public static void Eval(this IDiscretionaryAcl dacl, Type rightType, SecurityResults securityResults) { string rtn = rightType.GetFriendlyRightTypeName(); IEnumerable <IAccessControlEntry> found = from ace in dacl where ace.RightData.FriendlyTypeName.Equals(rtn) select ace; List <IAccessControlEntry> aces = new List <IAccessControlEntry>(found); EvalAceList(rightType, aces, securityResults); }
//HACK: Minor hack to address extended rights where the bitmask doesn't bear it out naturally. //NOTE: If I was smarter, I would be able to figure out the right bitmask for SyncRights and then probably drop the hack. static void EvalExtended(Type rightType, int summaryMask, SecurityResults securityResults, RightsAccessorAttribute ra) { if (rightType.GetType() == typeof(SynchronizationRight)) { //this is just to block having "OneWay" as the only specified right securityResults.GetByTypeRight(rightType, (int)SynchronizationRight.OneWay).AccessAllowed = (summaryMask & (int)SynchronizationRight.Upload) == (int)SynchronizationRight.Upload || (summaryMask & (int)SynchronizationRight.Download) == (int)SynchronizationRight.Download; } }
static void EvalAceList(Type rightType, List <IAccessControlEntry> aces, SecurityResults securityResults) { if (!securityResults.ContainsRightType(rightType)) { securityResults.InitResult(rightType); } if (aces.Count > 0) { aces.Sort(new AceComparer()); //Logic: Look in the Dacl for aces of the given AceType, create a new mask of the combined rights. // If Allowed: bitwise-OR the value into the mask. // If Deined: if the mask contains the value, XOR the value out. //The result mask contains only the allowed rights. int mask = 0; foreach (IAccessControlEntry ace in aces) { if (ace.Allowed) { mask |= ace.RightData.Value; } else if ((mask & ace.RightData.Value) == ace.RightData.Value) { mask ^= ace.RightData.Value; } } //For each right of the given acetype, perform a bitwise - AND to see if the right is specified in the mask. int[] rights = rightType.GetRightTypeValues(); for (int i = 0; i < rights.Length; i++) { securityResults.GetByTypeRight(rightType, rights[i]).AccessAllowed = (mask & rights[i]) == rights[i]; } RightsAccessorAttribute attrib = (RightsAccessorAttribute)Attribute.GetCustomAttribute(rightType.GetType(), typeof(RightsAccessorAttribute)); if (attrib != null && attrib.HasMask) { EvalExtended(rightType, mask, securityResults, attrib); } } }
public static void Eval(this IDiscretionaryAcl dacl, SecurityResults securityResults) { Dictionary <Type, List <IAccessControlEntry> > aceLists = new Dictionary <Type, List <IAccessControlEntry> >(); foreach (IAccessControlEntry ace in dacl) { if (!aceLists.ContainsKey(ace.RightData.RightType)) { aceLists[ace.RightData.RightType] = new List <IAccessControlEntry>(); } aceLists[ace.RightData.RightType].Add(ace); } foreach (Type rightType in aceLists.Keys) { EvalAceList(rightType, aceLists[rightType], securityResults); } }
public static void Eval <T>(this IDiscretionaryAcl dacl, SecurityResults securityResults) where T : struct, IConvertible { Eval(dacl, typeof(T), securityResults); }
static void EvalAceList(Type rightType, List <IAccessControlEntryAudit> aces, SecurityResults securityResults) { if (!securityResults.ContainsRightType(rightType)) { securityResults.InitResult(rightType); } if (aces.Count > 0) { aces.Sort(new AceComparer()); //Logic: Look in the Sacl for aces of the given AceType, create a new mask of the combined rights. // If Allowed: bitwise-OR the value into the allowedMask. // If Denied: bitwise-OR the value into the deniedMask. //The result mask contains only the allowed rights. int allowedMask = 0; int deniedMask = 0; foreach (IAccessControlEntryAudit ace in aces) { if (ace.Allowed) { allowedMask |= ace.RightData.Value; } if (ace.Denied) { deniedMask |= ace.RightData.Value; } } //For each right of the given acetype, perform a bitwise-AND to see if the right is specified in the mask. int[] rights = rightType.GetRightTypeValues(); int right = 0; for (int i = 0; i < rights.Length; i++) { right = rights[i]; securityResults.GetByTypeRight(rightType, right).AuditSuccess = (allowedMask & right) == right; securityResults.GetByTypeRight(rightType, right).AuditFailure = (deniedMask & right) == right; } } }
public static void Eval <T>(this ISystemAcl sacl, SecurityResults securityResults) where T : struct, IConvertible { Eval(sacl, typeof(T), securityResults); }