//
// Instantiates the most-derived ACE type based on the binary
// representation of an ACE
//
public static GenericAce CreateFromBinaryForm(byte[] binaryForm, int offset)
{
GenericAce result;
AceType type;
//
// Sanity check the header
//
VerifyHeader(binaryForm, offset);
type = (AceType)binaryForm[offset];
if (type == AceType.AccessAllowed ||
type == AceType.AccessDenied ||
type == AceType.SystemAudit ||
type == AceType.SystemAlarm ||
type == AceType.AccessAllowedCallback ||
type == AceType.AccessDeniedCallback ||
type == AceType.SystemAuditCallback ||
type == AceType.SystemAlarmCallback)
{
AceQualifier qualifier;
int accessMask;
SecurityIdentifier sid;
bool isCallback;
byte[] opaque;
if (true == CommonAce.ParseBinaryForm(binaryForm, offset, out qualifier, out accessMask, out sid, out isCallback, out opaque))
{
AceFlags flags = (AceFlags)binaryForm[offset + 1];
result = new CommonAce(flags, qualifier, accessMask, sid, isCallback, opaque);
}
else
{
goto InvalidParameter;
}
}
else if (type == AceType.AccessAllowedObject ||
type == AceType.AccessDeniedObject ||
type == AceType.SystemAuditObject ||
type == AceType.SystemAlarmObject ||
type == AceType.AccessAllowedCallbackObject ||
type == AceType.AccessDeniedCallbackObject ||
type == AceType.SystemAuditCallbackObject ||
type == AceType.SystemAlarmCallbackObject)
{
AceQualifier qualifier;
int accessMask;
SecurityIdentifier sid;
ObjectAceFlags objectFlags;
Guid objectAceType;
Guid inheritedObjectAceType;
bool isCallback;
byte[] opaque;
if (true == ObjectAce.ParseBinaryForm(binaryForm, offset, out qualifier, out accessMask, out sid, out objectFlags, out objectAceType, out inheritedObjectAceType, out isCallback, out opaque))
{
AceFlags flags = (AceFlags)binaryForm[offset + 1];
result = new ObjectAce(flags, qualifier, accessMask, sid, objectFlags, objectAceType, inheritedObjectAceType, isCallback, opaque);
}
else
{
goto InvalidParameter;
}
}
else if (type == AceType.AccessAllowedCompound)
{
int accessMask;
CompoundAceType compoundAceType;
SecurityIdentifier sid;
if (true == CompoundAce.ParseBinaryForm(binaryForm, offset, out accessMask, out compoundAceType, out sid))
{
AceFlags flags = (AceFlags)binaryForm[offset + 1];
result = new CompoundAce(flags, accessMask, compoundAceType, sid);
}
else
{
goto InvalidParameter;
}
}
else
{
AceFlags flags = (AceFlags)binaryForm[offset + 1];
byte[] opaque = null;
int aceLength = (binaryForm[offset + 2] << 0) + (binaryForm[offset + 3] << 8);
if (aceLength % 4 != 0)
{
goto InvalidParameter;
}
int opaqueLength = aceLength - HeaderLength;
if (opaqueLength > 0)
{
opaque = new byte[opaqueLength];
for (int i = 0; i < opaqueLength; i++)
{
opaque[i] = binaryForm[offset + aceLength - opaqueLength + i];
}
}
result = new CustomAce(type, flags, opaque);
}
//
// As a final check, confirm that the advertised ACE header length
// was the actual parsed length
//
if (((!(result is ObjectAce)) && ((binaryForm[offset + 2] << 0) + (binaryForm[offset + 3] << 8) != result.BinaryLength))
//
// This is needed because object aces created through ADSI have the advertised ACE length
// greater than the actual length by 32 (bug in ADSI).
