internal virtual bool IsAceMeaningless(GenericAce ace)
{
AceFlags flags = ace.AceFlags;
KnownAce knownAce = ace as KnownAce;
if (knownAce != null)
{
if (0 == knownAce.AccessMask)
{
return(true);
}
if (0 != (flags & AceFlags.InheritOnly))
{
if (knownAce is ObjectAce)
{
return(true);
}
if (!IsContainer)
{
return(true);
}
if (0 == (flags & (AceFlags.ContainerInherit | AceFlags.ObjectInherit)))
{
return(true);
}
}
}
return(false);
}
/// <summary>确定指定的 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象是否等同于当前的 <see cref="T:System.Security.AccessControl.GenericAce" />。</summary>
/// <returns>如果指定的 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象等于当前的 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象,则为 true;否则为 false。</returns>
/// <param name="o">要与当前 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象进行比较的 <see cref="T:System.Security.AccessControl.GenericAce" /> 对象。</param>
public override sealed bool Equals(object o)
{
if (o == null)
{
return(false);
}
GenericAce genericAce = o as GenericAce;
if (genericAce == (GenericAce)null || this.AceType != genericAce.AceType || this.AceFlags != genericAce.AceFlags)
{
return(false);
}
int binaryLength1 = this.BinaryLength;
int binaryLength2 = genericAce.BinaryLength;
if (binaryLength1 != binaryLength2)
{
return(false);
}
byte[] binaryForm1 = new byte[binaryLength1];
byte[] binaryForm2 = new byte[binaryLength2];
this.GetBinaryForm(binaryForm1, 0);
genericAce.GetBinaryForm(binaryForm2, 0);
for (int index = 0; index < binaryForm1.Length; ++index)
{
if ((int)binaryForm1[index] != (int)binaryForm2[index])
{
return(false);
}
}
return(true);
}
private static ComparisonResult CompareAces(GenericAce ace1, GenericAce ace2, bool isDacl)
{
int num = isDacl ? DaclAcePriority(ace1) : SaclAcePriority(ace1);
int num2 = isDacl ? DaclAcePriority(ace2) : SaclAcePriority(ace2);
if (num < num2)
{
return(ComparisonResult.LessThan);
}
if (num > num2)
{
return(ComparisonResult.GreaterThan);
}
KnownAce ace = ace1 as KnownAce;
KnownAce ace3 = ace2 as KnownAce;
if ((ace != null) && (ace3 != null))
{
int num3 = ace.SecurityIdentifier.CompareTo(ace3.SecurityIdentifier);
if (num3 < 0)
{
return(ComparisonResult.LessThan);
}
if (num3 > 0)
{
return(ComparisonResult.GreaterThan);
}
}
return(ComparisonResult.EqualTo);
}
private static int DaclAcePriority(GenericAce ace)
{
AceType aceType = ace.AceType;
if (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)
{
return(0x1fffe + ace._indexInAcl);
}
switch (aceType)
{
case AceType.AccessDenied:
case AceType.AccessDeniedCallback:
return(0);
case AceType.AccessDeniedObject:
case AceType.AccessDeniedCallbackObject:
return(1);
case AceType.AccessAllowed:
case AceType.AccessAllowedCallback:
return(2);
case AceType.AccessAllowedObject:
case AceType.AccessAllowedCallbackObject:
return(3);
}
return(0xffff + ace._indexInAcl);
}
internal CommonAcl(bool isContainer, bool isDS, System.Security.AccessControl.RawAcl rawAcl, bool trusted, bool isDacl)
{
if (rawAcl == null)
{
throw new ArgumentNullException("rawAcl");
}
this._isContainer = isContainer;
this._isDS = isDS;
if (trusted)
{
this._acl = rawAcl;
this.RemoveMeaninglessAcesAndFlags(isDacl);
}
else
{
this._acl = new System.Security.AccessControl.RawAcl(rawAcl.Revision, rawAcl.Count);
for (int i = 0; i < rawAcl.Count; i++)
{
GenericAce ace = rawAcl[i].Copy();
if (this.InspectAce(ref ace, isDacl))
{
this._acl.InsertAce(this._acl.Count, ace);
}
}
}
if (this.CanonicalCheck(isDacl))
{
this.Canonicalize(true, isDacl);
this._isCanonical = true;
}
else
{
this._isCanonical = false;
}
}
public void RemoveAce(int index)
{
GenericAce ace = this._aces[index] as GenericAce;
this._aces.RemoveAt(index);
this._binaryLength -= ace.BinaryLength;
}
public static void DecodeAcl(GenericAce acl, StringBuilder sb, StringBuilder domainSb, StringBuilder usernameSb)
{
sb.Append("(")
.Append("AceType=")
.Append(acl.AceType)
.Append("; AceFlags=")
.Append(acl.AceFlags)
.Append("; AuditFlags=")
.Append(acl.AuditFlags)
.Append("; InheritnaceFlags=")
.Append(acl.InheritanceFlags)
.Append("; IsInherited=")
.Append(acl.IsInherited)
.Append("; PropagationFlags=")
.Append(acl.PropagationFlags);
try
{
var k = acl as KnownAce;
if (k != null)
GetUser(k.SecurityIdentifier, sb, domainSb, usernameSb);
}
catch
{
}
sb.Append(")");
}
public void InsertAce(int index, GenericAce ace)
{
if (ace == null)
{
throw new ArgumentNullException("ace");
}
list.Insert(index, ace);
}
// Insert an access control element into this ACL.
