C# (CSharp) AccessMask.IsAccessGranted Examples

Programming Language: C# (CSharp)

Class/Type: AccessMask

Method/Function: IsAccessGranted

Examples at hotexamples.com: 11

C# (CSharp) AccessMask.IsAccessGranted - 11 examples found. These are the top rated real world C# (CSharp) examples of AccessMask.IsAccessGranted extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

IsAccessGranted(11)

EnsureAlias(8)

IsAllAccessGranted(6)

Write(5)

Unset(5)

EnsureArray(5)

WriteBytes(5)

HasFlag(5)

EnsureObject(5)

Isset(4)

WriteAlias(4)

Quiet(3)

ValidateAccessMask(3)

ReadValueCopy(2)

ToGenericAccess(2)

ToSpecificAccess(2)

Equals(2)

GetHashCode(1)

ReadValue(1)

ToMandatoryLabelPolicy(1)

ReadCopy(1)

Example #1

Show file

 internal CommonAccessCheckResult(string name, string type_name, AccessMask granted_access,
                                  GenericMapping generic_mapping, SecurityDescriptor sd,
                                  Type enum_type, bool is_directory, TokenInformation token_info)
 {
     Name                     = name;
     TypeName                 = type_name;
     GrantedAccess            = granted_access;
     GenericMapping           = generic_mapping;
     TokenInfo                = token_info;
     SecurityDescriptor       = sd?.ToSddl(SecurityInformation.All, false).GetResultOrDefault() ?? string.Empty;
     SecurityDescriptorBase64 = sd?.ToBase64() ?? string.Empty;
     Owner                    = sd?.Owner?.Sid.ToString() ?? string.Empty;
     IsRead                   = generic_mapping.HasRead(granted_access);
     IsWrite                  = generic_mapping.HasWrite(granted_access) ||
                                granted_access.IsAccessGranted(GenericAccessRights.WriteDac) ||
                                granted_access.IsAccessGranted(GenericAccessRights.WriteOwner) ||
                                granted_access.IsAccessGranted(GenericAccessRights.Delete);
     IsExecute                  = generic_mapping.HasExecute(granted_access);
     IsAll                      = generic_mapping.HasAll(granted_access);
     GrantedAccessString        = NtSecurity.AccessMaskToString(granted_access, enum_type, generic_mapping, false);
     GrantedGenericAccessString = NtSecurity.AccessMaskToString(granted_access, enum_type, generic_mapping, true);
     TokenId                    = token_info.TokenId.ToInt64();
     IsDirectory                = is_directory;
     if (sd != null)
     {
         HasMandatoryLabel    = sd.GetMandatoryLabel() != null;
         HasProcessTrustLabel = sd.ProcessTrustLabel != null;
     }
 }

Example #2

Show file

File: GetAccessibleFileCmdlet.cs Project: mcgrady1/sandbox-attacksurface-analysis-tools

        private void CheckAccess(TokenEntry token, NtFile file, AccessMask access_rights, SecurityDescriptor sd, SecurityDescriptor parent_sd)
        {
            NtType     type           = file.NtType;
            AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, type.GenericMapping);

            // Determine if the parent gives additonal rights to this file.
            if (!granted_access.IsAllAccessGranted(FileDirectoryAccessRights.ReadAttributes | FileDirectoryAccessRights.Delete) && parent_sd != null)
            {
                AccessMask parent_granted_access = NtSecurity.GetMaximumAccess(parent_sd, token.Token, type.GenericMapping);
                if (parent_granted_access.IsAccessGranted(FileDirectoryAccessRights.DeleteChild))
                {
                    granted_access |= FileAccessRights.Delete;
                }
                if (parent_granted_access.IsAccessGranted(FileDirectoryAccessRights.ListDirectory))
                {
                    granted_access |= FileAccessRights.ReadAttributes;
                }
            }

            if (IsAccessGranted(granted_access, access_rights))
            {
                bool is_directory = IsDirectoryNoThrow(file);
                WriteAccessCheckResult(FormatWin32Path ? file.Win32PathName : file.FullPath, type.Name, granted_access, type.GenericMapping,
                                       sd, is_directory ? typeof(FileDirectoryAccessRights) : typeof(FileAccessRights), is_directory, token.Information);
            }
        }

Example #3

Show file

        private protected SecurityInformation GetMaximumSecurityInformation(A granted_access)
        {
            SecurityInformation sec_info = SecurityInformation.AllBasic;
            AccessMask          mask     = granted_access;

            if (mask.IsAccessGranted(GenericAccessRights.ReadControl))
            {
                sec_info = SecurityInformation.AllNoSacl;
            }
            if (mask.IsAccessGranted(GenericAccessRights.AccessSystemSecurity))
            {
                sec_info |= SecurityInformation.Sacl;
            }
            return(sec_info);
        }

Example #4

Show file

 private static AccessMask AdjustThreadAccess(AccessMask granted_access)
 {
     if (granted_access.IsAccessGranted(ThreadAccessRights.QueryInformation))
     {
         granted_access |= ThreadAccessRights.QueryLimitedInformation;
     }
     if (granted_access.IsAccessGranted(ThreadAccessRights.SetInformation))
     {
         granted_access |= ThreadAccessRights.SetLimitedInformation;
     }
     if (granted_access.IsAccessGranted(ThreadAccessRights.SuspendResume))
     {
         granted_access |= ThreadAccessRights.Resume;
     }
     return(granted_access);
 }

