private string ParseGrantedBy(AccessReason reason, StringBuilder buffer, StringBuilder domainBuffer, StringBuilder userBuffer) { try { var raw = new RawSecurityDescriptor(reason.GrantedBy); if (raw.Group != null && raw.Group.AccountDomainSid != null) return UserWithDomain(raw.Group.AccountDomainSid, buffer, domainBuffer, userBuffer); if (raw.Owner != null && raw.Owner.AccountDomainSid != null) return UserWithDomain(raw.Owner.AccountDomainSid, buffer, domainBuffer, userBuffer); CommonAce c; if (raw.DiscretionaryAcl != null && raw.DiscretionaryAcl.Count > 0 && (c = raw.DiscretionaryAcl[0] as CommonAce) != null && c.SecurityIdentifier != null) return UserWithDomain(c.SecurityIdentifier, buffer, domainBuffer, userBuffer); } catch { return reason.GrantedBy; } return string.Empty; }
private string ParseAccessReasons(StringReader reader, string value, AuditInfo audit, StringBuilder buffer, StringBuilder domainBuffer, StringBuilder userBuffer) { while (!string.IsNullOrEmpty(value)) { var m = RegGrantedByField.Match(value); if (!m.Success) return value; value = m.Groups[2].Value.Trim(); var index = value.IndexOf("\t", StringComparison.CurrentCultureIgnoreCase); if (index >= 0) value = value.Substring(index).Trim(); var reason = new AccessReason() { AccessRight = m.Groups[1].Value, GrantedBy = value }; if (index >= 0) reason.GrantedByUser = ParseGrantedBy(reason, buffer, domainBuffer, userBuffer); audit.Reasons.Add(reason); value = reader.ReadLine(); } return null; }