private AccessMask GetDesiredAccess()
{
NtType type = GetNtType();
if (RawAccess.HasValue)
{
return(type.MapGenericRights(RawAccess.Value));
}
if (!_dict.GetValue("Access", out Enum access))
{
return(GenericAccessRights.MaximumAllowed);
}
return(type.MapGenericRights(access));
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
if (!_dict.GetValue("Access", out Enum access))
{
if (!RawAccess.HasValue && RequiresAccess(Type))
{
throw new ArgumentException("Invalid access value.");
}
else
{
access = GenericAccessRights.None;
}
}
_dict.GetValue("Condition", out string condition);
_dict.GetValue("ObjectType", out Guid? object_type);
_dict.GetValue("InheritedObjectType", out Guid? inherited_object_type);
_dict.GetValue("ServerSid", out Sid server_sid);
_dict.GetValue("SecurityAttribute", out ClaimSecurityAttribute security_attribute);
Acl acl;
if (NtSecurity.IsSystemAceType(Type))
{
if (SecurityDescriptor.Sacl == null)
{
SecurityDescriptor.Sacl = new Acl();
}
acl = SecurityDescriptor.Sacl;
}
else
{
if (SecurityDescriptor.Dacl == null)
{
SecurityDescriptor.Dacl = new Acl();
}
acl = SecurityDescriptor.Dacl;
}
AccessMask mask = access;
if (RawAccess.HasValue)
{
mask |= RawAccess.Value;
}
if (MapGeneric)
{
NtType type = SecurityDescriptor.NtType;
if (type == null)
{
WriteWarning("No NtType specified in security descriptor. Defaulting to File.");
type = NtType.GetTypeByType <NtFile>();
}
mask = type.MapGenericRights(mask);
}
Ace ace = new Ace(Type, Flags, mask, GetSid());
if ((NtSecurity.IsCallbackAceType(Type) || Type == AceType.AccessFilter) && !string.IsNullOrWhiteSpace(condition))
{
ace.Condition = condition;
}
if (NtSecurity.IsObjectAceType(Type))
{
ace.ObjectType = object_type;
ace.InheritedObjectType = inherited_object_type;
}
if (Type == AceType.AllowedCompound)
{
ace.ServerSid = server_sid;
}
if (Type == AceType.ResourceAttribute)
{
ace.ResourceAttribute = security_attribute;
}
acl.Add(ace);
if (PassThru)
{
WriteObject(ace);
}
}