Example #5

Show file

 private static AccessMask AdjustProcessAccess(AccessMask granted_access)
 {
     if (granted_access.IsAccessGranted(ProcessAccessRights.QueryInformation))
     {
         granted_access |= ProcessAccessRights.QueryLimitedInformation;
     }
     if (granted_access.IsAllAccessGranted(ProcessAccessRights.VmWrite | ProcessAccessRights.VmOperation))
     {
         granted_access |= ProcessAccessRights.QueryLimitedInformation;
     }
     if (granted_access.IsAccessGranted(ProcessAccessRights.SetInformation))
     {
         granted_access |= ProcessAccessRights.SetLimitedInformation;
     }
     return(granted_access);
 }

Example #6

Show file

File: SamObject.cs Project: GooWen/sandbox-attacksurface-analysis-tools

        /// <summary>
        /// Is an access mask granted to the object.
        /// </summary>
        /// <param name="access">The access to check.</param>
        /// <returns>True if all access is granted.</returns>
        public bool IsAccessMaskGranted(AccessMask access)
        {
            // We can't tell if we really have access or not, so just assume we do.
            if (_granted_access.IsAccessGranted(GenericAccessRights.MaximumAllowed))
            {
                return(true);
            }

            return(_granted_access.IsAllAccessGranted(access));
        }

Example #7

Show file

 internal AccessCheckResult(string name, string type_name, AccessMask granted_access,
                            GenericMapping generic_mapping, SecurityDescriptor sd,
                            Type enum_type, bool is_directory, TokenInformation token_info)
 {
     Name               = name;
     TypeName           = type_name;
     GrantedAccess      = granted_access;
     GenericMapping     = generic_mapping;
     TokenInfo          = token_info;
     SecurityDescriptor = sd?.ToSddl() ?? string.Empty;
     Owner              = sd?.Owner?.Sid.ToString() ?? string.Empty;
     IsRead             = generic_mapping.HasRead(granted_access);
     IsWrite            = generic_mapping.HasWrite(granted_access) ||
                          granted_access.IsAccessGranted(GenericAccessRights.WriteDac) ||
                          granted_access.IsAccessGranted(GenericAccessRights.WriteOwner) ||
                          granted_access.IsAccessGranted(GenericAccessRights.Delete);
     IsExecute                  = generic_mapping.HasExecute(granted_access);
     IsAll                      = generic_mapping.HasAll(granted_access);
     GrantedAccessString        = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, false);
     GrantedGenericAccessString = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, true);
     TokenId                    = token_info.TokenId.ToInt64();
     IsDirectory                = is_directory;
 }

Example #8

Show file

        private protected bool IsAccessGranted(AccessMask granted_access, AccessMask access_rights)
        {
            if (granted_access.IsEmpty)
            {
                return(AllowEmptyAccess);
            }

            if (access_rights.IsEmpty)
            {
                return(true);
            }

            if (AllowPartialAccess)
            {
                return(granted_access.IsAccessGranted(access_rights));
            }

            return(granted_access.IsAllAccessGranted(access_rights));
        }

Example #9

Show file

File: CommonAccessBaseCmdlet.cs Project: sasqwatch/sandbox-attacksurface-analysis-tools

        internal bool IsAccessGranted(AccessMask granted_access, AccessMask access_rights)
        {
            if (granted_access.IsEmpty)
            {
                return(false);
            }

            if (access_rights.IsEmpty)
            {
                return(true);
            }

            if (AllowPartialAccess)
            {
                return(granted_access.IsAccessGranted(access_rights));
            }

            return(granted_access.IsAllAccessGranted(access_rights));
        }

Example #10

Show file

 /// <summary>
 /// Process record.
 /// </summary>
 protected override void ProcessRecord()
 {
     if (Empty)
     {
         WriteObject(AccessMask.IsEmpty);
     }
     else if (ParameterSetName == "WriteRestricted")
     {
         GenericMapping std_map = NtSecurity.StandardAccessMapping;
         WriteObject((std_map.GenericWrite & ~(std_map.GenericRead | std_map.GenericExecute)
                      | WriteRestricted.GenericWrite & ~(WriteRestricted.GenericRead | WriteRestricted.GenericExecute)).IsEmpty);
     }
     else if (All)
     {
         WriteObject(AccessMask.IsAllAccessGranted(GetAccessMask()));
     }
     else
     {
         WriteObject(AccessMask.IsAccessGranted(GetAccessMask()));
     }
 }

Example #11

Show file

File: GetAccessibleProcessCmdlet.cs Project: mcgrady1/sandbox-attacksurface-analysis-tools

        private protected NtResult <O> ReOpen <O, X>(NtObjectWithDuplicate <O, X> obj) where O : NtObject where X : Enum
        {
            AccessMask mask = GenericAccessRights.MaximumAllowed;

            using (var o = obj.ReOpen(mask.ToSpecificAccess <X>(), false))
            {
                if (o.IsSuccess)
                {
                    return(o.Map(x => (O)x.DuplicateObject()));
                }
            }

            AccessMask granted_mask = 0;
            AccessMask valid_access = obj.NtType.ValidAccess;
            uint       test_mask    = 1;

            while (test_mask < 0x00200000)
            {
                if (valid_access.IsAccessGranted(test_mask))
                {
                    mask = test_mask;
                    using (var o = obj.ReOpen(mask.ToSpecificAccess <X>(), false))
                    {
                        if (o.IsSuccess)
                        {
                            granted_mask |= test_mask;
                        }
                    }
                }

                test_mask <<= 1;
            }

            if (granted_mask.IsEmpty)
            {
                return(NtResult <O> .CreateResultFromError(NtStatus.STATUS_ACCESS_DENIED, false));
            }
            return(obj.ReOpen(granted_mask.ToSpecificAccess <X>(), false));
        }