/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
if (Empty)
{
WriteObject(AccessMask.IsEmpty);
}
else if (ParameterSetName == "WriteRestricted")
{
GenericMapping std_map = NtSecurity.StandardAccessMapping;
WriteObject((std_map.GenericWrite & ~(std_map.GenericRead | std_map.GenericExecute)
| WriteRestricted.GenericWrite & ~(WriteRestricted.GenericRead | WriteRestricted.GenericExecute)).IsEmpty);
}
else if (All)
{
WriteObject(AccessMask.IsAllAccessGranted(GetAccessMask()));
}
else
{
WriteObject(AccessMask.IsAccessGranted(GetAccessMask()));
}
}
/// <summary>
/// Checks whether the security descriptor grants a set of access rights to a client.
/// </summary>
/// <param name="tokenHandle">A handle to a token which represents the client.</param>
/// <param name="desiredAccess">The access rights requested by the client.</param>
/// <param name="genericMapping">A structure which defines how generic access rights are to be mapped.</param>
/// <param name="grantedAccess">A variable which receives the granted access rights.</param>
/// <returns>Success if access was granted, otherwise another NT status value.</returns>
public NtStatus CheckAccess(TokenHandle tokenHandle, int desiredAccess, GenericMapping genericMapping, out int grantedAccess)
{
NtStatus status;
NtStatus accessStatus;
int privilegeSetLength = 0;
if ((status = Win32.NtAccessCheck(
this,
tokenHandle,
desiredAccess,
ref genericMapping,
IntPtr.Zero,
ref privilegeSetLength,
out grantedAccess,
out accessStatus
)) >= NtStatus.Error)
{
Win32.Throw(status);
}
return(accessStatus);
}
static AccessMask GetGrantedAccess(SecurityDescriptor sd, NtToken token,
AccessMask specific_rights, GenericMapping generic_mapping)
{
AccessMask granted_access;
specific_rights = generic_mapping.MapMask(specific_rights);
if (specific_rights.HasAccess)
{
granted_access = NtSecurity.GetAllowedAccess(sd, token, specific_rights, generic_mapping);
// As we can get all the rights for the key get maximum
if (granted_access.HasAccess)
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
}
else
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
return(granted_access);
}
internal AccessCheckResult(string name, string type_name, AccessMask granted_access,
GenericMapping generic_mapping, SecurityDescriptor sd,
Type enum_type, bool is_directory, TokenInformation token_info)
{
Name = name;
TypeName = type_name;
GrantedAccess = granted_access;
GenericMapping = generic_mapping;
TokenInfo = token_info;
SecurityDescriptor = sd?.ToSddl() ?? string.Empty;
Owner = sd?.Owner?.Sid.ToString() ?? string.Empty;
IsRead = generic_mapping.HasRead(granted_access);
IsWrite = generic_mapping.HasWrite(granted_access) ||
granted_access.IsAccessGranted(GenericAccessRights.WriteDac) ||
granted_access.IsAccessGranted(GenericAccessRights.WriteOwner) ||
granted_access.IsAccessGranted(GenericAccessRights.Delete);
IsExecute = generic_mapping.HasExecute(granted_access);
IsAll = generic_mapping.HasAll(granted_access);
GrantedAccessString = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, false);
GrantedGenericAccessString = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, true);
TokenId = token_info.TokenId.ToInt64();
IsDirectory = is_directory;
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
GenericMapping generic_mapping = NtWnf.GenericMapping;
AccessMask access_rights = generic_mapping.MapMask(Access);
var entries = NtWnf.GetRegisteredNotifications();
foreach (var entry in entries)
{
var sd = entry.SecurityDescriptor;
if (sd == null)
{
WriteWarning($"Couldn't query security for WNF Provider {entry.StateName:X016}.");
continue;
}
if (sd.Owner == null)
{
sd.Owner = new SecurityDescriptorSid(new Sid("SY"), false);
}
if (sd.Group == null)
{
sd.Group = new SecurityDescriptorSid(new Sid("SY"), false);
}
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, generic_mapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new WnfAccessCheckResult(entry, granted_access, sd, token.Information));
}
}
}
}
private static bool GetGrantedAccess(string sddl, string principal, NtToken token, bool launch, out COMAccessRights maximum_rights)
{
GenericMapping mapping = new GenericMapping
{
GenericExecute = (uint)(COMAccessRights.Execute | COMAccessRights.ExecuteLocal | COMAccessRights.ExecuteRemote | COMAccessRights.ExecuteContainer)
};
if (launch)
{
mapping.GenericExecute |= (uint)(COMAccessRights.ActivateLocal | COMAccessRights.ActivateRemote | COMAccessRights.ActivateContainer);
}
// If SD is only a NULL DACL we get maximum rights.
