private static bool GetGrantedAccess(string sddl, string principal, NtToken token, bool launch, out COMAccessRights maximum_rights)
{
GenericMapping mapping = new GenericMapping();
mapping.GenericExecute = (uint)(COMAccessRights.Execute | COMAccessRights.ExecuteLocal | COMAccessRights.ExecuteRemote);
if (launch)
{
mapping.GenericExecute = mapping.GenericExecute | (uint)(COMAccessRights.ActivateLocal | COMAccessRights.ActivateRemote);
}
// If SD is only a NULL DACL we get maximum rights.
if (sddl == "D:NO_ACCESS_CONTROL")
{
maximum_rights = mapping.GenericExecute.ToSpecificAccess <COMAccessRights>();
return(true);
}
if (!String.IsNullOrWhiteSpace(principal))
{
maximum_rights = NtSecurity.GetMaximumAccess(new SecurityDescriptor(sddl), token, new Sid(principal), mapping).ToSpecificAccess <COMAccessRights>();
}
else
{
maximum_rights = NtSecurity.GetMaximumAccess(new SecurityDescriptor(sddl), token, mapping).ToSpecificAccess <COMAccessRights>();
}
return(maximum_rights != 0);
}
private void CheckAccess(TokenEntry token, NtFile file, AccessMask access_rights, SecurityDescriptor sd, SecurityDescriptor parent_sd)
{
NtType type = file.NtType;
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, type.GenericMapping);
// Determine if the parent gives additonal rights to this file.
if (!granted_access.IsAllAccessGranted(FileDirectoryAccessRights.ReadAttributes | FileDirectoryAccessRights.Delete) && parent_sd != null)
{
AccessMask parent_granted_access = NtSecurity.GetMaximumAccess(parent_sd, token.Token, type.GenericMapping);
if (parent_granted_access.IsAccessGranted(FileDirectoryAccessRights.DeleteChild))
{
granted_access |= FileAccessRights.Delete;
}
if (parent_granted_access.IsAccessGranted(FileDirectoryAccessRights.ListDirectory))
{
granted_access |= FileAccessRights.ReadAttributes;
}
}
if (IsAccessGranted(granted_access, access_rights))
{
bool is_directory = IsDirectoryNoThrow(file);
WriteAccessCheckResult(FormatWin32Path ? file.Win32PathName : file.FullPath, type.Name, granted_access, type.GenericMapping,
sd, is_directory ? typeof(FileDirectoryAccessRights) : typeof(FileAccessRights), is_directory, token.Information);
}
}
internal override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
if (CheckScmAccess)
{
SecurityDescriptor sd = ServiceUtils.GetScmSecurityDescriptor();
GenericMapping scm_mapping = ServiceUtils.GetScmGenericMapping();
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd.ToSddl(),
typeof(ServiceControlManagerAccessRights), false, token.Information);
}
}
else
{
IEnumerable <RunningService> services = GetServices();
GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
AccessMask access_rights = service_mapping.MapMask(AccessRights);
foreach (var service in services.Where(s => s?.SecurityDescriptor != null))
{
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
token.Token, service_mapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new ServiceAccessCheckResult(service.Name, granted_access,
service.SecurityDescriptor.ToSddl(), token.Information, service.Triggers));
}
}
}
}
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
NtType winsta_type = NtType.GetTypeByType <NtWindowStation>();
AccessMask winsta_access_rights = winsta_type.GenericMapping.MapMask(AccessRights);
bool check_winsta = CheckMode == WindowStationCheckMode.WindowStationOnly || CheckMode == WindowStationCheckMode.WindowStationAndDesktop;
bool check_desktop = CheckMode == WindowStationCheckMode.DesktopOnly || CheckMode == WindowStationCheckMode.WindowStationAndDesktop;
using (var winstas = NtWindowStation.GetAccessibleWindowStations().ToDisposableList())
{
foreach (var winsta in winstas)
{
if (check_winsta && winsta.IsAccessGranted(WindowStationAccessRights.ReadControl))
{
var sd = winsta.SecurityDescriptor;
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, winsta_type.GenericMapping);
if (IsAccessGranted(granted_access, winsta_access_rights))
{
WriteAccessCheckResult(winsta.FullPath, winsta_type.Name, granted_access, winsta_type.GenericMapping,
sd, winsta_type.AccessRightsType, true, token.Information);
}
}
}
if (check_desktop && winsta.IsAccessGranted(WindowStationAccessRights.EnumDesktops))
{
RunAccessCheckDesktop(tokens, winsta);
}
}
}
}
private void RunAccessCheckDesktop(IEnumerable <TokenEntry> tokens, NtWindowStation winsta)
{
NtType desktop_type = NtType.GetTypeByType <NtDesktop>();
AccessMask desktop_access_rights = desktop_type.GenericMapping.MapMask(DesktopAccessRights);
