// <snippet1>
static EndpointIdentity CreateIdentity()
{
WindowsIdentity self = WindowsIdentity.GetCurrent();
SecurityIdentifier sid = self.User;
EndpointIdentity identity = null;
if (sid.IsWellKnown(WellKnownSidType.LocalSystemSid) ||
sid.IsWellKnown(WellKnownSidType.NetworkServiceSid) ||
sid.IsWellKnown(WellKnownSidType.LocalServiceSid))
{
identity = EndpointIdentity.CreateSpnIdentity(
String.Format(CultureInfo.InvariantCulture, "host/{0}", GetMachineName()));
}
else
{
// Need an UPN string here
string domain = GetPrimaryDomain();
if (domain != null)
{
string[] split = self.Name.Split('\\');
if (split.Length == 2)
{
identity = EndpointIdentity.CreateUpnIdentity(split[1] + "@" + domain);
}
}
}
return(identity);
}
public static bool IsProcessOwnerAdmin(Process proc)
{
IntPtr ph = IntPtr.Zero;
try
{
OpenProcessToken(proc.Handle, TOKEN_ALL_ACCESS, out ph);
}
catch (Exception)
{
return(true); // Presume true if we can't even access it...
}
WindowsIdentity iden = new WindowsIdentity(ph);
bool result = false;
foreach (IdentityReference role in iden.Groups)
{
if (!role.IsValidTargetType(typeof(SecurityIdentifier)))
{
continue;
}
SecurityIdentifier sid = role as SecurityIdentifier;
if (!sid.IsWellKnown(WellKnownSidType.AccountAdministratorSid) || sid.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid))
{
continue;
}
result = true;
break;
}
CloseHandle(ph);
return(result);
}
// Token: 0x06000018 RID: 24 RVA: 0x0000253C File Offset: 0x0000073C
private static bool IsRunningAsService()
{
bool flag = false;
bool flag2 = false;
bool result;
using (WindowsIdentity current = WindowsIdentity.GetCurrent())
{
IdentityReferenceCollection groups = current.Groups;
foreach (IdentityReference identityReference in groups)
{
if (identityReference is SecurityIdentifier)
{
SecurityIdentifier securityIdentifier = (SecurityIdentifier)identityReference;
if (securityIdentifier.IsWellKnown(WellKnownSidType.ServiceSid))
{
flag = true;
}
if (securityIdentifier.IsWellKnown(WellKnownSidType.InteractiveSid))
{
flag2 = true;
}
}
}
result = (flag || (!flag && !flag2));
}
return(result);
}
public static bool IsProcessOwnerAdmin(string processName)
{
Process proc = Process.GetProcessesByName(processName)[0];
IntPtr ph = IntPtr.Zero;
try
{
OpenProcessToken(proc.Handle, TOKEN_ALL_ACCESS, out ph);
WindowsIdentity iden = new WindowsIdentity(ph);
bool result = false;
foreach (IdentityReference role in iden.Groups)
{
if (role.IsValidTargetType(typeof(SecurityIdentifier)))
{
SecurityIdentifier sid = role as SecurityIdentifier;
if (sid.IsWellKnown(WellKnownSidType.AccountAdministratorSid) || sid.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid))
{
result = true;
break;
}
}
}
CloseHandle(ph);
return(result);
}
catch {
return(true);
};
}
public static bool IsForegroundProcessAdmin()
{
var proc = GetForegroundProcess();
if (proc == null)
{
return(false);
}
IntPtr ph = IntPtr.Zero;
OpenProcessToken(proc.Handle, TOKEN_ALL_ACCESS, out ph);
WindowsIdentity iden = new WindowsIdentity(ph);
bool result = false;
foreach (IdentityReference role in iden.Groups)
{
if (role.IsValidTargetType(typeof(SecurityIdentifier)))
{
SecurityIdentifier sid = role as SecurityIdentifier;
if (sid.IsWellKnown(WellKnownSidType.AccountAdministratorSid) || sid.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid))
{
result = true;
break;
}
}
}
CloseHandle(ph);
return(result);
}
private static long GetIdForSecurityIdentifier(SecurityIdentifier securityIdentifier, List <SecurityIdentifier> sidHistory, AclTableIdMap aclTableIdMap)
{
if (securityIdentifier.IsWellKnown(WellKnownSidType.WorldSid))
{
return(0L);
}
if (securityIdentifier.IsWellKnown(WellKnownSidType.AnonymousSid))
{
return(-1L);
}
return(aclTableIdMap.GetIdForSecurityIdentifier(securityIdentifier, sidHistory));
}
private static bool IsSystemAccount(WindowsIdentity self)
{
SecurityIdentifier sid = self.User;
if (sid == null)
{
return(false);
}
// S-1-5-82 is the prefix for the sid that represents the identity that IIS 7.5 Apppool thread runs under.
