internal WnfAccessCheckResult(NtWnf wnf,
                               AccessMask granted_access,
                               SecurityDescriptor sd, TokenInformation token_info)
     : base(wnf.Name,
            "Wnf", granted_access,
            NtWnf.GenericMapping, sd,
            typeof(WnfAccessRights), false, token_info)
 {
     StateName          = wnf.StateName;
     Lifetime           = wnf.Lifetime;
     SubscribersPresent = wnf.SubscribersPresent;
 }
 internal ProcessAccessCheckResult(string name, string image_path, int process_id, int session_id,
                                   string command_line, AccessMask granted_access, bool is_thread, bool is_dead, string user,
                                   NtType type, SecurityDescriptor sd, TokenInformation token_info) : base(name, type.Name, granted_access,
                                                                                                           type.GenericMapping, sd, type.AccessRightsType, false, token_info)
 {
     ProcessImagePath   = image_path;
     ProcessId          = process_id;
     ProcessCommandLine = command_line;
     IsThread           = is_thread;
     IsDead             = is_dead;
     SessionId          = session_id;
     User = user;
 }
예제 #3
0
 internal ServiceAccessCheckResult(string name, AccessMask granted_access,
                                   SecurityDescriptor sd, TokenInformation token_info,
                                   ServiceAccessRights trigger_granted_access,
                                   ServiceAccessRights original_granted_access,
                                   Win32Service service)
     : base(name, ServiceUtils.SERVICE_NT_TYPE_NAME, granted_access,
            ServiceUtils.GetServiceGenericMapping(), sd,
            typeof(ServiceAccessRights), false, token_info)
 {
     TriggerGrantedAccess  = trigger_granted_access;
     OriginalGrantedAccess = original_granted_access;
     Service = service;
 }
예제 #4
0
 public CommonAccessCheckResult CreateResult(AccessMask granted_access, TokenInformation token_info)
 {
     if (Folder)
     {
         return(new CommonAccessCheckResult(Path, "Scheduled Task", granted_access, _file_type.GenericMapping,
                                            new SecurityDescriptor(SecurityDescriptor), typeof(FileDirectoryAccessRights), true, token_info));
     }
     else
     {
         return(new ScheduledTaskAccessCheckResult(this, granted_access, new SecurityDescriptor(SecurityDescriptor),
                                                   _file_type.GenericMapping, token_info));
     }
 }
예제 #5
0
 internal AccessCheckResult(string name, string type_name, AccessMask granted_access,
                            GenericMapping generic_mapping, SecurityDescriptor sd,
                            Type enum_type, bool is_directory, TokenInformation token_info)
 {
     Name               = name;
     TypeName           = type_name;
     GrantedAccess      = granted_access;
     GenericMapping     = generic_mapping;
     TokenInfo          = token_info;
     SecurityDescriptor = sd?.ToSddl() ?? string.Empty;
     Owner              = sd?.Owner?.Sid.ToString() ?? string.Empty;
     IsRead             = generic_mapping.HasRead(granted_access);
     IsWrite            = generic_mapping.HasWrite(granted_access) ||
                          granted_access.IsAccessGranted(GenericAccessRights.WriteDac) ||
                          granted_access.IsAccessGranted(GenericAccessRights.WriteOwner) ||
                          granted_access.IsAccessGranted(GenericAccessRights.Delete);
     IsExecute                  = generic_mapping.HasExecute(granted_access);
     IsAll                      = generic_mapping.HasAll(granted_access);
     GrantedAccessString        = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, false);
     GrantedGenericAccessString = NtObjectUtils.GrantedAccessAsString(granted_access, generic_mapping, enum_type, true);
     TokenId                    = token_info.TokenId.ToInt64();
     IsDirectory                = is_directory;
 }
 private protected virtual void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access,
                                                       GenericMapping generic_mapping, SecurityDescriptor sd, Type enum_type, bool is_directory, TokenInformation token_info)
 {
     WriteObject(new CommonAccessCheckResult(name, type_name, granted_access, generic_mapping,