using (var desktops = winsta.GetAccessibleDesktops().ToDisposableList())
{
foreach (var desktop in desktops)
{
if (desktop.IsAccessGranted(DesktopAccessRights.ReadControl))
{
var sd = desktop.SecurityDescriptor;
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, desktop_type.GenericMapping);
if (IsAccessGranted(granted_access, desktop_access_rights))
{
WriteAccessCheckResult($"{winsta.FullPath}{desktop.FullPath}", desktop_type.Name, granted_access, desktop_type.GenericMapping,
sd, desktop_type.AccessRightsType, true, token.Information);
}
}
}
}
}
}
private void RunAccessCheck(IEnumerable <TokenEntry> tokens, string name, string description, Guid key, string key_name,
FwObjectType fw_type, bool is_directory, Func <SecurityInformation, bool, NtResult <SecurityDescriptor> > get_sd)
{
try
{
NtType type = FirewallUtils.FirewallType;
AccessMask access_rights = type.GenericMapping.MapMask(Access);
var sd = get_sd(SecurityInformation.AllBasic, false);
if (!sd.IsSuccess)
{
WriteWarning($"Couldn't query security for firewall object '{name}'. Perhaps run as administrator.");
return;
}
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd.Result,
token.Token, type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new FwObjectAccessCheckResult(name, description, key,
key_name, fw_type, granted_access, type.GenericMapping, sd.Result,
is_directory, token.Information));
}
}
}
catch (NtException ex)
{
WriteError(new ErrorRecord(ex, "Error", ErrorCategory.SecurityError, this));
}
}
static uint GetGrantedAccess(SecurityDescriptor sd, NtToken token, uint specific_rights, GenericMapping generic_mapping)
{
uint granted_access = 0;
specific_rights = generic_mapping.MapMask(specific_rights);
if (specific_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(sd, token, (GenericAccessRights)(specific_rights), generic_mapping);
}
else
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
if (granted_access != 0)
{
// As we can get all the rights for the key get maximum
if (specific_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
}
return(granted_access);
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
if (!NtToken.EnableDebugPrivilege())
{
WriteWarning("Current process doesn't have SeDebugPrivilege, results may be inaccurate");
}
NtType type = NtType.GetTypeByType <NtToken>();
AccessMask access_rights = type.MapGenericRights(AccessRights);
int current_session_id = NtProcess.Current.SessionId;
using (var procs = NtProcess.GetProcesses(ProcessAccessRights.QueryInformation | ProcessAccessRights.ReadControl, false).ToDisposableList())
{
IEnumerable <NtProcess> proc_enum = procs;
if (CurrentSession)
{
proc_enum = proc_enum.Where(p => CheckSession(p, current_session_id));
}
foreach (var proc in proc_enum.Where(p => ShowDeadProcesses || !p.IsDeleting))
{
using (var result = NtToken.OpenProcessToken(proc, TokenAccessRights.ReadControl | TokenAccessRights.Query, false))
{
if (!result.IsSuccess)
{
WriteWarning($"Couldn't open token for Process {proc.Name} PID: {proc.ProcessId} Status: {result.Status}");
continue;
}
NtToken primary_token = result.Result;
var sd_result = primary_token.GetSecurityDescriptor(SecurityInformation.AllBasic, false);
if (!sd_result.IsSuccess)
{
WriteWarning($"Couldn't get token's Security Descriptor for Process {proc.Name} PID: {proc.ProcessId} Status: {sd_result.Status}");
continue;
}
var sd = sd_result.Result;
string process_name = proc.Name;
string process_cmdline = proc.CommandLine;
string image_path = proc.FullPath;
int process_id = proc.ProcessId;
foreach (var token in tokens)
{
if (proc.GetMaximumAccess(token.Token).HasFlag(ProcessAccessRights.QueryLimitedInformation))
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new TokenAccessCheckResult(primary_token, proc,
granted_access, sd, token.Information));
}
}
}
}
}
}
}
private void CheckAccess(TokenEntry token, ProcessDetails process, ThreadDetails thread, NtType type, AccessMask access_rights, SecurityDescriptor sd)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteAccessCheckResult(process, thread, granted_access, type.GenericMapping, sd.ToSddl(), token.Information);
}
}
private void CheckAccess(TokenEntry token, NtObject obj, NtType type, bool is_directory, AccessMask access_rights, SecurityDescriptor sd)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteAccessCheckResult(ConvertPath(obj), type.Name, granted_access, type.GenericMapping,
sd.ToSddl(), type.AccessRightsType, is_directory, token.Information);
}
}
private void CheckAccess(TokenEntry token, NtKey key, AccessMask access_rights, SecurityDescriptor sd)