return(sid.IsWellKnown(WellKnownSidType.LocalSystemSid) ||
sid.IsWellKnown(WellKnownSidType.NetworkServiceSid) ||
sid.IsWellKnown(WellKnownSidType.LocalServiceSid) ||
self.User.Value.StartsWith("S-1-5-82", StringComparison.OrdinalIgnoreCase));
}
public static bool UserIsServiceAccount(string userName)
{
if (string.IsNullOrEmpty(userName))
{
userName = WindowsIdentity.GetCurrent().Name;
}
NTAccount acct = new NTAccount(userName);
try
{
SecurityIdentifier si = (SecurityIdentifier)acct.Translate(typeof(SecurityIdentifier));
return(si.IsWellKnown(WellKnownSidType.LocalSystemSid) || si.IsWellKnown(WellKnownSidType.NetworkServiceSid) || si.IsWellKnown(WellKnownSidType.LocalServiceSid));
}
catch { }
return(false);
}
public void PSIDTest()
{
var sid = GetCurrentSid();
Assert.That(!sid.IsInvalid);
Assert.That(sid.IsValidSid);
Assert.That(sid.ToString(), Does.StartWith("S-1-5"));
var sid2 = new SafePSID(sid);
Assert.That(!sid2.IsInvalid);
Assert.That(sid2.ToString(), Is.EqualTo(sid.ToString()));
var sid3 = new SafePSID("S-1-1-0");
var id2 = new SecurityIdentifier((IntPtr)sid3);
Assert.That(id2.IsWellKnown(WellKnownSidType.WorldSid));
var sid4 = new SafePSID(100);
Assert.That(!sid4.IsClosed);
Assert.That(!sid4.IsValidSid);
Assert.That((int)sid4.Size, Is.EqualTo(100));
sid4.Dispose();
Assert.That(sid4.IsClosed);
Assert.That((int)sid4.Size, Is.EqualTo(0));
Assert.That(sid.Equals("X"), Is.False);
Assert.That(sid.Equals(sid3), Is.False);
}
public void CanCreateSecurityIdentifierFromWellKnownSidType(WellKnownSidType sidType)
{
var currentDomainSid = WindowsIdentity.GetCurrent().Owner.AccountDomainSid;
var wellKnownSidInstance = new SecurityIdentifier(sidType, currentDomainSid);
Assert.True(wellKnownSidInstance.IsWellKnown(sidType));
}
public IEnumerable <AcePermissionRecipientRow> ResolveSecurityPrincipalId(IEnumerable <SecurityPrincipalIdParameter> sidPrincipalId)
{
if (sidPrincipalId != null && sidPrincipalId.Any <SecurityPrincipalIdParameter>())
{
IRecipientSession recipientSession = (IRecipientSession)this.CreateAdSession();
List <AcePermissionRecipientRow> list = new List <AcePermissionRecipientRow>();
foreach (SecurityPrincipalIdParameter securityPrincipalIdParameter in sidPrincipalId)
{
SecurityIdentifier securityIdentifier = securityPrincipalIdParameter.SecurityIdentifier;
if (!securityIdentifier.IsWellKnown(WellKnownSidType.SelfSid))
{
MiniRecipient miniRecipient = recipientSession.FindMiniRecipientBySid <MiniRecipient>(securityIdentifier, AcePermissionRecipientRow.Properties.AsEnumerable <PropertyDefinition>());
if (miniRecipient != null)
{
Identity identity;
if (miniRecipient.MasterAccountSid == securityIdentifier)
{
identity = new Identity(miniRecipient.Guid.ToString(), securityPrincipalIdParameter.ToString());
}
else
{
identity = new Identity(miniRecipient.Guid.ToString(), string.IsNullOrEmpty(miniRecipient.DisplayName) ? miniRecipient.Name : miniRecipient.DisplayName);
}
list.Add(new AcePermissionRecipientRow(identity));
}
}
}
return(list);
}
return(new List <AcePermissionRecipientRow>());
}
internal protected SecurityAccount(SecurityCache parent, IdentityReference ident)
{
NTAccount = ident as NTAccount;
if (NTAccount != null)
{
Sid = (SecurityIdentifier)NTAccount.Translate(typeof(SecurityIdentifier));
IsMapped = true;
}
else
{
Sid = (SecurityIdentifier)ident;
try
