private static bool FindAces(ADObjectId id, RawSecurityDescriptor rsd, params ActiveDirectoryAccessRule[] aces)
{
if (rsd == null)
{
throw new SecurityDescriptorAccessDeniedException(id.DistinguishedName);
}
ActiveDirectorySecurity activeDirectorySecurity = new ActiveDirectorySecurity();
byte[] array = new byte[rsd.BinaryLength];
rsd.GetBinaryForm(array, 0);
activeDirectorySecurity.SetSecurityDescriptorBinaryForm(array);
foreach (ActiveDirectoryAccessRule ace in aces)
{
if (DirectoryCommon.FindAce(ace, activeDirectorySecurity) == null)
{
return(false);
}
}
return(true);
}
public static ActiveDirectoryAccessRule FindAce(ActiveDirectoryAccessRule ace, ActiveDirectorySecurity acl)
{
return(DirectoryCommon.FindAce(ace, acl, false, false));
}
internal static bool ApplyAcesOnAcl(Task.TaskVerboseLoggingDelegate verboseLogger, Task.TaskWarningLoggingDelegate warningLogger, Task.ErrorLoggerDelegate errorLogger, string objectIdentityString, ActiveDirectorySecurity acl, bool remove, params ActiveDirectoryAccessRule[] aces)
{
bool result = false;
if (!acl.AreAccessRulesCanonical)
{
LocalizedString message = Strings.InfoAclNotCanonical(objectIdentityString);
if (errorLogger != null)
{
errorLogger(new TaskInvalidOperationException(message), ExchangeErrorCategory.ServerOperation, null);
}
else if (warningLogger != null)
{
warningLogger(message);
}
else if (verboseLogger != null)
{
verboseLogger(message);
}
return(false);
}
int i = 0;
while (i < aces.Length)
{
ActiveDirectoryAccessRule activeDirectoryAccessRule = aces[i];
bool flag = false;
ActiveDirectoryAccessRule activeDirectoryAccessRule2 = DirectoryCommon.FindAce(activeDirectoryAccessRule, acl, true, remove);
if (null != activeDirectoryAccessRule2 != remove && (activeDirectoryAccessRule2 == null || !activeDirectoryAccessRule2.IsInherited))
{
goto IL_13D;
}
if (!remove || !activeDirectoryAccessRule2.IsInherited)
{
if (verboseLogger != null)
{
if (remove)
{
verboseLogger(Strings.InfoRemovingAce(objectIdentityString, DirectoryCommon.AceToString(activeDirectoryAccessRule)));
}
else
{
verboseLogger(Strings.InfoAddingAce(objectIdentityString, DirectoryCommon.AceToString(activeDirectoryAccessRule)));
}
}
if (remove)
{
DirectoryCommon.RemoveAccessRule(acl, activeDirectoryAccessRule);
}
else
{
acl.AddAccessRule(activeDirectoryAccessRule);
}
flag = (result = true);
goto IL_13D;
}
LocalizedString message2 = Strings.ErrorWillNotPerformOnInheritedAce(activeDirectoryAccessRule2.ActiveDirectoryRights.ToString(), activeDirectoryAccessRule2.AccessControlType.ToString(), objectIdentityString);
if (errorLogger != null)
{
errorLogger(new TaskInvalidOperationException(message2), ExchangeErrorCategory.ServerOperation, null);
}
else if (warningLogger != null)
{
warningLogger(message2);
}
else if (verboseLogger != null)
{
verboseLogger(message2);
}
IL_1DB:
i++;
continue;
IL_13D:
if ((flag && DirectoryCommon.FindAce(activeDirectoryAccessRule, acl, false, remove) == null == remove) || (verboseLogger == null && warningLogger == null && errorLogger == null))
{
goto IL_1DB;
}
LocalizedString message3;
if (remove)
{
if (activeDirectoryAccessRule.ObjectFlags == ObjectAceFlags.ObjectAceTypePresent)
{
string attr = string.Format("{0} (ObjectType: {1})", activeDirectoryAccessRule.ActiveDirectoryRights, activeDirectoryAccessRule.ObjectType);
message3 = Strings.InfoAttributeAceNotPresent(objectIdentityString, attr);
}
else
{
message3 = Strings.InfoAceNotPresent(objectIdentityString, SecurityPrincipalIdParameter.GetFriendlyUserName(activeDirectoryAccessRule.IdentityReference, verboseLogger));
}
}
else
{
message3 = Strings.InfoAceAlreadyPresent(objectIdentityString, SecurityPrincipalIdParameter.GetFriendlyUserName(activeDirectoryAccessRule.IdentityReference, verboseLogger));
}
if (warningLogger != null)
{
warningLogger(message3);
goto IL_1DB;
}
if (verboseLogger != null)
{
verboseLogger(message3);
goto IL_1DB;
}
goto IL_1DB;
}
return(result);
}
