private void CheckAccess(TokenEntry token, NtFile file, AccessMask access_rights, SecurityDescriptor sd, SecurityDescriptor parent_sd)
        {
            NtType     type           = file.NtType;
            AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, type.GenericMapping);

            // Determine if the parent gives additonal rights to this file.
            if (!granted_access.IsAllAccessGranted(FileDirectoryAccessRights.ReadAttributes | FileDirectoryAccessRights.Delete) && parent_sd != null)
            {
                AccessMask parent_granted_access = NtSecurity.GetMaximumAccess(parent_sd, token.Token, type.GenericMapping);
                if (parent_granted_access.IsAccessGranted(FileDirectoryAccessRights.DeleteChild))
                {
                    granted_access |= FileAccessRights.Delete;
                }
                if (parent_granted_access.IsAccessGranted(FileDirectoryAccessRights.ListDirectory))
                {
                    granted_access |= FileAccessRights.ReadAttributes;
                }
            }

            if (IsAccessGranted(granted_access, access_rights))
            {
                bool is_directory = IsDirectoryNoThrow(file);
                WriteAccessCheckResult(FormatWin32Path ? file.Win32PathName : file.FullPath, type.Name, granted_access, type.GenericMapping,
                                       sd, is_directory ? typeof(FileDirectoryAccessRights) : typeof(FileAccessRights), is_directory, token.Information);
            }
        }
        /// <summary>
        /// Is an access mask granted to the object.
        /// </summary>
        /// <param name="access">The access to check.</param>
        /// <returns>True if all access is granted.</returns>
        public bool IsAccessMaskGranted(AccessMask access)
        {
            // We can't tell if we really have access or not, so just assume we do.
            if (_granted_access.IsAccessGranted(GenericAccessRights.MaximumAllowed))
            {
                return(true);
            }

            return(_granted_access.IsAllAccessGranted(access));
        }
Ejemplo n.º 3
0
 private static AccessMask AdjustProcessAccess(AccessMask granted_access)
 {
     if (granted_access.IsAccessGranted(ProcessAccessRights.QueryInformation))
     {
         granted_access |= ProcessAccessRights.QueryLimitedInformation;
     }
     if (granted_access.IsAllAccessGranted(ProcessAccessRights.VmWrite | ProcessAccessRights.VmOperation))
     {
         granted_access |= ProcessAccessRights.QueryLimitedInformation;
     }
     if (granted_access.IsAccessGranted(ProcessAccessRights.SetInformation))
     {
         granted_access |= ProcessAccessRights.SetLimitedInformation;
     }
     return(granted_access);
 }
Ejemplo n.º 4
0
        private protected bool IsAccessGranted(AccessMask granted_access, AccessMask access_rights)
        {
            if (granted_access.IsEmpty)
            {
                return(AllowEmptyAccess);
            }

            if (access_rights.IsEmpty)
            {
                return(true);
            }

            if (AllowPartialAccess)
            {
                return(granted_access.IsAccessGranted(access_rights));
            }

            return(granted_access.IsAllAccessGranted(access_rights));
        }
        internal bool IsAccessGranted(AccessMask granted_access, AccessMask access_rights)
        {
            if (granted_access.IsEmpty)
            {
                return(false);
            }

            if (access_rights.IsEmpty)
            {
                return(true);
            }

            if (AllowPartialAccess)
            {
                return(granted_access.IsAccessGranted(access_rights));
            }

            return(granted_access.IsAllAccessGranted(access_rights));
        }
Ejemplo n.º 6
0
 /// <summary>
 /// Process record.
 /// </summary>
 protected override void ProcessRecord()
 {
     if (Empty)
     {
         WriteObject(AccessMask.IsEmpty);
     }
     else if (ParameterSetName == "WriteRestricted")
     {
         GenericMapping std_map = NtSecurity.StandardAccessMapping;
         WriteObject((std_map.GenericWrite & ~(std_map.GenericRead | std_map.GenericExecute)
                      | WriteRestricted.GenericWrite & ~(WriteRestricted.GenericRead | WriteRestricted.GenericExecute)).IsEmpty);
     }
     else if (All)
     {
         WriteObject(AccessMask.IsAllAccessGranted(GetAccessMask()));
     }
     else
     {
         WriteObject(AccessMask.IsAccessGranted(GetAccessMask()));
     }
 }