{
NTAccount = (NTAccount)Sid.Translate(typeof(NTAccount));
IsMapped = true;
}
catch
{
NTAccount = new NTAccount("unknown", Sid.Value);
}
}
IsAccoundSid = Sid.IsAccountSid();
for (int i = 0; i < wellKnownTypes.Length; i++)
{
if (!Sid.IsWellKnown(wellKnownTypes[i]))
{
continue;
}
WellKnownSid = wellKnownTypes[i];
break;
}
IsGroup = IsMapped && isGroup(parent);
}
private static DbConnectionPoolIdentity GetCurrentNative()
{
DbConnectionPoolIdentity current;
using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
{
IntPtr token = identity.AccessToken.DangerousGetHandle();
SecurityIdentifier user = identity.User;
bool isNetwork = user.IsWellKnown(WellKnownSidType.NetworkSid);
string sidString = user.Value;
// Win32NativeMethods.IsTokenRestricted will raise exception if the native call fails
bool isRestricted = Win32NativeMethods.IsTokenRestrictedWrapper(token);
var lastIdentity = s_lastIdentity;
if ((lastIdentity != null) && (lastIdentity._sidString == sidString) && (lastIdentity._isRestricted == isRestricted) && (lastIdentity._isNetwork == isNetwork))
{
current = lastIdentity;
}
else
{
current = new DbConnectionPoolIdentity(sidString, isRestricted, isNetwork);
}
}
s_lastIdentity = current;
return(current);
}
private static bool IsWellKnownUser()
{
using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
{
if (identity.User == null)
{
return(false);
}
SecurityIdentifier securityIdentifier = identity.User;
// Is it one of the windows service accounts?
return(securityIdentifier.IsWellKnown(WellKnownSidType.LocalSystemSid) ||
securityIdentifier.IsWellKnown(WellKnownSidType.LocalServiceSid) ||
securityIdentifier.IsWellKnown(WellKnownSidType.NetworkServiceSid));
}
}
public static bool IsRunningAsLocalAdmin()
{
WindowsIdentity cur = WindowsIdentity.GetCurrent();
foreach (IdentityReference role in cur.Groups)
{
if (role.IsValidTargetType(typeof(SecurityIdentifier)))
{
SecurityIdentifier sid = (SecurityIdentifier)role.Translate(typeof(SecurityIdentifier));
if (sid.IsWellKnown(WellKnownSidType.AccountAdministratorSid) || sid.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid))
{
return(true);
}
}
}
return(false);
}
private static bool ResolveRecipientParametersFromLegacyDN(string legacyDN, StoreSession session, IRecipientSession recipientSession, out SecurityIdentifier securityIdentifier, out List <SecurityIdentifier> sidHistory, out bool isGroup, out string displayName)
{
securityIdentifier = null;
sidHistory = null;
isGroup = false;
displayName = string.Empty;
if (legacyDN == string.Empty)
{
securityIdentifier = AclHelper.everyoneSecurityIdentifier;
return(true);
}
if (string.Compare(legacyDN, "Anonymous", StringComparison.OrdinalIgnoreCase) == 0)
{
securityIdentifier = AclHelper.anonymousSecurityIdentifier;
displayName = "Anonymous";
return(true);
}
MiniRecipient[] array = recipientSession.FindMiniRecipient(null, QueryScope.SubTree, new ComparisonFilter(ComparisonOperator.Equal, MiniRecipientSchema.LegacyExchangeDN, legacyDN), null, 2, Array <PropertyDefinition> .Empty);
if (array == null || array.Length == 0)
{
return(false);
}
if (array.Length > 1)
{
throw new NonUniqueLegacyExchangeDNException(ServerStrings.ErrorNonUniqueLegacyDN(legacyDN));
}
SecurityIdentifier masterAccountSid = array[0].MasterAccountSid;
if (masterAccountSid != null && !masterAccountSid.IsWellKnown(WellKnownSidType.SelfSid))
