private string ParseGrantedBy(AccessReason reason, StringBuilder buffer, StringBuilder domainBuffer, StringBuilder userBuffer)
{
try
{
var raw = new RawSecurityDescriptor(reason.GrantedBy);
if (raw.Group != null && raw.Group.AccountDomainSid != null)
return UserWithDomain(raw.Group.AccountDomainSid, buffer, domainBuffer, userBuffer);
if (raw.Owner != null && raw.Owner.AccountDomainSid != null)
return UserWithDomain(raw.Owner.AccountDomainSid, buffer, domainBuffer, userBuffer);
CommonAce c;
if (raw.DiscretionaryAcl != null && raw.DiscretionaryAcl.Count > 0 && (c = raw.DiscretionaryAcl[0] as CommonAce) != null
&& c.SecurityIdentifier != null)
return UserWithDomain(c.SecurityIdentifier, buffer, domainBuffer, userBuffer);
}
catch
{
return reason.GrantedBy;
}
return string.Empty;
}
private string ParseAccessReasons(StringReader reader, string value, AuditInfo audit,
StringBuilder buffer, StringBuilder domainBuffer, StringBuilder userBuffer)
{
while (!string.IsNullOrEmpty(value))
{
var m = RegGrantedByField.Match(value);
if (!m.Success)
return value;
value = m.Groups[2].Value.Trim();
var index = value.IndexOf("\t", StringComparison.CurrentCultureIgnoreCase);
if (index >= 0)
value = value.Substring(index).Trim();
var reason = new AccessReason()
{
AccessRight = m.Groups[1].Value,
GrantedBy = value
};
if (index >= 0)
reason.GrantedByUser = ParseGrantedBy(reason, buffer, domainBuffer, userBuffer);
audit.Reasons.Add(reason);
value = reader.ReadLine();
}
return null;
}