{
NtType type = key.NtType;
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteAccessCheckResult(FormatWin32Path ? key.Win32Path : key.FullPath, type.Name, granted_access, type.GenericMapping,
sd, typeof(KeyAccessRights), true, token.Information);
}
}
private void CheckAccess(TokenEntry token, NtFile file, AccessMask access_rights, SecurityDescriptor sd)
{
NtType type = file.NtType;
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteAccessCheckResult(FormatWin32Path ? file.Win32PathName : file.FullPath, type.Name, granted_access, type.GenericMapping,
sd.ToSddl(), IsDirectoryNoThrow(file) ? typeof(FileDirectoryAccessRights) : typeof(FileAccessRights), token.Information);
}
}
internal override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
foreach (var entry in GetTaskSchedulerEntries())
{
string path = entry.Path;
string sddl = entry.SecurityDescriptor;
if (string.IsNullOrWhiteSpace(sddl) || string.IsNullOrWhiteSpace(path))
{
continue;
}
AccessMask requested_access;
if (entry.Folder)
{
requested_access = Writable ? FileDirectoryAccessRights.AddSubDirectory : DirectoryAccessRights;
}
else
{
requested_access = Executable ? FileAccessRights.ReadData | FileAccessRights.Execute : 0;
if (Writable)
{
requested_access |= FileAccessRights.WriteData;
}
if (requested_access.IsEmpty)
{
requested_access = AccessRights;
}
}
AccessMask access_rights = _file_type.GenericMapping.MapMask(requested_access);
foreach (TokenEntry token in tokens)
{
SecurityDescriptor sd = new SecurityDescriptor(sddl);
if (sd.Owner == null)
{
sd.Owner = new SecurityDescriptorSid(KnownSids.BuiltinAdministrators, false);
}
if (sd.Group == null)
{
sd.Group = new SecurityDescriptorSid(KnownSids.BuiltinAdministrators, false);
}
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, _file_type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(entry.CreateResult(granted_access, token.Information));
}
}
}
}
static void CheckAccess(string full_path, NtFile entry)
{
try
{
if (!entry.IsAccessGranted(FileAccessRights.ReadControl))
{
return;
}
SecurityDescriptor sd = entry.SecurityDescriptor;
bool is_dir = entry.IsDirectory;
AccessMask granted_access;
if (is_dir && _dir_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type,
_dir_filter, sd.ToByteArray());
}
else if (!is_dir && _file_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type,
_file_filter, sd.ToByteArray());
}
else
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (granted_access.HasAccess)
{
// Now reget maximum access rights
if (_dir_filter != 0 || _file_filter != 0)
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (!_show_write_only || _type.HasWritePermission(granted_access))
{
Console.WriteLine("{0}{1} : {2:X08} {3}", full_path.TrimEnd('\\'),
is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
catch (NtException)
{
}
}
static void CheckAccess(string path, byte[] sd, NtType type)
{
try
{
if (_type_filter.Count > 0)
{
if (!_type_filter.Contains(type.Name.ToLower()))
{
return;
}
}
if (sd.Length > 0)
{
uint granted_access = 0;
if (_dir_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, type, (uint)_dir_rights, sd);
}
else
{
granted_access = NtSecurity.GetMaximumAccess(_token, type, sd);
}
if (granted_access != 0)
{
// As we can get all the rights for the directory get maximum
if (_dir_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(_token, type, sd);
}
if (!_show_write_only || type.HasWritePermission(granted_access))
{
Console.WriteLine("<{0}> {1} : {2:X08} {3}", type.Name, path, granted_access, AccessMaskToString(type, granted_access));
if (_print_sddl)
{
Console.WriteLine("{0}", NtSecurity.SecurityDescriptorToSddl(sd, SecurityInformation.AllBasic));
}
}
}
}
}
catch (Exception)
{
}
}
internal override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
if (CheckScmAccess)
{
SecurityDescriptor sd = ServiceUtils.GetScmSecurityDescriptor();
GenericMapping scm_mapping = ServiceUtils.GetScmGenericMapping();
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd.ToSddl(),
typeof(ServiceControlManagerAccessRights), false, token.Information);
}
}
else
{
string[] names = Name;
if (names == null || names.Length == 0)
{
names = ServiceController.GetServices().Select(s => s.ServiceName).ToArray();
}
GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
AccessMask access_rights = service_mapping.MapMask(AccessRights);
foreach (string name in names)
{
try
{
var service = ServiceUtils.GetServiceInformation(name);