public void InsertAce(int index, GenericAce ace)
{
if(ace == null)
{
throw new ArgumentNullException("ace");
}
elements.Insert(index, ace);
}
/// <summary>为指定的 <see cref="T:System.Security.Principal.SecurityIdentifier" /> 对象设置指定的审核规则。在指定对象类型或继承的对象类型时,为目录对象的访问控制列表 (ACL) 使用此方法。</summary>
/// <param name="auditFlags">要设置的审核条件。</param>
/// <param name="sid">要为其设置审核规则的 <see cref="T:System.Security.Principal.SecurityIdentifier" />。</param>
/// <param name="accessMask">新审核规则的访问掩码。</param>
/// <param name="inheritanceFlags">指定新审核规则的继承属性的标志。</param>
/// <param name="propagationFlags">指定新审核规则的继承传播属性的标志。</param>
/// <param name="objectFlags">指定 <paramref name="objectType" /> 和 <paramref name="inheritedObjectType" /> 参数是否包含非 null 值的标志。</param>
/// <param name="objectType">新审核规则所应用到的对象的类标识。</param>
/// <param name="inheritedObjectType">可以继承新审核规则的子对象的类标识。</param>
public void SetAudit(AuditFlags auditFlags, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType)
{
if (!this.IsDS)
{
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_OnlyValidForDS"));
}
this.CheckFlags(inheritanceFlags, propagationFlags);
this.SetQualifiedAce(sid, AceQualifier.SystemAudit, accessMask, GenericAce.AceFlagsFromAuditFlags(auditFlags) | GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), objectFlags, objectType, inheritedObjectType);
}
public void CopyTo (GenericAce [] array, int index)
{
if (array == null)
throw new ArgumentNullException ("array");
if (index < 0 || array.Length - index < Count)
throw new ArgumentOutOfRangeException ("index", "Index must be non-negative integer and must not exceed array length - count");
for (int i = 0; i < Count; i++)
array [i + index] = this [i];
}
private void RemoveMeaninglessAcesAndFlags(bool isDacl)
{
for (int i = this._acl.Count - 1; i >= 0; i--)
{
GenericAce ace = this._acl[i];
if (!this.InspectAce(ref ace, isDacl))
{
this._acl.RemoveAce(i);
}
}
}
private bool InspectAce(ref GenericAce ace, bool isDacl)
{
KnownAce ace2 = ace as KnownAce;
if ((ace2 != null) && (ace2.AccessMask == 0))
{
return(false);
}
if (!this.IsContainer)
{
if (((byte)(ace.AceFlags & AceFlags.InheritOnly)) != 0)
{
return(false);
}
if (((byte)(ace.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit))) != 0)
{
ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 240));
}
}
else
{
if (((((byte)(ace.AceFlags & AceFlags.InheritOnly)) != 0) && (((byte)(ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte)(ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
{
return(false);
}
if (((((byte)(ace.AceFlags & (AceFlags.None | AceFlags.NoPropagateInherit))) != 0) && (((byte)(ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte)(ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
{
ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 0xfb));
}
}
QualifiedAce ace3 = ace2 as QualifiedAce;
if (isDacl)
{
ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 0x3f));
if (((ace3 != null) && (ace3.AceQualifier != AceQualifier.AccessAllowed)) && (ace3.AceQualifier != AceQualifier.AccessDenied))
{
return(false);
}
}
else
{
if (((byte)(ace.AceFlags & AceFlags.AuditFlags)) == 0)
{
return(false);
}
if ((ace3 != null) && (ace3.AceQualifier != AceQualifier.SystemAudit))
{
return(false);
}
}
return(true);
}
/// <summary>Inserts the specified Access Control Entry (ACE) at the specified index.</summary>
/// <param name="index">The position at which to add the new ACE. Specify the value of the <see cref="P:System.Security.AccessControl.RawAcl.Count" /> property to insert an ACE at the end of the <see cref="T:System.Security.AccessControl.RawAcl" /> object.</param>
/// <param name="ace">The ACE to insert.</param>