{
securityIdentifier = masterAccountSid;
}
else
{
securityIdentifier = array[0].Sid;
MultiValuedProperty <SecurityIdentifier> sidHistory2 = array[0].SidHistory;
if (sidHistory2 != null && sidHistory2.Count != 0)
{
sidHistory = new List <SecurityIdentifier>(sidHistory2);
}
}
if (securityIdentifier == null)
{
throw new CorruptDataException(ServerStrings.UserSidNotFound(legacyDN));
}
isGroup = AclHelper.IsGroupRecipientType(array[0].RecipientType);
if (!AclHelper.IsNTUserLegacyDN(legacyDN, session.InternalPreferedCulture, securityIdentifier, out displayName))
{
displayName = array[0].DisplayName;
}
return(true);
}
private static void PrintSID(SecurityIdentifier sid)
{
AwesomeConsole.Write(sid, ConsoleColor.DarkCyan);
foreach (WellKnownSidType wellKnownSidType in Enum.GetValues(typeof(WellKnownSidType)).OfType <WellKnownSidType>())
{
if (sid.IsWellKnown(wellKnownSidType))
{
AwesomeConsole.Write(" (" + wellKnownSidType + ")", ConsoleColor.Yellow);
break;
}
}
}
public bool IsSpecialWellKnownSid()
{
bool isSpecial = false;
SecurityIdentifier si = new SecurityIdentifier(SidString);
if (si.IsWellKnown(WellKnownSidType.WorldSid))
{
isSpecial = true;
}
else if (si.IsWellKnown(WellKnownSidType.DialupSid))
{
isSpecial = true;
}
else if (si.IsWellKnown(WellKnownSidType.NetworkSid))
{
isSpecial = true;
}
else if (si.IsWellKnown(WellKnownSidType.BatchSid))
{
isSpecial = true;
}
else if (si.IsWellKnown(WellKnownSidType.InteractiveSid))
{
isSpecial = true;
}
else if (si.IsWellKnown(WellKnownSidType.ServiceSid))
{
isSpecial = true;
}
else if (si.IsWellKnown(WellKnownSidType.AnonymousSid))
{
isSpecial = true;
}
else if (si.IsWellKnown(WellKnownSidType.AuthenticatedUserSid))
{
isSpecial = true;
}
else if (si.IsWellKnown(WellKnownSidType.TerminalServerSid))
{
isSpecial = true;
}
return(isSpecial);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.DomainControllers != null)
{
foreach (var DC in healthcheckData.DomainControllers)
{
SecurityIdentifier sid = new SecurityIdentifier(DC.OwnerSID);
if (!sid.IsWellKnown(WellKnownSidType.AccountDomainAdminsSid) && !sid.IsWellKnown(WellKnownSidType.AccountEnterpriseAdminsSid))
{
AddRawDetail(DC.DistinguishedName, DC.OwnerName);
}
}
}
return(null);
}
internal static bool IsWellKnownSid(SecurityIdentifier sid)
{
bool result = false;
foreach (WellKnownSidType wellKnownSidType in RecipientHelper.wellKnownSidTypes)
{
if (sid.IsWellKnown(wellKnownSidType))
{
RecipientHelper.Tracer.TraceDebug <SecurityIdentifier, WellKnownSidType>(0L, "sid {0} is well known sid: {1}", sid, wellKnownSidType);
result = true;
break;
}
}
return(result);
}
public void PSIDTest()
{
var sb = new SafeByteArray(WindowsIdentity.GetCurrent().User.GetBytes());
var sid = new PSID(sb.DangerousGetHandle(), false);
Assert.That(!sid.IsInvalid);
Assert.That(sid.IsValidSid);
Assert.That(sid.ToString(), Does.StartWith("S-1-5"));
var sidc = PSID.CreateFromPtr(sb.DangerousGetHandle());
Assert.That((IntPtr)sidc, Is.Not.EqualTo(sb.DangerousGetHandle()));
Assert.That(sidc.IsValidSid);
var sid2 = new PSID(sid);
Assert.That(!sid2.IsInvalid);
Assert.That(sid2.ToString(), Is.EqualTo(sid.ToString()));
var sid3 = new PSID("S-1-1-0");
var id2 = new SecurityIdentifier((IntPtr)sid3);
Assert.That(id2.IsWellKnown(WellKnownSidType.WorldSid));
var sid4 = new PSID(100);
