/// <summary>
/// ProcessRecord method.
/// </summary>
protected override void ProcessRecord()
{
CommonSecurityDescriptor rawSecurityDescriptor = null;
try
{
rawSecurityDescriptor = new CommonSecurityDescriptor(isContainer: false, isDS: false, Sddl);
}
catch (Exception e)
{
var ioe = PSTraceSource.NewInvalidOperationException(e, UtilityCommonStrings.InvalidSDDL, e.Message);
ThrowTerminatingError(new ErrorRecord(ioe, "InvalidSDDL", ErrorCategory.InvalidArgument, Sddl));
}
string owner = ConvertToNTAccount(rawSecurityDescriptor.Owner);
string group = ConvertToNTAccount(rawSecurityDescriptor.Group);
AccessRightTypeNames?typeToUse = _isTypeSet ? _type : (AccessRightTypeNames?)null;
string[] discretionaryAcl = ConvertAccessControlListToStrings(rawSecurityDescriptor.DiscretionaryAcl, typeToUse);
string[] systemAcl = ConvertAccessControlListToStrings(rawSecurityDescriptor.SystemAcl, typeToUse);
var outObj = new SecurityDescriptorInfo(owner, group, discretionaryAcl, systemAcl, rawSecurityDescriptor);
WriteObject(outObj);
}
private string[] ConvertAccessControlListToStrings(CommonAcl acl, AccessRightTypeNames?typeName)
{
if (acl == null || acl.Count == 0)
{
return(Array.Empty <string>());
}
List <string> aceStringList = new List <string>(acl.Count);
foreach (CommonAce ace in acl)
{
StringBuilder aceString = new StringBuilder();
string ntAccount = ConvertToNTAccount(ace.SecurityIdentifier);
aceString.Append($"{ntAccount}: {ace.AceQualifier}");
if (ace.AceFlags != AceFlags.None)
{
aceString.Append($" {ace.AceFlags}");
}
List <string> accessRightList = GetApplicableAccessRights(ace.AccessMask, typeName);
if (accessRightList.Count > 0)
{
string accessRights = String.Join(", ", accessRightList);
aceString.Append($" ({accessRights})");
}
aceStringList.Add(aceString.ToString());
}
return(aceStringList.ToArray());
}
private List <string> GetApplicableAccessRights(int accessMask, AccessRightTypeNames?typeName)
{
List <Type> typesToExamine = new List <Type>();
List <string> foundAccessRightNames = new List <string>();
HashSet <int> foundAccessRightValues = new HashSet <int>();
if (typeName != null)
{
typesToExamine.Add(GetRealAccessRightType(typeName.Value));
}
else
{
foreach (AccessRightTypeNames member in Enum.GetValues(typeof(AccessRightTypeNames)))
{
typesToExamine.Add(GetRealAccessRightType(member));
}
}
foreach (Type accessRightType in typesToExamine)
{
foreach (string memberName in Enum.GetNames(accessRightType))
{
int memberValue = (int)Enum.Parse(accessRightType, memberName);
if (!foundAccessRightValues.Contains(memberValue))
{
foundAccessRightValues.Add(memberValue);
if ((accessMask & memberValue) == memberValue)
{
foundAccessRightNames.Add(memberName);
}
}
}
}
foundAccessRightNames.Sort(StringComparer.OrdinalIgnoreCase);
return(foundAccessRightNames);
}