//
|| ((result is ObjectAce) && ((binaryForm[offset + 2] << 0) + (binaryForm[offset + 3] << 8) != result.BinaryLength) && (((binaryForm[offset + 2] << 0) + (binaryForm[offset + 3] << 8) - 32) != result.BinaryLength)))
{
goto InvalidParameter;
}
return result;
InvalidParameter:
throw new ArgumentException(
SR.ArgumentException_InvalidAceBinaryForm,
nameof(binaryForm));
}
public static GenericAce CreateFromBinaryForm(byte[] binaryForm, int offset)
{
GenericAce ace;
VerifyHeader(binaryForm, offset);
System.Security.AccessControl.AceType type = (System.Security.AccessControl.AceType) binaryForm[offset];
switch (type)
{
case System.Security.AccessControl.AceType.AccessAllowed:
case System.Security.AccessControl.AceType.AccessDenied:
case System.Security.AccessControl.AceType.SystemAudit:
case System.Security.AccessControl.AceType.SystemAlarm:
case System.Security.AccessControl.AceType.AccessAllowedCallback:
case System.Security.AccessControl.AceType.AccessDeniedCallback:
case System.Security.AccessControl.AceType.SystemAuditCallback:
case System.Security.AccessControl.AceType.SystemAlarmCallback:
{
AceQualifier qualifier;
int num;
SecurityIdentifier identifier;
bool flag;
byte[] buffer;
if (!CommonAce.ParseBinaryForm(binaryForm, offset, out qualifier, out num, out identifier, out flag, out buffer))
{
goto Label_01A8;
}
System.Security.AccessControl.AceFlags flags = (System.Security.AccessControl.AceFlags) binaryForm[offset + 1];
ace = new CommonAce(flags, qualifier, num, identifier, flag, buffer);
break;
}
case System.Security.AccessControl.AceType.AccessAllowedObject:
case System.Security.AccessControl.AceType.AccessDeniedObject:
case System.Security.AccessControl.AceType.SystemAuditObject:
case System.Security.AccessControl.AceType.SystemAlarmObject:
case System.Security.AccessControl.AceType.AccessAllowedCallbackObject:
case System.Security.AccessControl.AceType.AccessDeniedCallbackObject:
case System.Security.AccessControl.AceType.SystemAuditCallbackObject:
case System.Security.AccessControl.AceType.SystemAlarmCallbackObject:
{
AceQualifier qualifier2;
int num2;
SecurityIdentifier identifier2;
ObjectAceFlags flags2;
Guid guid;
Guid guid2;
bool flag2;
byte[] buffer2;
if (!ObjectAce.ParseBinaryForm(binaryForm, offset, out qualifier2, out num2, out identifier2, out flags2, out guid, out guid2, out flag2, out buffer2))
{
goto Label_01A8;
}
System.Security.AccessControl.AceFlags aceFlags = (System.Security.AccessControl.AceFlags) binaryForm[offset + 1];
ace = new ObjectAce(aceFlags, qualifier2, num2, identifier2, flags2, guid, guid2, flag2, buffer2);
break;
}
case System.Security.AccessControl.AceType.AccessAllowedCompound:
{
int num3;
CompoundAceType type2;
SecurityIdentifier identifier3;
if (!CompoundAce.ParseBinaryForm(binaryForm, offset, out num3, out type2, out identifier3))
{
goto Label_01A8;
}
System.Security.AccessControl.AceFlags flags4 = (System.Security.AccessControl.AceFlags) binaryForm[offset + 1];
ace = new CompoundAce(flags4, num3, type2, identifier3);
break;
}
default:
{
System.Security.AccessControl.AceFlags flags5 = (System.Security.AccessControl.AceFlags) binaryForm[offset + 1];
byte[] opaque = null;
int num4 = binaryForm[offset + 2] + (binaryForm[offset + 3] << 8);
if ((num4 % 4) != 0)
{
goto Label_01A8;
}
int num5 = num4 - 4;
if (num5 > 0)
{
opaque = new byte[num5];
for (int i = 0; i < num5; i++)
{
opaque[i] = binaryForm[((offset + num4) - num5) + i];
}
}
ace = new CustomAce(type, flags5, opaque);
break;
}
}
if (((ace is ObjectAce) || ((binaryForm[offset + 2] + (binaryForm[offset + 3] << 8)) == ace.BinaryLength)) && ((!(ace is ObjectAce) || ((binaryForm[offset + 2] + (binaryForm[offset + 3] << 8)) == ace.BinaryLength)) || (((binaryForm[offset + 2] + (binaryForm[offset + 3] << 8)) - 0x20) == ace.BinaryLength)))
{
return ace;
}
Label_01A8:
throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAceBinaryForm"), "binaryForm");
}
