private void RunAccessCheck(IEnumerable <TokenEntry> tokens, string name, string description, Guid key, string key_name, FwObjectType fw_type, bool is_directory, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd) { try { NtType type = FirewallUtils.FirewallType; AccessMask access_rights = type.GenericMapping.MapMask(Access); var sd = get_sd(SecurityInformation.AllBasic, false); if (!sd.IsSuccess) { WriteWarning($"Couldn't query security for firewall object '{name}'. Perhaps run as administrator."); return; } foreach (TokenEntry token in tokens) { AccessMask granted_access = NtSecurity.GetMaximumAccess(sd.Result, token.Token, type.GenericMapping); if (IsAccessGranted(granted_access, access_rights)) { WriteObject(new FwObjectAccessCheckResult(name, description, key, key_name, fw_type, granted_access, type.GenericMapping, sd.Result, is_directory, token.Information)); } } } catch (NtException ex) { WriteError(new ErrorRecord(ex, "Error", ErrorCategory.SecurityError, this)); } }
private void RunAccessCheck <T>(IEnumerable <TokenEntry> tokens, FwObjectType fw_type, Func <bool, NtResult <IEnumerable <T> > > enum_func) where T : FirewallObject { var objs = enum_func(false); if (!objs.IsSuccess) { WriteWarning($"Couldn't enumerate '{fw_type}' firewall object type. Perhaps run as administrator."); return; } foreach (var obj in objs.Result) { RunAccessCheck(tokens, obj.Name, obj.Description, obj.Key, obj.KeyName, fw_type, false, obj.GetSecurityDescriptor); } }
/// <summary> /// Constructor. /// </summary> public GetAccessibleFwObjectCmdlet() { AuthnType = RpcAuthenticationType.WinNT; ObjectType = FwObjectType.All; }
internal FwObjectAccessCheckResult(string name, string description, Guid key, string key_name, FwObjectType fw_type, AccessMask granted_access, GenericMapping generic_mapping, SecurityDescriptor sd, bool is_directory, TokenInformation token_info) : base(name, fw_type.ToString(), granted_access, generic_mapping, sd, typeof(FirewallAccessRights), is_directory, token_info) { Description = description; Key = key; KeyName = key_name; }