/// <exception cref="T:System.ArgumentOutOfRangeException">
/// <paramref name="offset" /> is negative or too high to allow the entire <see cref="T:System.Security.AccessControl.GenericAcl" /> to be copied into <paramref name="array" />.</exception>
// Token: 0x06001EA4 RID: 7844 RVA: 0x0006B114 File Offset: 0x00069314
public void InsertAce(int index, GenericAce ace)
{
if (ace == null)
{
throw new ArgumentNullException("ace");
}
if (this.BinaryLength + ace.BinaryLength > GenericAcl.MaxBinaryLength)
{
throw new OverflowException(Environment.GetResourceString("AccessControl_AclTooLong"));
}
this._aces.Insert(index, ace);
}
public void RemoveInheritedAces()
{
this.ThrowIfNotCanonical();
for (int i = this._acl.Count - 1; i >= 0; i--)
{
GenericAce ace = this._acl[i];
if (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)
{
this._acl.RemoveAce(i);
}
}
this.OnAclModificationTried();
}
public void InsertAce(int index, GenericAce ace)
{
if (ace == null)
{
throw new ArgumentNullException("ace");
}
if ((this._binaryLength + ace.BinaryLength) > GenericAcl.MaxBinaryLength)
{
throw new OverflowException(Environment.GetResourceString("AccessControl_AclTooLong"));
}
this._aces.Insert(index, ace);
this._binaryLength += ace.BinaryLength;
}
public override void GetBinaryForm(byte[] binaryForm, int offset)
{
this.MarshalHeader(binaryForm, offset);
offset += 8;
for (int i = 0; i < this.Count; i++)
{
GenericAce ace = this._aces[i] as GenericAce;
ace.GetBinaryForm(binaryForm, offset);
int binaryLength = ace.BinaryLength;
if ((binaryLength % 4) != 0)
{
throw new SystemException();
}
offset += binaryLength;
}
}
/// <summary>将 <see cref="T:System.Security.AccessControl.RawAcl" /> 对象的内容封送到指定字节数组中,其位置从指定的偏移量开始。</summary>
/// <param name="binaryForm">将 <see cref="T:System.Security.AccessControl.RawAcl" /> 的内容封送到的字节数组。</param>
/// <param name="offset">开始封送的偏移量。</param>
/// <exception cref="T:System.ArgumentOutOfRangeException">
/// <paramref name="offset" /> 如果为负数或过高,则会将整个 <see cref="T:System.Security.AccessControl.RawAcl" /> 复制到 <paramref name="array" />。</exception>
public override void GetBinaryForm(byte[] binaryForm, int offset)
{
this.MarshalHeader(binaryForm, offset);
offset += 8;
for (int index = 0; index < this.Count; ++index)
{
GenericAce genericAce = this._aces[index] as GenericAce;
byte[] binaryForm1 = binaryForm;
int offset1 = offset;
genericAce.GetBinaryForm(binaryForm1, offset1);
int binaryLength = genericAce.BinaryLength;
if (binaryLength % 4 != 0)
{
throw new SystemException();
}
offset += binaryLength;
}
}
private void QuickSort(int left, int right, bool isDacl)
{
if (left < right)
{
int num = left;
int num2 = right;
GenericAce ace = this._acl[left];
int num3 = left;
while (left < right)
{
while ((CompareAces(this._acl[right], ace, isDacl) != ComparisonResult.LessThan) && (left < right))
{
right--;
}
if (left != right)
{
this._acl[left] = this._acl[right];
left++;
}
while ((ComparisonResult.GreaterThan != CompareAces(this._acl[left], ace, isDacl)) && (left < right))
{
left++;
}
if (left != right)
{
this._acl[right] = this._acl[left];
right--;
}
}
this._acl[left] = ace;
num3 = left;
left = num;
right = num2;
if (left < num3)
{
this.QuickSort(left, num3 - 1, isDacl);
}
if (right > num3)
{
this.QuickSort(num3 + 1, right, isDacl);
}
}
}
internal static bool ParseBinaryForm(byte[] binaryForm, int offset, out int accessMask, out CompoundAceType compoundAceType, out SecurityIdentifier sid)
{
GenericAce.VerifyHeader(binaryForm, offset);
if (binaryForm.Length - offset >= 12 + SecurityIdentifier.MinBinaryLength)
{
int num1 = offset + 4;
int num2 = 0;
accessMask = (int)binaryForm[num1 + 0] + ((int)binaryForm[num1 + 1] << 8) + ((int)binaryForm[num1 + 2] << 16) + ((int)binaryForm[num1 + 3] << 24);