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
token.Token, service_mapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new ServiceAccessCheckResult(name, granted_access,
service.SecurityDescriptor.ToSddl(), token.Information, service.Triggers));
}
}
}
catch (Win32Exception ex)
{
WriteError(new ErrorRecord(ex, "OpenService", ErrorCategory.OpenError, name));
}
}
}
}
static void CheckAccess(FileSystemInfo entry)
{
try
{
SecurityDescriptor sd = NtSecurity.FromNamedObject(@"\??\" + entry.FullName, "file");
if (sd != null)
{
bool is_dir = entry is DirectoryInfo;
uint granted_access;
if (is_dir && _dir_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type, _dir_filter, sd.ToByteArray());
}
else if (!is_dir && _file_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type, _file_filter, sd.ToByteArray());
}
else
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (granted_access != 0)
{
// Now reget maximum access rights
if (_dir_filter != 0 || _file_filter != 0)
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (!_show_write_only || _type.HasWritePermission(granted_access))
{
Console.WriteLine("{0}{1} : {2:X08} {3}", entry.FullName, is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
}
catch (Exception)
{
}
}
static void CheckAccess(string full_path, NtFile entry)
{
try
{
SecurityDescriptor sd = entry.GetSecurityDescriptor(SecurityInformation.AllBasic);
if (sd != null)
{
bool is_dir = entry.IsDirectory;
uint granted_access;
if (is_dir && _dir_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type, _dir_filter, sd.ToByteArray());
}
else if (!is_dir && _file_filter != 0)
{
granted_access = NtSecurity.GetAllowedAccess(_token, _type, _file_filter, sd.ToByteArray());
}
else
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (granted_access != 0)
{
// Now reget maximum access rights
if (_dir_filter != 0 || _file_filter != 0)
{
granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray());
}
if (!_show_write_only || _type.HasWritePermission(granted_access))
{
Console.WriteLine("{0}{1} : {2:X08} {3}", full_path.TrimEnd('\\'),
is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
}
catch { }
}
private void CheckAccess(TokenEntry token, AccessMask access_rights, string path, NtFile file)
{
var sd = file.GetSecurityDescriptor(SecurityInformation.AllBasic, false);
if (!sd.IsSuccess)
{
return;
}
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd.Result,
token.Token, _file_type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteAccessCheckResult(FormatPath(path, FormatWin32Path), "NamedPipe",
granted_access, _file_type.GenericMapping,
sd.Result, typeof(FileAccessRights), false, token.Information);
}
}
static void CheckAccess(NtToken token, NtKey key)
{
NtType type = key.NtType;
if (!key.IsAccessGranted(KeyAccessRights.ReadControl))
{
return;
}
SecurityDescriptor sd = key.SecurityDescriptor;
AccessMask granted_access;
if (_key_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(token, type,
_key_rights, sd.ToByteArray());
}
else
{
granted_access = NtSecurity.GetMaximumAccess(token, type, sd.ToByteArray());
}
if (!granted_access.IsEmpty)
{
// As we can get all the rights for the key get maximum
if (_key_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(token, type, sd.ToByteArray());
}
if (!_show_write_only || type.HasWritePermission(granted_access))
{
Console.WriteLine("{0} : {1:X08} {2}", key.FullPath, granted_access, AccessMaskToString(granted_access, type));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
NtType type = NtType.GetTypeByType <NtEtwRegistration>();
AccessMask access_rights = type.GenericMapping.MapMask(Access);
var providers = EventTracing.GetProviders();
if (ProviderId != null && ProviderId.Length > 0)
{
HashSet <Guid> guids = new HashSet <Guid>(ProviderId);
providers = providers.Where(p => guids.Contains(p.Id));
}
else if (Name != null && Name.Length > 0)
{
var names = new HashSet <string>(Name, StringComparer.OrdinalIgnoreCase);
providers = providers.Where(p => names.Contains(p.Name));
}
foreach (var provider in providers)
{
var sd = provider.SecurityDescriptor;
if (sd == null)
{
WriteWarning($"Couldn't query security for ETW Provider {provider.Name}. Perhaps run as administrator.");
continue;
}
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new EventTraceAccessCheckResult(provider, type,
granted_access, sd, token.Information));
}
}
}
}
static AccessMask GetGrantedAccess(SecurityDescriptor sd, NtToken token,
AccessMask specific_rights, GenericMapping generic_mapping)
