static void CheckAccess(NtToken token, NtObject obj)
{
if (!obj.IsAccessMaskGranted(GenericAccessRights.ReadControl))
{
return;
}
try
{
SecurityDescriptor sd = obj.SecurityDescriptor;
AccessMask granted_access;
NtType type = obj.NtType;
if (_dir_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(sd, token,
_dir_rights, type.GenericMapping);
}
else
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, type.GenericMapping);
}
if (!granted_access.IsEmpty)
{
// As we can get all the rights for the directory get maximum
if (_dir_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, type.GenericMapping);
}
if (!_show_write_only || type.HasWritePermission(granted_access))
{
Console.WriteLine("<{0}> {1} : {2:X08} {3}", type.Name, obj.FullPath,
granted_access, type.AccessMaskToString(granted_access, _map_to_generic));
if (_print_sddl)
{
Console.WriteLine("{0}", sd.ToSddl());
}
}
}
}
catch (NtException)
{
}
}