int num3 = num2 + 4;
compoundAceType = (CompoundAceType)((int)binaryForm[num1 + num3 + 0] + ((int)binaryForm[num1 + num3 + 1] << 8));
int num4 = num3 + 4;
sid = new SecurityIdentifier(binaryForm, num1 + num4);
return(true);
}
accessMask = 0;
compoundAceType = (CompoundAceType)0;
sid = (SecurityIdentifier)null;
return(false);
}
void MergeExplicitAces()
{
int explicitCount = GetCanonicalExplicitAceCount();
for (int i = 0; i < explicitCount - 1;)
{
GenericAce mergedAce = MergeExplicitAcePair(raw_acl [i], raw_acl [i + 1]);
if (null != mergedAce)
{
raw_acl [i] = mergedAce;
raw_acl.RemoveAce(i + 1);
explicitCount--;
}
else
{
i++;
}
}
}
internal static bool ParseBinaryForm(byte[] binaryForm, int offset, out int accessMask, out System.Security.AccessControl.CompoundAceType compoundAceType, out SecurityIdentifier sid)
{
GenericAce.VerifyHeader(binaryForm, offset);
if ((binaryForm.Length - offset) >= (12 + SecurityIdentifier.MinBinaryLength))
{
int index = offset + 4;
int num2 = 0;
accessMask = ((binaryForm[index] + (binaryForm[index + 1] << 8)) + (binaryForm[index + 2] << 0x10)) + (binaryForm[index + 3] << 0x18);
num2 += 4;
compoundAceType = (System.Security.AccessControl.CompoundAceType)(binaryForm[index + num2] + (binaryForm[(index + num2) + 1] << 8));
num2 += 4;
sid = new SecurityIdentifier(binaryForm, index + num2);
return(true);
}
accessMask = 0;
compoundAceType = (System.Security.AccessControl.CompoundAceType) 0;
sid = null;
return(false);
}
internal void SetBinaryForm(byte[] binaryForm, int offset)
{
int count;
int length;
RawAcl.VerifyHeader(binaryForm, offset, out this._revision, out count, out length);
int num1 = length + offset;
offset += 8;
this._aces = new ArrayList(count);
int num2 = 8;
for (int index = 0; index < count; ++index)
{
GenericAce fromBinaryForm = GenericAce.CreateFromBinaryForm(binaryForm, offset);
int binaryLength = fromBinaryForm.BinaryLength;
if (num2 + binaryLength > GenericAcl.MaxBinaryLength)
{
throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAclBinaryForm"), "binaryForm");
}
this._aces.Add((object)fromBinaryForm);
if (binaryLength % 4 != 0)
{
throw new SystemException();
}
num2 += binaryLength;
if ((int)this._revision == (int)GenericAcl.AclRevisionDS)
{
offset += (int)binaryForm[offset + 2] + ((int)binaryForm[offset + 3] << 8);
}
else
{
offset += binaryLength;
}
if (offset > num1)
{
throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAclBinaryForm"), "binaryForm");
}
}
}
static RawAcl CreateRoundtripRawAcl ()
{
SecurityIdentifier sid = new SecurityIdentifier (WellKnownSidType.BuiltinUsersSid, null);
Assert.AreEqual (16, sid.BinaryLength);
GenericAce[] aces = new GenericAce[] {
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 1, sid,
ObjectAceFlags.ObjectAceTypePresent,
Guid.Empty, Guid.Empty, false, new byte[8]),
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 2, sid,
ObjectAceFlags.InheritedObjectAceTypePresent,
Guid.Empty, Guid.Empty, true, new byte[16]),
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
ObjectAceFlags.InheritedObjectAceTypePresent,
Guid.Empty, new Guid ("{8865FB90-A9EB-422F-A8BA-07ECA611D699}"), true, new byte[4]),
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
ObjectAceFlags.ObjectAceTypePresent|ObjectAceFlags.InheritedObjectAceTypePresent,
Guid.Empty, new Guid ("{B893007C-38D5-4827-A698-BA25F1E30BAC}"), true, new byte[4]),
new ObjectAce (AceFlags.None, AceQualifier.AccessAllowed, 4, sid,
ObjectAceFlags.None,
Guid.Empty, new Guid ("{C0F9DF22-C320-4400-B41F-754F69668640}"), true, new byte[4])
};
// Make sure this created right, first of all.