Assert.That(!sid4.IsClosed);
Assert.That(!sid4.IsValidSid);
Assert.That(sid4.Size, Is.EqualTo(100));
sid4.Dispose();
Assert.That(sid4.IsClosed);
Assert.That(sid4.Size, Is.EqualTo(0));
var sid5 = new PSID();
Assert.That(!sid5.IsClosed);
Assert.That(sid5.IsInvalid);
Assert.That(!sid5.IsValidSid);
Assert.That(sid5.Size, Is.EqualTo(0));
Assert.That(sid.Equals(sidc));
Assert.That(sidc.Equals(sb.DangerousGetHandle()));
Assert.That(sid.Equals("X"), Is.False);
Assert.That(sid.Equals(sid3), Is.False);
}
public static SecurityIdentifier CalculateEffectiveSid(SecurityIdentifier userSid, SecurityIdentifier masterAccountSid)
{
SecurityIdentifier result;
if (masterAccountSid == null)
{
result = userSid;
}
else if (masterAccountSid.IsWellKnown(WellKnownSidType.SelfSid))
{
result = userSid;
}
else
{
result = masterAccountSid;
}
return(result);
}
public MappedPrincipal(ADRawEntry entry)
{
this.ObjectGuid = entry.Id.ObjectGuid;
this.ObjectDN = entry.Id.DistinguishedName;
object[] properties = entry.GetProperties(MappedPrincipal.PrincipalProperties);
this.MailboxGuid = ((properties[0] is Guid) ? ((Guid)properties[0]) : Guid.Empty);
this.LegacyDN = (properties[1] as string);
this.ObjectSid = (properties[2] as SecurityIdentifier);
ProxyAddressCollection proxyAddressCollection = properties[3] as ProxyAddressCollection;
this.ProxyAddresses = ((proxyAddressCollection != null) ? proxyAddressCollection.ToStringArray() : null);
SecurityIdentifier securityIdentifier = properties[4] as SecurityIdentifier;
if (securityIdentifier != null && !securityIdentifier.IsWellKnown(WellKnownSidType.SelfSid))
{
this.ObjectSid = securityIdentifier;
}
this.Alias = (properties[5] as string);
this.DisplayName = (properties[6] as string);
}
public bool IsValidSid(string server)
{
string name;
string domain;
Interop.SID_NAME_USE peUse;
bool isOK = m_Sid.LookupAccount(server, out name, out domain, out peUse);
if (!isOK)
{
SecurityIdentifier si = new SecurityIdentifier(m_Sid.SidString);
Type wellKnownSid = typeof(WellKnownSidType);
foreach (WellKnownSidType type in Enum.GetValues(wellKnownSid))
{
if (si.IsWellKnown(type))
{
isOK = true;
break;
}
}
}
return(isOK);
}
public SidBudgetKey(SecurityIdentifier sid, BudgetType budgetType, bool isServiceAccount, ADSessionSettings settings) : base(budgetType, isServiceAccount)
{
if (sid == null)
{
throw new ArgumentNullException("sid");
}
if (settings == null)
{
throw new ArgumentNullException("settings");
}
this.NtAccount = SidToAccountMap.Singleton.Get(sid).ToString();
this.SessionSettings = settings;
if (sid.AccountDomainSid == null && (sid.IsWellKnown(WellKnownSidType.LocalSystemSid) || sid.IsWellKnown(WellKnownSidType.NetworkServiceSid)))
{
ExTraceGlobals.ClientThrottlingTracer.TraceDebug((long)this.GetHashCode(), "[SidBudgetKey.ctor] Using domain sid for local computer account.");
this.Sid = SidBudgetKey.localMachineSid.Member;
}
else
{
this.Sid = sid;
}
this.cachedToString = this.GetCachedToString();
this.cachedHashCode = (base.BudgetType.GetHashCode() ^ this.Sid.GetHashCode() ^ base.IsServiceAccountBudget.GetHashCode());
}
private void CheckSidType(string sddlSid)
{
SecurityIdentifier csid = new SecurityIdentifier(sddlSid);
if (csid.IsWellKnown(WellKnownSidType.AccountAdministratorSid) ||
csid.IsWellKnown(WellKnownSidType.AccountDomainAdminsSid) ||