if (sddl == "D:NO_ACCESS_CONTROL")
{
maximum_rights = mapping.GenericExecute.ToSpecificAccess <COMAccessRights>();
return(true);
}
AccessMask mask;
if (!string.IsNullOrWhiteSpace(principal))
{
mask = NtSecurity.GetMaximumAccess(new SecurityDescriptor(sddl), token, new Sid(principal), mapping);
}
else
{
mask = NtSecurity.GetMaximumAccess(new SecurityDescriptor(sddl), token, mapping);
}
mask &= 0xFFFF;
maximum_rights = mask.ToSpecificAccess <COMAccessRights>();
return(mask != 0);
}
/// <summary>
/// Checks whether the security descriptor grants a set of access rights to a client.
/// </summary>
/// <param name="tokenHandle">A handle to a token which represents the client.</param>
/// <param name="desiredAccess">The access rights requested by the client.</param>
/// <param name="genericMapping">A structure which defines how generic access rights are to be mapped.</param>
/// <param name="grantedAccess">A variable which receives the granted access rights.</param>
/// <returns>Success if access was granted, otherwise another NT status value.</returns>
public NtStatus CheckAccess(TokenHandle tokenHandle, int desiredAccess, GenericMapping genericMapping, out int grantedAccess)
{
NtStatus accessStatus;
int privilegeSetLength = 0;
Win32.NtAccessCheck(
this,
tokenHandle,
desiredAccess,
ref genericMapping,
IntPtr.Zero,
ref privilegeSetLength,
out grantedAccess,
out accessStatus
).ThrowIf();
return accessStatus;
}
/// <summary>
/// Set the security descriptor for the control.
/// </summary>
/// <param name="security_descriptor">Security descriptor to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
/// <param name="is_container">True to indicate this object is a container.</param>
public void SetSecurityDescriptor(SecurityDescriptor security_descriptor, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container)
{
AddAclTab(tabPageDACL, aclViewerControlDacl, security_descriptor.Dacl, access_type, mapping, valid_access, is_container);
AddAclTab(tabPageSACL, aclViewerControlSacl, security_descriptor.Sacl, access_type, mapping, valid_access, is_container);
SetSidLabel(lblOwnerValue, security_descriptor.Owner);
SetSidLabel(lblGroupValue, security_descriptor.Group);
Ace label = security_descriptor.GetMandatoryLabel();
if (label != null)
{
lblIntegrityValue.Text = $"{NtSecurity.GetIntegrityLevel(label.Sid)} ({label.Mask.ToMandatoryLabelPolicy()})";
}
else
{
lblIntegrityValue.Text = "N/A";
}
}
static uint GetGrantedAccess(SecurityDescriptor sd, NtToken token, uint specific_rights, GenericMapping generic_mapping)
{
uint granted_access = 0;
specific_rights = generic_mapping.MapMask(specific_rights);
if (specific_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(sd, token, (GenericAccessRights)(specific_rights), generic_mapping);
}
else
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
if (granted_access != 0)
{
// As we can get all the rights for the key get maximum
if (specific_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
}
return(granted_access);
}
public NtStatus CheckAccess(TokenHandle tokenHandle, int desiredAccess, GenericMapping genericMapping, out int grantedAccess)
{
NtStatus status;
NtStatus accessStatus;
int privilegeSetLength = 0;
if ((status = Win32.NtAccessCheck(
this,
tokenHandle,
desiredAccess,
ref genericMapping,
IntPtr.Zero,
ref privilegeSetLength,
out grantedAccess,
out accessStatus
)) >= NtStatus.Error)
Win32.ThrowLastError(status);
return accessStatus;
}
private protected override void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access, GenericMapping generic_mapping, SecurityDescriptor sd, Type enum_type, bool is_directory, TokenInformation token_info)
{
_cmdlet.WriteAccessCheckResult(name, type_name, granted_access, generic_mapping, sd, enum_type, is_directory, token_info);
}
static extern void MapGenericMask(ref int mask, ref GenericMapping mapping);
/// <summary>
/// Set ACL for control.
