public override void FillItemTypeWithData(object collectedData) { WMIWinACE systemData = (WMIWinACE)collectedData; regkeyeffectiverights_item buildingItemType = (regkeyeffectiverights_item)base.BuildingItemType; buildingItemType.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.ACCESS_SYSTEM_SECURITY); buildingItemType.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.DELETE); buildingItemType.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.READ_CONTROL); buildingItemType.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.SYNCHRONIZE); buildingItemType.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.WRITE_DAC); buildingItemType.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.WRITE_OWNER); buildingItemType.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_ALL); buildingItemType.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_EXECUTE); buildingItemType.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_READ); buildingItemType.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_WRITE); buildingItemType.key_create_link = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_CREATE_LINK); buildingItemType.key_create_sub_key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_CREATE_SUB_KEY); buildingItemType.key_enumerate_sub_keys = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_ENUMERATE_SUB_KEYS); buildingItemType.key_notify = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_NOTIFY); buildingItemType.key_query_value = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_QUERY_VALUE); buildingItemType.key_set_value = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_SET_VALUE); buildingItemType.key_wow64_32key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_WOW64_32KEY); buildingItemType.key_wow64_64key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_WOW64_64KEY); }
public IEnumerable <ItemType> CollectItemsApplyingOperation(string regHive, string regKey, string sidEntityValue, OperationEnumeration sidEntityOperation) { Dictionary <string, uint> allUsersDACL = null; try { var hiveID = RegistryHelper.GetRegistryHiveFromHiveName(regHive);//(RegistryHive)RegistryHelper.GetHiveKeyIdFromHiveName(regHive); allUsersDACL = AccessControlListProvider.GetRegKeyDACLs(this.TargetInfo, hiveID.ToString(), regKey); } catch (RegistryKeyEffectiveRightsNotFoundException) { var newNotExistsItem = new regkeyeffectiverights_item() { status = StatusEnumeration.doesnotexist }; newNotExistsItem.hive = new EntityItemRegistryHiveType() { Value = regHive }; newNotExistsItem.key = new EntityItemStringType() { Value = regKey, status = StatusEnumeration.doesnotexist }; return(new ItemType[] { newNotExistsItem }); } catch (RegistryKeyEffectiveRightsAccessDenied regKeyAccessDeniedException) { var messageType = new MessageType() { level = MessageLevelEnumeration.error, Value = regKeyAccessDeniedException.Message }; var newErrorItem = new regkeyeffectiverights_item() { hive = new EntityItemRegistryHiveType() { Value = regHive }, key = new EntityItemStringType() { Value = regKey }, status = StatusEnumeration.error, message = new MessageType[] { messageType } }; return(new ItemType[] { newErrorItem }); } var collectedItems = new List <ItemType>(); foreach (var userDacl in allUsersDACL) { var userSid = userDacl.Key; var dacl = userDacl.Value; if (ProcessSidEntityOperation(sidEntityValue, userSid, sidEntityOperation)) { var winACE = this.DaclDisassembler.GetSecurityDescriptorFromAccessMask(dacl); var newCollectedItem = CreateItemTypeFromWinACE(winACE, regHive, regKey, userSid); collectedItems.Add(newCollectedItem); } } return(collectedItems); }