                {
                    int result = k_ace1.SecurityIdentifier.CompareTo( k_ace2.SecurityIdentifier );

                    if ( result < 0 )
                    {
                        return ComparisonResult.LessThan;
                    }
                    else if ( result > 0 )
                    {
                        return ComparisonResult.GreaterThan;
                    }
                }

                return ComparisonResult.EqualTo;
            }
        }
Beispiel #54
0
		internal override bool IsAceMeaningless (GenericAce ace)
		{
			if (base.IsAceMeaningless (ace)) return true;
			
			QualifiedAce qace = ace as QualifiedAce;
			if (null != qace) {
				return !(AceQualifier.SystemAudit == qace.AceQualifier ||
				         AceQualifier.SystemAlarm == qace.AceQualifier);
			}
			
			return false;
		}