                                             sd, enum_type, is_directory, token_info));
 }
 private void WriteAccessCheckResult(ProcessDetails process, ThreadDetails thread, AccessMask granted_access,
                                     GenericMapping generic_mapping, SecurityDescriptor sd, TokenInformation token)
 {
     if (thread == null)
     {
         WriteObject(new ProcessAccessCheckResult(process.Name, process.ImagePath, process.ProcessId, process.SessionId,
                                                  process.CommandLine, granted_access, false, process.IsDeleting,
                                                  process.User, _process_type, sd, token));
     }
     else
     {
         WriteObject(new ThreadAccessCheckResult(process.Name, process.ImagePath, thread.ThreadId,
                                                 thread.Description, process.ProcessId, process.IsDeleting, process.SessionId, process.CommandLine, granted_access,
                                                 process.User, _thread_type, sd, token));
     }
 }
 internal HandleAccessCheckResult(MaximumAccess maximum_access, NtHandle handle, string name, string type_name, AccessMask granted_access,
                                  GenericMapping generic_mapping, string sddl, Type enum_type, bool is_directory, TokenInformation token_info)
     : base(name, type_name, granted_access, generic_mapping,
            !string.IsNullOrWhiteSpace(sddl) ? new SecurityDescriptor(sddl) : null,
            enum_type, is_directory, token_info)
 {
     if (maximum_access != null)
     {
         MaximumAccess   = maximum_access.Access;
         DifferentAccess = (granted_access & MaximumAccess) != granted_access;
     }
     ProcessId = handle.ProcessId;
     Handle    = handle.Handle;
     Object    = handle.Object;
 }
 public TokenEntry(NtToken token, NtToken imp_token, NtProcess process)
 {
     Information = process == null ? new TokenInformation(token, null) : new ProcessTokenInformation(token, process);
     Token       = DuplicateToken(imp_token);
 }
 internal DeviceAccessCheckResult(string name, bool namespace_path, FileDeviceType device_type, FileDeviceCharacteristics device_chars,
                                  AccessMask granted_access, SecurityDescriptor sd, TokenInformation token_info) : base(name, "Device",
                                                                                                                        granted_access, NtType.GetTypeByType <NtFile>().GenericMapping, sd, typeof(FileAccessRights), true, token_info)
 {
     NamespacePath   = namespace_path;
     DeviceType      = device_type;
     Characteristics = device_chars;
 }
예제 #11
0
 public TokenEntry(NtToken token, NtToken imp_token, NtProcess process)
 {
     Information = new TokenInformation(token, process);
     Token       = DuplicateToken(imp_token);
 }
 private protected override void WriteAccessCheckResult(string name, string type_name, AccessMask granted_access, GenericMapping generic_mapping, SecurityDescriptor sd, Type enum_type, bool is_directory, TokenInformation token_info)
 {
     _cmdlet.WriteAccessCheckResult(name, type_name, granted_access, generic_mapping, sd, enum_type, is_directory, token_info);
 }
예제 #13
0
 internal ScheduledTaskAccessCheckResult(GetAccessibleScheduledTaskCmdlet.TaskSchedulerEntry entry, AccessMask granted_access,
                                         SecurityDescriptor sd, GenericMapping generic_mapping, TokenInformation token_info)
     : base(entry.Path, GetAccessibleScheduledTaskCmdlet.TypeName, granted_access,
            generic_mapping, sd,
            typeof(FileAccessRights), false, token_info)
 {
     Enabled          = entry.Enabled;
     Hidden           = entry.Hidden;
     AllowDemandStart = entry.AllowDemandStart;
     Xml         = entry.Xml;
     LogonType   = entry.LogonType;
     RunLevel    = entry.RunLevel;
     Principal   = entry.Principal;
     Actions     = entry.Actions;
     ActionCount = Actions.Count();
 }
예제 #14
0
 internal FwObjectAccessCheckResult(string name, string description, Guid key, string key_name, FwObjectType fw_type, AccessMask granted_access,
                                    GenericMapping generic_mapping, SecurityDescriptor sd, bool is_directory, TokenInformation token_info)
     : base(name, fw_type.ToString(), granted_access, generic_mapping, sd, typeof(FirewallAccessRights), is_directory, token_info)
 {
     Description = description;
     Key         = key;
     KeyName     = key_name;
 }