static void EvalAceList(Type rightType, List <IAccessControlEntry> aces, SecurityResults securityResults) { if (!securityResults.ContainsRightType(rightType)) { securityResults.InitResult(rightType); } if (aces.Count > 0) { aces.Sort(new AceComparer()); //Logic: Look in the Dacl for aces of the given AceType, create a new mask of the combined rights. // If Allowed: bitwise-OR the value into the mask. // If Deined: if the mask contains the value, XOR the value out. //The result mask contains only the allowed rights. int mask = 0; foreach (IAccessControlEntry ace in aces) { if (ace.Allowed) { mask |= ace.RightData.Value; } else if ((mask & ace.RightData.Value) == ace.RightData.Value) { mask ^= ace.RightData.Value; } } //For each right of the given acetype, perform a bitwise - AND to see if the right is specified in the mask. int[] rights = rightType.GetRightTypeValues(); for (int i = 0; i < rights.Length; i++) { securityResults.GetByTypeRight(rightType, rights[i]).AccessAllowed = (mask & rights[i]) == rights[i]; } RightsAccessorAttribute attrib = (RightsAccessorAttribute)Attribute.GetCustomAttribute(rightType.GetType(), typeof(RightsAccessorAttribute)); if (attrib != null && attrib.HasMask) { EvalExtended(rightType, mask, securityResults, attrib); } } }
static void EvalAceList(Type rightType, List <IAccessControlEntryAudit> aces, SecurityResults securityResults) { if (!securityResults.ContainsRightType(rightType)) { securityResults.InitResult(rightType); } if (aces.Count > 0) { aces.Sort(new AceComparer()); //Logic: Look in the Sacl for aces of the given AceType, create a new mask of the combined rights. // If Allowed: bitwise-OR the value into the allowedMask. // If Denied: bitwise-OR the value into the deniedMask. //The result mask contains only the allowed rights. int allowedMask = 0; int deniedMask = 0; foreach (IAccessControlEntryAudit ace in aces) { if (ace.Allowed) { allowedMask |= ace.RightData.Value; } if (ace.Denied) { deniedMask |= ace.RightData.Value; } } //For each right of the given acetype, perform a bitwise-AND to see if the right is specified in the mask. int[] rights = rightType.GetRightTypeValues(); int right = 0; for (int i = 0; i < rights.Length; i++) { right = rights[i]; securityResults.GetByTypeRight(rightType, right).AuditSuccess = (allowedMask & right) == right; securityResults.GetByTypeRight(rightType, right).AuditFailure = (deniedMask & right) == right; } } }