internal CommonAccessCheckResult(string name, string type_name, AccessMask granted_access,
GenericMapping generic_mapping, SecurityDescriptor sd,
Type enum_type, bool is_directory, TokenInformation token_info)
{
Name = name;
TypeName = type_name;
GrantedAccess = granted_access;
GenericMapping = generic_mapping;
TokenInfo = token_info;
SecurityDescriptor = sd?.ToSddl(SecurityInformation.All, false).GetResultOrDefault() ?? string.Empty;
SecurityDescriptorBase64 = sd?.ToBase64() ?? string.Empty;
Owner = sd?.Owner?.Sid.ToString() ?? string.Empty;
IsRead = generic_mapping.HasRead(granted_access);
IsWrite = generic_mapping.HasWrite(granted_access) ||
granted_access.IsAccessGranted(GenericAccessRights.WriteDac) ||
granted_access.IsAccessGranted(GenericAccessRights.WriteOwner) ||
granted_access.IsAccessGranted(GenericAccessRights.Delete);
IsExecute = generic_mapping.HasExecute(granted_access);
IsAll = generic_mapping.HasAll(granted_access);
GrantedAccessString = NtSecurity.AccessMaskToString(granted_access, enum_type, generic_mapping, false);
GrantedGenericAccessString = NtSecurity.AccessMaskToString(granted_access, enum_type, generic_mapping, true);
TokenId = token_info.TokenId.ToInt64();
IsDirectory = is_directory;
if (sd != null)
{
HasMandatoryLabel = sd.GetMandatoryLabel() != null;
HasProcessTrustLabel = sd.ProcessTrustLabel != null;
}
}
/// <summary>
/// Set the security descriptor for the control.
/// </summary>
/// <param name="security_descriptor">Security descriptor to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
/// <param name="is_container">True to indicate this object is a container.</param>
public void SetSecurityDescriptor(SecurityDescriptor security_descriptor, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container)
{
AddAclTab(tabPageDACL, aclViewerControlDacl, security_descriptor.Dacl, access_type, mapping, valid_access, is_container);
AddAclTab(tabPageSACL, aclViewerControlSacl, security_descriptor.Sacl, access_type, mapping, valid_access, is_container);
SetSidLabel(lblOwnerValue, security_descriptor.Owner);
SetSidLabel(lblGroupValue, security_descriptor.Group);
Ace label = security_descriptor.GetMandatoryLabel();
if (label != null)
{
lblIntegrityValue.Text = $"{NtSecurity.GetIntegrityLevel(label.Sid)} ({label.Mask.ToMandatoryLabelPolicy()})";
}
else
{
lblIntegrityValue.Text = "N/A";
}
}