{
AccessMask granted_access;
specific_rights = generic_mapping.MapMask(specific_rights);
if (specific_rights.HasAccess)
{
granted_access = NtSecurity.GetAllowedAccess(sd, token, specific_rights, generic_mapping);
// As we can get all the rights for the key get maximum
if (granted_access.HasAccess)
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
}
else
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
return(granted_access);
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
GenericMapping generic_mapping = NtWnf.GenericMapping;
AccessMask access_rights = generic_mapping.MapMask(Access);
var entries = NtWnf.GetRegisteredNotifications();
foreach (var entry in entries)
{
var sd = entry.SecurityDescriptor;
if (sd == null)
{
WriteWarning($"Couldn't query security for WNF Provider {entry.StateName:X016}.");
continue;
}
if (sd.Owner == null)
{
sd.Owner = new SecurityDescriptorSid(new Sid("SY"), false);
}
if (sd.Group == null)
{
sd.Group = new SecurityDescriptorSid(new Sid("SY"), false);
}
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, generic_mapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new WnfAccessCheckResult(entry, granted_access, sd, token.Information));
}
}
}
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
if (CheckScmAccess)
{
SecurityDescriptor sd = ServiceUtils.GetScmSecurityDescriptor();
GenericMapping scm_mapping = ServiceUtils.GetScmGenericMapping();
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd,
typeof(ServiceControlManagerAccessRights), false, token.Information);
}
}
else
{
IEnumerable <Win32Service> services = GetServices();
InternalGetAccessibleFileCmdlet file_cmdlet = null;
HashSet <string> checked_files = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
if (CheckFiles)
{
file_cmdlet = new InternalGetAccessibleFileCmdlet(this)
{
FormatWin32Path = true
};
}
GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
AccessMask access_rights = service_mapping.MapMask(Access);
foreach (var service in services.Where(s => s?.SecurityDescriptor != null))
{
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
token.Token, service_mapping);
ServiceAccessRights trigger_access = GetTriggerAccess(service, token.Token);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new ServiceAccessCheckResult(service.Name, granted_access | trigger_access,
service.SecurityDescriptor, token.Information, trigger_access,
granted_access.ToSpecificAccess <ServiceAccessRights>(), service));
}
}
if (CheckFiles)
{
if (!string.IsNullOrWhiteSpace(service.ImagePath) &&
File.Exists(service.ImagePath) &&
checked_files.Add(service.ImagePath))
{
file_cmdlet.RunAccessCheckPathInternal(tokens, service.ImagePath);
}
if (!string.IsNullOrWhiteSpace(service.ServiceDll) &&
File.Exists(service.ServiceDll) &&
checked_files.Add(service.ServiceDll))
{
file_cmdlet.RunAccessCheckPathInternal(tokens, service.ServiceDll);
}
}
}
}
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
var devices = new Dictionary <string, SecurityDescriptorEntry>(StringComparer.OrdinalIgnoreCase);
foreach (string path in Path)
{
using (var result = OpenDirectory(path, null))
{
if (result.IsSuccess)
{
FindDevicesInDirectory(result.Result, devices, MaxDepth ?? int.MaxValue);
}
else
{
// If failed, it might be an absolute path so just add it.
if (!devices.ContainsKey(path))
{
devices.Add(path, GetSecurityDescriptor(path));
}
}
}
}
if (devices.Count > 0)
{
AccessMask access_rights = _file_type.MapGenericRights(Access);
EaBuffer ea_buffer = CheckEaBuffer ? (EaBuffer ?? CreateDummyEaBuffer()) : null;
List <string> namespace_paths = new List <string>(NamespacePath ?? new[] { "XYZ" });
foreach (var entry in tokens)
{
foreach (var pair in devices)
{
if (CheckDevice())
{
if (pair.Value != null)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(pair.Value.SecurityDescriptor, entry.Token, _file_type.GenericMapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new DeviceAccessCheckResult(pair.Key, false, pair.Value.DeviceType,
pair.Value.Characteristics, granted_access,
pair.Value.SecurityDescriptor, entry.Information));
}
}
else
{
if (!NoImpersonation)
{
CheckAccessUnderImpersonation(entry, pair.Key, false, access_rights, OpenOptions, ea_buffer);
}
}
}
if (CheckNamespace() && !NoImpersonation)
{
foreach (string namespace_path in namespace_paths)
{
CheckAccessUnderImpersonation(entry, pair.Key + @"\" + namespace_path,
true, access_rights, OpenOptions, ea_buffer);
}
}
}
}
}
else
{
WriteWarning("Couldn't find any devices to check");
}
}