/// </summary>
/// <param name="acl">The ACL to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
/// <param name="is_container">True to indicate this object is a container.</param>
public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container)
{
_acl = acl;
_access_type = access_type;
_mapping = mapping;
_valid_access = valid_access;
_is_container = is_container;
if (!acl.HasConditionalAce)
{
listViewAcl.Columns.Remove(columnHeaderCondition);
copyConditionToolStripMenuItem.Visible = false;
}
foreach (var ace in acl)
{
var item = listViewAcl.Items.Add(ace.Type.ToString());
item.SubItems.Add(ace.Sid.Name);
string access;
if (ace.Type == AceType.MandatoryLabel)
{
access = ace.Mask.ToMandatoryLabelPolicy().ToString();
}
else
{
AccessMask mapped_mask = mapping.MapMask(ace.Mask);
mapped_mask = mapping.UnmapMask(mapped_mask);
access = mapped_mask.ToSpecificAccess(access_type).ToString();
}
item.SubItems.Add(access);
item.SubItems.Add(ace.Flags.ToString());
if (ace.IsConditionalAce)
{
item.SubItems.Add(ace.Condition);
}
item.Tag = ace;
switch (ace.Type)
{
case AceType.Allowed:
case AceType.AllowedCallback:
case AceType.AllowedCallbackObject:
case AceType.AllowedObject:
item.BackColor = Color.LightGreen;
break;
case AceType.Denied:
case AceType.DeniedCallback:
case AceType.DeniedCallbackObject:
case AceType.DeniedObject:
item.BackColor = Color.LightSalmon;
break;
case AceType.ProcessTrustLabel:
item.BackColor = Color.LightSkyBlue;
break;
case AceType.MandatoryLabel:
item.BackColor = Color.LightGoldenrodYellow;
break;
case AceType.Audit:
case AceType.AuditCallback:
case AceType.AuditCallbackObject:
case AceType.AuditObject:
item.BackColor = Color.LightCoral;
break;
}
}
listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
/// <summary>
/// Set ACL for control.
/// </summary>
/// <param name="acl">The ACL to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
/// <param name="is_container">True to indicate this object is a container.</param>
public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container)
{
SetAcl(acl, access_type, mapping, valid_access, is_container, false);
}
/// <summary>
/// Set ACL for control.
