public override void FillItemTypeWithData(object collectedData)
{
WMIWinACE systemData = (WMIWinACE)collectedData;
regkeyeffectiverights_item buildingItemType = (regkeyeffectiverights_item)base.BuildingItemType;
buildingItemType.access_system_security = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.ACCESS_SYSTEM_SECURITY);
buildingItemType.standard_delete = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.DELETE);
buildingItemType.standard_read_control = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.READ_CONTROL);
buildingItemType.standard_synchronize = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.SYNCHRONIZE);
buildingItemType.standard_write_dac = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.WRITE_DAC);
buildingItemType.standard_write_owner = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.WRITE_OWNER);
buildingItemType.generic_all = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_ALL);
buildingItemType.generic_execute = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_EXECUTE);
buildingItemType.generic_read = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_READ);
buildingItemType.generic_write = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.GENERIC_WRITE);
buildingItemType.key_create_link = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_CREATE_LINK);
buildingItemType.key_create_sub_key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_CREATE_SUB_KEY);
buildingItemType.key_enumerate_sub_keys = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_ENUMERATE_SUB_KEYS);
buildingItemType.key_notify = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_NOTIFY);
buildingItemType.key_query_value = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_QUERY_VALUE);
buildingItemType.key_set_value = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_SET_VALUE);
buildingItemType.key_wow64_32key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_WOW64_32KEY);
buildingItemType.key_wow64_64key = OvalHelper.CreateBooleanEntityItemFromBoolValue(systemData.KEY_WOW64_64KEY);
}
public IEnumerable <ItemType> CollectItemsApplyingOperation(string regHive, string regKey, string sidEntityValue, OperationEnumeration sidEntityOperation)
{
Dictionary <string, uint> allUsersDACL = null;
try
{
var hiveID = RegistryHelper.GetRegistryHiveFromHiveName(regHive);//(RegistryHive)RegistryHelper.GetHiveKeyIdFromHiveName(regHive);
allUsersDACL = AccessControlListProvider.GetRegKeyDACLs(this.TargetInfo, hiveID.ToString(), regKey);
}
catch (RegistryKeyEffectiveRightsNotFoundException)
{
var newNotExistsItem = new regkeyeffectiverights_item()
{
status = StatusEnumeration.doesnotexist
};
newNotExistsItem.hive = new EntityItemRegistryHiveType()
{
Value = regHive
};
newNotExistsItem.key = new EntityItemStringType()
{
Value = regKey, status = StatusEnumeration.doesnotexist
};
return(new ItemType[] { newNotExistsItem });
}
catch (RegistryKeyEffectiveRightsAccessDenied regKeyAccessDeniedException)
{
var messageType = new MessageType()
{
level = MessageLevelEnumeration.error, Value = regKeyAccessDeniedException.Message
};
var newErrorItem =
new regkeyeffectiverights_item()
{
hive = new EntityItemRegistryHiveType()
{
Value = regHive
},
key = new EntityItemStringType()
{
Value = regKey
},
status = StatusEnumeration.error,
message = new MessageType[] { messageType }
};
return(new ItemType[] { newErrorItem });
}
var collectedItems = new List <ItemType>();
foreach (var userDacl in allUsersDACL)
{
var userSid = userDacl.Key;
var dacl = userDacl.Value;
if (ProcessSidEntityOperation(sidEntityValue, userSid, sidEntityOperation))
{
var winACE = this.DaclDisassembler.GetSecurityDescriptorFromAccessMask(dacl);
var newCollectedItem = CreateItemTypeFromWinACE(winACE, regHive, regKey, userSid);
collectedItems.Add(newCollectedItem);
}
}
return(collectedItems);
}
