internal WnfAccessCheckResult(NtWnf wnf,
AccessMask granted_access,
SecurityDescriptor sd, TokenInformation token_info)
: base(wnf.Name,
"Wnf", granted_access,
NtWnf.GenericMapping, sd,
typeof(WnfAccessRights), false, token_info)
{
StateName = wnf.StateName;
Lifetime = wnf.Lifetime;
SubscribersPresent = wnf.SubscribersPresent;
}
internal ProcessAccessCheckResult(string name, string image_path, int process_id, int session_id,
string command_line, AccessMask granted_access, bool is_thread, bool is_dead, string user,
NtType type, SecurityDescriptor sd, TokenInformation token_info) : base(name, type.Name, granted_access,
type.GenericMapping, sd, type.AccessRightsType, false, token_info)
{
ProcessImagePath = image_path;
ProcessId = process_id;
ProcessCommandLine = command_line;
IsThread = is_thread;
IsDead = is_dead;
SessionId = session_id;
User = user;
}
internal ServiceAccessCheckResult(string name, AccessMask granted_access,
SecurityDescriptor sd, TokenInformation token_info,
ServiceAccessRights trigger_granted_access,
ServiceAccessRights original_granted_access,
Win32Service service)
: base(name, ServiceUtils.SERVICE_NT_TYPE_NAME, granted_access,
ServiceUtils.GetServiceGenericMapping(), sd,
typeof(ServiceAccessRights), false, token_info)
{
TriggerGrantedAccess = trigger_granted_access;
OriginalGrantedAccess = original_granted_access;
Service = service;
}
public CommonAccessCheckResult CreateResult(AccessMask granted_access, TokenInformation token_info)
{
if (Folder)
{
return(new CommonAccessCheckResult(Path, "Scheduled Task", granted_access, _file_type.GenericMapping,
new SecurityDescriptor(SecurityDescriptor), typeof(FileDirectoryAccessRights), true, token_info));
}
else
{
return(new ScheduledTaskAccessCheckResult(this, granted_access, new SecurityDescriptor(SecurityDescriptor),
_file_type.GenericMapping, token_info));
}
}
internal AccessCheckResult(string name, string type_name, AccessMask granted_access,
GenericMapping generic_mapping, SecurityDescriptor sd,
Type enum_type, bool is_directory, TokenInformation token_info)
{
Name = name;
TypeName = type_name;
GrantedAccess = granted_access;
GenericMapping = generic_mapping;
TokenInfo = token_info;
SecurityDescriptor = sd?.ToSddl() ?? string.Empty;
Owner = sd?.Owner?.Sid.ToString() ?? string.Empty;
IsRead = generic_mapping.HasRead(granted_access);
IsWrite = generic_mapping.HasWrite(granted_access) ||
granted_access.IsAccessGranted(GenericAccessRights.WriteDac) ||
granted_access.IsAccessGranted(GenericAccessRights.WriteOwner) ||
granted_access.IsAccessGranted(GenericAccessRights.Delete);
IsExecute = generic_mapping.HasExecute(granted_access);
IsAll = generic_mapping.HasAll(granted_access);
GrantedAccessString = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, false);
GrantedGenericAccessString = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, true);
TokenId = token_info.TokenId.ToInt64();
IsDirectory = is_directory;
}
private protected virtual void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access,
GenericMapping generic_mapping, SecurityDescriptor sd, Type enum_type, bool is_directory, TokenInformation token_info)
{
WriteObject(new CommonAccessCheckResult(name, type_name, granted_access, generic_mapping,
sd, enum_type, is_directory, token_info));
}
private void WriteAccessCheckResult(ProcessDetails process, ThreadDetails thread, AccessMask granted_access,
GenericMapping generic_mapping, SecurityDescriptor sd, TokenInformation token)
{
if (thread == null)
{
WriteObject(new ProcessAccessCheckResult(process.Name, process.ImagePath, process.ProcessId, process.SessionId,
process.CommandLine, granted_access, false, process.IsDeleting,
process.User, _process_type, sd, token));
}
else
{
WriteObject(new ThreadAccessCheckResult(process.Name, process.ImagePath, thread.ThreadId,
thread.Description, process.ProcessId, process.IsDeleting, process.SessionId, process.CommandLine, granted_access,
process.User, _thread_type, sd, token));
}
}
internal HandleAccessCheckResult(MaximumAccess maximum_access, NtHandle handle, string name, string type_name, AccessMask granted_access,
GenericMapping generic_mapping, string sddl, Type enum_type, bool is_directory, TokenInformation token_info)
: base(name, type_name, granted_access, generic_mapping,
!string.IsNullOrWhiteSpace(sddl) ? new SecurityDescriptor(sddl) : null,
enum_type, is_directory, token_info)
{
if (maximum_access != null)
{
MaximumAccess = maximum_access.Access;
DifferentAccess = (granted_access & MaximumAccess) != granted_access;
}
ProcessId = handle.ProcessId;
Handle = handle.Handle;
Object = handle.Object;
}
public TokenEntry(NtToken token, NtToken imp_token, NtProcess process)
{
Information = process == null ? new TokenInformation(token, null) : new ProcessTokenInformation(token, process);
Token = DuplicateToken(imp_token);
}
internal DeviceAccessCheckResult(string name, bool namespace_path, FileDeviceType device_type, FileDeviceCharacteristics device_chars,
AccessMask granted_access, SecurityDescriptor sd, TokenInformation token_info) : base(name, "Device",
granted_access, NtType.GetTypeByType <NtFile>().GenericMapping, sd, typeof(FileAccessRights), true, token_info)
{
NamespacePath = namespace_path;
DeviceType = device_type;
Characteristics = device_chars;
}
public TokenEntry(NtToken token, NtToken imp_token, NtProcess process)
{
Information = new TokenInformation(token, process);
Token = DuplicateToken(imp_token);
}
private protected override void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access, GenericMapping generic_mapping, SecurityDescriptor sd, Type enum_type, bool is_directory, TokenInformation token_info)
{
_cmdlet.WriteAccessCheckResult(name, type_name, granted_access, generic_mapping, sd, enum_type, is_directory, token_info);
}
internal ScheduledTaskAccessCheckResult(GetAccessibleScheduledTaskCmdlet.TaskSchedulerEntry entry, AccessMask granted_access,
SecurityDescriptor sd, GenericMapping generic_mapping, TokenInformation token_info)
: base(entry.Path, GetAccessibleScheduledTaskCmdlet.TypeName, granted_access,
generic_mapping, sd,
typeof(FileAccessRights), false, token_info)
{
Enabled = entry.Enabled;
Hidden = entry.Hidden;
AllowDemandStart = entry.AllowDemandStart;
Xml = entry.Xml;
LogonType = entry.LogonType;
RunLevel = entry.RunLevel;
Principal = entry.Principal;
Actions = entry.Actions;
ActionCount = Actions.Count();
}
internal FwObjectAccessCheckResult(string name, string description, Guid key, string key_name, FwObjectType fw_type, AccessMask granted_access,
GenericMapping generic_mapping, SecurityDescriptor sd, bool is_directory, TokenInformation token_info)
: base(name, fw_type.ToString(), granted_access, generic_mapping, sd, typeof(FirewallAccessRights), is_directory, token_info)
{
Description = description;
Key = key;
KeyName = key_name;
}