csid.IsWellKnown(WellKnownSidType.AccountEnterpriseAdminsSid) ||
csid.IsWellKnown(WellKnownSidType.AccountPolicyAdminsSid) ||
csid.IsWellKnown(WellKnownSidType.AccountSchemaAdminsSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinAccountOperatorsSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinBackupOperatorsSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinIncomingForestTrustBuildersSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinNetworkConfigurationOperatorsSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinPerformanceLoggingUsersSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinPerformanceMonitoringUsersSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinPrintOperatorsSid) ||
csid.IsWellKnown(WellKnownSidType.BuiltinSystemOperatorsSid) ||
csid.IsWellKnown(WellKnownSidType.EnterpriseControllersSid))
{
this.Attributes = (Attributes == SID_ATTRIBUTE_INFORMATION.SE_GROUP_USER) ? SID_ATTRIBUTE_INFORMATION.SE_GROUP_FROM_ELEVATION_ONLY : Attributes | SID_ATTRIBUTE_INFORMATION.SE_GROUP_FROM_ELEVATION_ONLY;
}
}
private static bool IsSelfSid(SecurityIdentifier accountSid)
{
return(accountSid != null && accountSid.IsWellKnown(WellKnownSidType.SelfSid));
}
private static List <AclTableEntry> BuildAclTableFromSecurityDescriptor(RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor, LazilyInitialized <ExternalUserCollection> lazilyInitializedExternalUserCollection, IRecipientSession recipientSession, AclTableIdMap aclTableIdMap, out bool isCanonical, out string canonicalErrorInformation)
{
FolderSecurity.AnnotatedAceList annotatedAceList = new FolderSecurity.AnnotatedAceList(securityDescriptor, freeBusySecurityDescriptor, (SecurityIdentifier securityIdentifier) => AclModifyTable.GetSecurityIdentifierType(recipientSession, securityIdentifier));
isCanonical = annotatedAceList.IsCanonical(out canonicalErrorInformation);
IList <FolderSecurity.SecurityIdentifierAndFolderRights> list;
if (isCanonical)
{
list = annotatedAceList.GetSecurityIdentifierAndRightsList();
}
else
{
ExTraceGlobals.StorageTracer.TraceWarning <string, string>(0L, "Got non canonical SD: {0}, ErrorInfo: ", securityDescriptor.GetSddlForm(AccessControlSections.All), canonicalErrorInformation);
list = Array <FolderSecurity.SecurityIdentifierAndFolderRights> .Empty;
}
List <AclTableEntry> list2 = new List <AclTableEntry>(list.Count + 1);
foreach (FolderSecurity.SecurityIdentifierAndFolderRights securityIdentifierAndFolderRights in list)
{
MemberRights memberRights = (MemberRights)(securityIdentifierAndFolderRights.AllowRights & ~(MemberRights)securityIdentifierAndFolderRights.DenyRights);
bool flag = false;
bool flag2 = false;
byte[] entryId;
string text;
List <SecurityIdentifier> list3;
SecurityIdentifier securityIdentifier;
if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.WorldSid))
{
entryId = Array <byte> .Empty;
text = string.Empty;
string legacyDN = string.Empty;
securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
list3 = null;
flag2 = true;
}
else if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.AnonymousSid))
{
entryId = Array <byte> .Empty;
text = "Anonymous";
securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
list3 = null;
}
else if (ExternalUser.IsExternalUserSid(securityIdentifierAndFolderRights.SecurityIdentifier))
{