/// </summary>
/// <param name="acl">The ACL to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
/// <param name="is_container">True to indicate this object is a container.</param>
/// <param name="sdk_names">Show the ACEs using SDK style names.</param>
public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container, bool sdk_names)
{
_acl = acl;
_access_type = access_type;
_mapping = mapping;
_valid_access = valid_access;
_is_container = is_container;
_sdk_names = sdk_names;
showSDKNamesToolStripMenuItem.Checked = sdk_names;
bool has_conditional_ace = false;
bool has_inherited_object_ace = false;
bool has_object_ace = false;
List <string> flags = new List <string>();
if (acl.Defaulted)
{
flags.Add("Defaulted");
}
if (acl.Protected)
{
flags.Add("Protected");
}
if (acl.AutoInherited)
{
flags.Add("AutoInherited");
}
if (acl.AutoInheritReq)
{
flags.Add("AutoInheritReq");
}
if (flags.Count > 0)
{
lblFlags.Text = $"Flags: {string.Join(", ", flags)}";
}
else
{
lblFlags.Text = "Flags: None";
}
if (acl.NullAcl)
{
lblFlags.Text += Environment.NewLine + "NULL ACL";
listViewAcl.Visible = false;
listViewAccess.Visible = false;
groupBoxAclEntries.Visible = false;
groupBoxAccess.Visible = false;
return;
}
listViewAcl.Items.Clear();
listViewAcl.Visible = true;
listViewAccess.Visible = true;
listViewAccess.Items.Clear();
_current_access_type = null;
groupBoxAclEntries.Visible = true;
groupBoxAccess.Visible = true;
foreach (var ace in acl)
{
if (ace.IsConditionalAce)
{
has_conditional_ace = true;
}
if (ace.IsObjectAce)
{
if (ace.ObjectType.HasValue)
{
has_object_ace = true;
}
if (ace.InheritedObjectType.HasValue)
{
has_inherited_object_ace = true;
}
}
}
if (!has_conditional_ace)
{
listViewAcl.Columns.Remove(columnHeaderCondition);
copyConditionToolStripMenuItem.Visible = false;
}
if (!has_object_ace)
{
listViewAcl.Columns.Remove(columnHeaderObject);
}
if (!has_inherited_object_ace)
{
listViewAcl.Columns.Remove(columnHeaderInheritedObject);
}
foreach (var ace in acl)
{
var item = listViewAcl.Items.Add(sdk_names ? NtSecurity.AceTypeToSDKName(ace.Type) : ace.Type.ToString());
item.SubItems.Add(ace.Sid.Name);
string access;
if (ace.Type == AceType.MandatoryLabel)
{
access = NtSecurity.AccessMaskToString(ace.Mask.ToMandatoryLabelPolicy(), sdk_names);
}
else if (ace.Flags.HasFlag(AceFlags.InheritOnly))
{
access = NtSecurity.AccessMaskToString(ace.Mask.ToSpecificAccess(access_type), sdk_names);
}
else
{
AccessMask mapped_mask = mapping.MapMask(ace.Mask);
mapped_mask = mapping.UnmapMask(mapped_mask);
access = NtSecurity.AccessMaskToString(mapped_mask.ToSpecificAccess(access_type), sdk_names);
}
item.SubItems.Add(access);
item.SubItems.Add(sdk_names ? NtSecurity.AceFlagsToSDKName(ace.Flags) : ace.Flags.ToString());
if (has_conditional_ace)
{
item.SubItems.Add(ace.Condition);
}
if (has_object_ace)
{
item.SubItems.Add(ace.ObjectType?.ToString() ?? string.Empty);
}
if (has_inherited_object_ace)
{
item.SubItems.Add(ace.InheritedObjectType?.ToString() ?? string.Empty);
}
item.Tag = ace;
switch (ace.Type)
{
case AceType.Allowed:
case AceType.AllowedCallback:
case AceType.AllowedCallbackObject:
case AceType.AllowedObject:
item.BackColor = Color.LightGreen;
break;
case AceType.Denied:
case AceType.DeniedCallback:
case AceType.DeniedCallbackObject:
case AceType.DeniedObject:
item.BackColor = Color.LightSalmon;
break;
case AceType.ProcessTrustLabel:
item.BackColor = Color.LightSkyBlue;
break;
case AceType.MandatoryLabel:
