/// <summary>
/// Creates a Security Descriptor from an SDDL string
/// </summary>
/// <param name="sddlString">The SDDL string that represents the Security Descriptor</param>
/// <exception cref="System.FormatException">Invalid SDDL String Format</exception>
public SecurityDescriptor(SddlString sddlString)
{
Match m = CommonRegex.SddlStringRegex.Match(sddlString.ToString());
if (!m.Success)
{
throw new FormatException("Invalid SDDL String Format");
}
this.sddlString = sddlString;
if (m.Groups["owner"] != null && m.Groups["owner"].Success && !String.IsNullOrEmpty(m.Groups["owner"].Value))
{
this.Owner = SecurityIdentity.SecurityIdentityFromSIDorAbbreviation(m.Groups["owner"].Value);
}
if (m.Groups["group"] != null && m.Groups["group"].Success && !String.IsNullOrEmpty(m.Groups["group"].Value))
{
this.Group = SecurityIdentity.SecurityIdentityFromSIDorAbbreviation(m.Groups["group"].Value);
}
if (m.Groups["dacl"] != null && m.Groups["dacl"].Success && !String.IsNullOrEmpty(m.Groups["dacl"].Value))
{
this.DACL = new AccessControlListEx(m.Groups["dacl"].Value);
}
if (m.Groups["sacl"] != null && m.Groups["sacl"].Success && !String.IsNullOrEmpty(m.Groups["sacl"].Value))
{
this.SACL = new AccessControlListEx(m.Groups["sacl"].Value);
}
}
/// <summary>
/// Creates a deep copy of an existing Access Control Entry
/// </summary>
/// <param name="original">Original AccessControlEntry</param>
public AccessControlEntryEx(AccessControlEntryEx original)
{
this.accountSID = original.accountSID;
this.aceType = original.aceType;
this.flags = original.flags;
this.inheritObjectGuid = original.inheritObjectGuid;
this.objectGuid = original.objectGuid;
this.rights = original.rights;
}
public override Boolean Equals(object obj)
{
if (obj == null)
{
return(false);
}
if (obj is SecurityIdentity)
{
SecurityIdentity sd = ( SecurityIdentity )obj;
return(String.Compare(this.sid, sd.sid, true) == 0);
}
else
{
return(false);
}
}
/// <summary>
/// Creates a Security Identity from a SID string
/// </summary>
/// <param name="sid">
/// A SID string (Format: S-1-1-...) or well known SID abbreviation (e.g. DA)
/// </param>
/// <returns>A populated Security Identity</returns>
public static SecurityIdentity SecurityIdentityFromSIDorAbbreviation(string value)
{
if (value == null)
{
throw new ArgumentNullException(nameof(sid));
}
if (value.Length == 0)
{
throw new ArgumentException("Argument 'value' cannot be the empty string.", "value");
}
if (!value.StartsWith("S-"))
{
// If the string is not a SID string (S-1-n-...) assume it is a SDDL abbreviation
return(new SecurityIdentity(SecurityIdentity.GetWellKnownSidTypeFromSddlAbbreviation(value)));
}
return(new SecurityIdentity(value));
}
/// <summary>
/// Creates a Access Control Entry of type AccessAllowed with account SID, Type and Rights
/// </summary>
/// <param name="account">Account SID</param>
/// <param name="aceType">Type of Access Control</param>
/// <param name="rights">Rights</param>
public AccessControlEntryEx(SecurityIdentity account, AceType aceType, AceRights rights)
{
this.accountSID = account;
this.aceType = aceType;
this.rights = rights;
}
/// <summary>
/// Creates a Access Control Entry with account SID
/// </summary>
/// <param name="account">Account SID</param>
public AccessControlEntryEx(SecurityIdentity account)
{
this.accountSID = account;
}
/// <summary>
/// Creates a Access Control Entry from a ACE string
/// </summary>
/// <param name="aceString">ACE string</param>
public AccessControlEntryEx(string aceString)
{
Regex aceRegex = new Regex(cAceExpr, RegexOptions.IgnoreCase);
Match aceMatch = aceRegex.Match(aceString);
if (!aceMatch.Success)
{
throw new FormatException("Invalid ACE String Format");
}
if (aceMatch.Groups["ace_type"] != null && aceMatch.Groups["ace_type"].Success && !String.IsNullOrEmpty(aceMatch.Groups["ace_type"].Value))
{
Int32 aceTypeValue = Array.IndexOf <string>(AccessControlEntryEx.aceTypeStrings, aceMatch.Groups["ace_type"].Value.ToUpper());
if (aceTypeValue == -1)
{
throw new FormatException("Invalid ACE String Format");
}
this.aceType = ( AceType )aceTypeValue;
}
else
{
throw new FormatException("Invalid ACE String Format");
}
if (aceMatch.Groups["ace_flags"] != null && aceMatch.Groups["ace_flags"].Success && !String.IsNullOrEmpty(aceMatch.Groups["ace_flags"].Value))
{
string aceFlagsValue = aceMatch.Groups["ace_flags"].Value.ToUpper();
for (Int32 i = 0; i < aceFlagsValue.Length - 1; i += 2)
{
Int32 flagValue = Array.IndexOf <string>(AccessControlEntryEx.aceFlagStrings, aceFlagsValue.Substring(i, 2));
if (flagValue == -1)
{
throw new FormatException("Invalid ACE String Format");
}
this.flags = this.flags | (( AceFlags )( Int32 )Math.Pow(2.0d, flagValue));
}
}
if (aceMatch.Groups["rights"] != null && aceMatch.Groups["rights"].Success && !String.IsNullOrEmpty(aceMatch.Groups["rights"].Value))
{
string rightsValue = aceMatch.Groups["rights"].Value.ToUpper();
for (Int32 i = 0; i < rightsValue.Length - 1; i += 2)
{
Int32 rightValue = Array.IndexOf <string>(AccessControlEntryEx.rightsStrings, rightsValue.Substring(i, 2));
if (rightValue == -1)
{
throw new FormatException("Invalid ACE String Format");
}
this.rights = this.rights | ( AceRights )( Int32 )Math.Pow(2.0d, rightValue);
}
}
if (aceMatch.Groups["object_guid"] != null && aceMatch.Groups["object_guid"].Success && !String.IsNullOrEmpty(aceMatch.Groups["object_guid"].Value))
{
this.objectGuid = new Guid(aceMatch.Groups["object_guid"].Value);
}
if (aceMatch.Groups["inherit_object_guid"] != null && aceMatch.Groups["inherit_object_guid"].Success && !String.IsNullOrEmpty(aceMatch.Groups["inherit_object_guid"].Value))
{
this.inheritObjectGuid = new Guid(aceMatch.Groups["inherit_object_guid"].Value);
}
if (aceMatch.Groups["account_sid"] != null && aceMatch.Groups["account_sid"].Success && !String.IsNullOrEmpty(aceMatch.Groups["account_sid"].Value))
{
this.accountSID = SecurityIdentity.SecurityIdentityFromSIDorAbbreviation(aceMatch.Groups["account_sid"].Value.ToUpper());
}
else
{
throw new FormatException("Invalid ACE String Format");
}
}