ExternalUser externalUser = AclHelper.TryGetExternalUser(securityIdentifierAndFolderRights.SecurityIdentifier, lazilyInitializedExternalUserCollection);
if (externalUser == null)
{
ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find external user with SID {0}, build entry from information we have", securityIdentifierAndFolderRights.SecurityIdentifier);
string text2 = AclHelper.CreateLocalUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
text = text2;
}
else
{
text = externalUser.Name;
string legacyDN = externalUser.LegacyDn;
}
entryId = AddressBookEntryId.MakeAddressBookEntryIDFromLocalDirectorySid(securityIdentifierAndFolderRights.SecurityIdentifier);
securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
list3 = null;
}
else
{
MiniRecipient miniRecipient = recipientSession.FindMiniRecipientBySid <MiniRecipient>(securityIdentifierAndFolderRights.SecurityIdentifier, Array <PropertyDefinition> .Empty);
string legacyDN;
if (miniRecipient == null)
{
ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find recipient with SID {0}, build entry from the information we have", securityIdentifierAndFolderRights.SecurityIdentifier);
flag = (securityIdentifierAndFolderRights.SecurityIdentifierType == FolderSecurity.SecurityIdentifierType.Group);
string text3 = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
text = text3;
legacyDN = text3;
securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
list3 = null;
}
else
{
flag = AclHelper.IsGroupRecipientType(miniRecipient.RecipientType);
if (string.IsNullOrEmpty(miniRecipient.DisplayName))
{
text = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
}
else
{
text = miniRecipient.DisplayName;
}
if (string.IsNullOrEmpty(miniRecipient.LegacyExchangeDN))
{
legacyDN = text;
}
else
{
legacyDN = miniRecipient.LegacyExchangeDN;
}
SecurityIdentifier masterAccountSid = miniRecipient.MasterAccountSid;
if (masterAccountSid != null && !masterAccountSid.IsWellKnown(WellKnownSidType.SelfSid))
{
securityIdentifier = masterAccountSid;
list3 = null;
}
else
{
securityIdentifier = miniRecipient.Sid;
MultiValuedProperty <SecurityIdentifier> sidHistory = miniRecipient.SidHistory;
if (sidHistory != null && sidHistory.Count != 0)
{
list3 = new List <SecurityIdentifier>(sidHistory);
}
else
{
list3 = null;
}
}
}
entryId = AddressBookEntryId.MakeAddressBookEntryID(legacyDN, flag);
}
AclTableEntry aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == securityIdentifier);
if (aclTableEntry == null && list3 != null)
{
using (List <SecurityIdentifier> .Enumerator enumerator2 = list3.GetEnumerator())
{
while (enumerator2.MoveNext())
{
SecurityIdentifier sid = enumerator2.Current;
aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == sid);
if (aclTableEntry != null)
{
break;
}
}
}
}
if (aclTableEntry == null)
{
aclTableEntry = new AclTableEntry(AclModifyTable.GetIdForSecurityIdentifier(securityIdentifier, list3, aclTableIdMap), entryId, text, memberRights);
aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag);
if (flag2)
{
list2.Insert(0, aclTableEntry);
}
else
{
list2.Add(aclTableEntry);
}
}
else
{
aclTableEntry.MemberRights &= memberRights;
if (aclTableEntry.IsGroup != flag)
{
throw new NonCanonicalACLException(annotatedAceList.CreateErrorInformation((LID)35788U, new int[0]));
}
aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag);
}
}
return(list2);
}