item.BackColor = Color.LightGoldenrodYellow;
break;
case AceType.Audit:
case AceType.AuditCallback:
case AceType.AuditCallbackObject:
case AceType.AuditObject:
item.BackColor = Color.LightCoral;
break;
}
}
listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
private void AddAclTab(TabPage tab_page, AclViewerControl control, Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access)
{
if (acl == null)
{
tabControl.TabPages.Remove(tab_page);
}
else
{
if (acl.NullAcl)
{
tab_page.Controls.Remove(control);
tab_page.Controls.Add(new Label()
{
Text = "NULL ACL", Dock = DockStyle.Fill
});
}
else
{
control.SetAcl(acl, access_type, mapping, valid_access);
}
}
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
if (CheckScmAccess)
{
SecurityDescriptor sd = ServiceUtils.GetScmSecurityDescriptor();
GenericMapping scm_mapping = ServiceUtils.GetScmGenericMapping();
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd,
typeof(ServiceControlManagerAccessRights), false, token.Information);
}
}
else
{
IEnumerable <Win32Service> services = GetServices();
InternalGetAccessibleFileCmdlet file_cmdlet = null;
HashSet <string> checked_files = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
if (CheckFiles)
{
file_cmdlet = new InternalGetAccessibleFileCmdlet(this)
{
FormatWin32Path = true
};
}
GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
AccessMask access_rights = service_mapping.MapMask(Access);
foreach (var service in services.Where(s => s?.SecurityDescriptor != null))
{
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
token.Token, service_mapping);
ServiceAccessRights trigger_access = GetTriggerAccess(service, token.Token);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new ServiceAccessCheckResult(service.Name, granted_access | trigger_access,
service.SecurityDescriptor, token.Information, trigger_access,
granted_access.ToSpecificAccess <ServiceAccessRights>(), service));
}
}
if (CheckFiles)
{
if (!string.IsNullOrWhiteSpace(service.ImagePath) &&
File.Exists(service.ImagePath) &&
checked_files.Add(service.ImagePath))
{
file_cmdlet.RunAccessCheckPathInternal(tokens, service.ImagePath);
}
if (!string.IsNullOrWhiteSpace(service.ServiceDll) &&
File.Exists(service.ServiceDll) &&
checked_files.Add(service.ServiceDll))
{
file_cmdlet.RunAccessCheckPathInternal(tokens, service.ServiceDll);
}
}
}
}
}
private bool CheckForAccess <T>(SecurityDescriptor sd, NtToken token, T desired_access, GenericMapping generic_mapping) where T : Enum
{
var result = NtSecurity.AccessCheck(sd, token,
desired_access, null, generic_mapping, false);
if (!result.IsSuccess || !result.Result.Status.IsSuccess())
{
return(false);
}
return(result.Result.GrantedAccess.HasAccess);
}
private void AddAclTab(TabPage tab_page, AclViewerControl control, Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container)
{
if (acl == null)
{
tabControl.TabPages.Remove(tab_page);
}
else
{
control.SetAcl(acl, access_type, mapping, valid_access, is_container);
}
}
public SecurityInformationImpl(string obj_name, SecurityDescriptor sd,
Dictionary <uint, string> names, GenericMapping generic_mapping)
: this(obj_name, names, generic_mapping, true)
{
_sd = sd.ToByteArray();
}
/// <summary>
/// Set ACL for control.
/// </summary>
/// <param name="acl">The ACL to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access)
{
SetAcl(acl, access_type, mapping, valid_access, false);
}
/// <summary>
/// Set the security descriptor for the control.
/// </summary>
/// <param name="security_descriptor">Security descriptor to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
public void SetSecurityDescriptor(SecurityDescriptor security_descriptor, Type access_type, GenericMapping mapping, AccessMask valid_access)
{
SetSecurityDescriptor(security_descriptor, access_type, mapping, valid_access, false);
}
public static InheritedFromInfo[] GetInheritanceSource(string objectName, ResourceType objectType,
SecurityInfosEx securityInfo, bool container, IntPtr pAcl, ref GenericMapping pGenericMapping)
{
int objSize = Marshal.SizeOf(typeof(InheritedFromInfo));
var aceCount = GetAceCount(pAcl);
var ret = new InheritedFromInfo[aceCount];
IntPtr pInherit = Marshal.AllocHGlobal(objSize * (int)aceCount);
try
{
int hr = GetInheritanceSource(objectName, objectType, securityInfo, container, IntPtr.Zero, 0, pAcl, IntPtr.Zero, ref pGenericMapping, pInherit);
if (hr != 0)
{
throw new System.ComponentModel.Win32Exception(hr);
}
IntPtr pInheritTmp = pInherit;
for (int i = 0; i < aceCount; i++)
{
ret[i] = (InheritedFromInfo)Marshal.PtrToStructure(pInheritTmp, typeof(InheritedFromInfo));
System.Diagnostics.Debug.WriteLine(": " + ret[i].ToString());
pInheritTmp = new IntPtr(pInheritTmp.ToInt32() + objSize);
}
}
catch { }
finally
{
FreeInheritedFromArray(pInherit, (ushort)aceCount, IntPtr.Zero);
Marshal.FreeHGlobal(pInherit);
}
return(ret);
}
/// <summary>
/// Set the security descriptor for the control.
/// </summary>
/// <param name="security_descriptor">Security descriptor to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
public void SetSecurityDescriptor(SecurityDescriptor security_descriptor, Type access_type, GenericMapping mapping, AccessMask valid_access)
{
AddAclTab(tabPageDACL, aclViewerControlDacl, security_descriptor.Dacl, access_type, mapping, valid_access);
AddAclTab(tabPageSACL, aclViewerControlSacl, security_descriptor.Sacl, access_type, mapping, valid_access);
SetSidLabel(lblOwnerValue, security_descriptor.Owner);
SetSidLabel(lblGroupValue, security_descriptor.Group);
if (security_descriptor.Sacl != null && !security_descriptor.Sacl.NullAcl &&
security_descriptor.Sacl.Where(a => a.Type == AceType.MandatoryLabel).Count() > 0)
{
lblIntegrityValue.Text = security_descriptor.IntegrityLevel.ToString();
}
else
{
lblIntegrityValue.Text = "N/A";
}
}
public SecurityInformationImpl(string obj_name, NtObject handle,
Dictionary <uint, string> names, GenericMapping generic_mapping,
bool read_only) : this(obj_name, names, generic_mapping, read_only)
{
_handle = handle;
}
internal void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access,
GenericMapping generic_mapping, string sddl, Type enum_type, bool is_directory, TokenInformation token_info)
{
WriteObject(new AccessCheckResult(name, type_name, granted_access, generic_mapping, sddl, enum_type, is_directory, token_info));
}
private protected virtual void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access,
GenericMapping generic_mapping, SecurityDescriptor sd, Type enum_type, bool is_directory, TokenInformation token_info)
{
WriteObject(new CommonAccessCheckResult(name, type_name, granted_access, generic_mapping,
sd, enum_type, is_directory, token_info));
}
public SecurityInformationImpl(string obj_name, NtObject handle,
Dictionary<uint, string> names, GenericMapping generic_mapping)
{
_mapping = generic_mapping;
_handle = handle;
_obj_name = new SafeStringBuffer(obj_name);
_access_map = new SafeHGlobalBuffer(Marshal.SizeOf(typeof(SiAccess)) * names.Count);
SiAccess[] sis = new SiAccess[names.Count];
IntPtr current_ptr = _access_map.DangerousGetHandle();
_names = new DisposableList<SafeStringBuffer>();
int i = 0;
foreach (KeyValuePair<uint, string> pair in names)
{
_names.Add(new SafeStringBuffer(pair.Value));
SiAccess si = new SiAccess();
si.dwFlags = SiAccessFlags.SI_ACCESS_SPECIFIC | SiAccessFlags.SI_ACCESS_GENERAL;
si.mask = pair.Key;
si.pszName = _names[i].DangerousGetHandle();
sis[i] = si;
i++;
}
_access_map.WriteArray(0, sis, 0, names.Count);
}