Assert.AreEqual (AceType.AccessAllowedObject, aces [0].AceType);
Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [1].AceType);
Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [2].AceType);
Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [3].AceType);
Assert.AreEqual (AceType.AccessAllowedCallbackObject, aces [4].AceType);
Assert.AreEqual (52, aces [0].BinaryLength);
Assert.AreEqual (60, aces [1].BinaryLength);
Assert.AreEqual (48, aces [2].BinaryLength);
Assert.AreEqual (64, aces [3].BinaryLength);
Assert.AreEqual (32, aces [4].BinaryLength);
RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
for (int i = 0; i < aces.Length; i ++)
acl.InsertAce (i, aces[i]);
return acl;
}
// Token: 0x06001E9B RID: 7835 RVA: 0x0006AEC8 File Offset: 0x000690C8
internal void SetBinaryForm(byte[] binaryForm, int offset)
{
int num;
int num2;
RawAcl.VerifyHeader(binaryForm, offset, out this._revision, out num, out num2);
num2 += offset;
offset += 8;
this._aces = new ArrayList(num);
int num3 = 8;
for (int i = 0; i < num; i++)
{
GenericAce genericAce = GenericAce.CreateFromBinaryForm(binaryForm, offset);
int binaryLength = genericAce.BinaryLength;
if (num3 + binaryLength > GenericAcl.MaxBinaryLength)
{
throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAclBinaryForm"), "binaryForm");
}
this._aces.Add(genericAce);
if (binaryLength % 4 != 0)
{
throw new SystemException();
}
num3 += binaryLength;
if (this._revision == GenericAcl.AclRevisionDS)
{
offset += (int)binaryForm[offset + 2] + ((int)binaryForm[offset + 3] << 8);
}
else
{
offset += binaryLength;
}
if (offset > num2)
{
throw new ArgumentException(Environment.GetResourceString("ArgumentException_InvalidAclBinaryForm"), "binaryForm");
}
}
}
internal override bool IsAceMeaningless(GenericAce ace)
{
if (base.IsAceMeaningless(ace))
{
return(true);
}
if (AuditFlags.None != ace.AuditFlags)
{
return(true);
}
QualifiedAce qace = ace as QualifiedAce;
if (null != qace)
{
if (!(AceQualifier.AccessAllowed == qace.AceQualifier ||
AceQualifier.AccessDenied == qace.AceQualifier))
{
return(true);
}
}
return(false);
}
private static int SaclAcePriority(GenericAce ace)
{
AceType aceType = ace.AceType;
if (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)
{
return(0x1fffe + ace._indexInAcl);
}
switch (aceType)
{
case AceType.SystemAudit:
case AceType.SystemAlarm:
case AceType.SystemAuditCallback:
case AceType.SystemAlarmCallback:
return(0);
case AceType.SystemAuditObject:
case AceType.SystemAlarmObject:
case AceType.SystemAuditCallbackObject:
case AceType.SystemAlarmCallbackObject:
return(1);
}
return(0xffff + ace._indexInAcl);
}
public sealed override bool Equals(object o)
{
if (o == null)
{
return(false);
}
GenericAce ace = o as GenericAce;
if (ace == null)
{
return(false);
}
if ((this.AceType != ace.AceType) || (this.AceFlags != ace.AceFlags))
{
return(false);
}
int binaryLength = this.BinaryLength;
int num2 = ace.BinaryLength;
if (binaryLength != num2)
{
return(false);
}
byte[] binaryForm = new byte[binaryLength];
byte[] buffer2 = new byte[num2];
this.GetBinaryForm(binaryForm, 0);
ace.GetBinaryForm(buffer2, 0);
for (int i = 0; i < binaryForm.Length; i++)
{
if (binaryForm[i] != buffer2[i])
{
return(false);
}
}
return(true);
}
/// <summary>Determines whether the specified <see cref="T:System.Security.AccessControl.GenericAce" /> object is equal to the current <see cref="T:System.Security.AccessControl.GenericAce" /> object.</summary>
/// <param name="o">The <see cref="T:System.Security.AccessControl.GenericAce" /> object to compare to the current <see cref="T:System.Security.AccessControl.GenericAce" /> object.</param>
/// <returns>
/// <see langword="true" /> if the specified <see cref="T:System.Security.AccessControl.GenericAce" /> object is equal to the current <see cref="T:System.Security.AccessControl.GenericAce" /> object; otherwise, <see langword="false" />.</returns>
// Token: 0x06001E51 RID: 7761 RVA: 0x00069F24 File Offset: 0x00068124
public sealed override bool Equals(object o)
{
if (o == null)
{
return(false);
}
GenericAce genericAce = o as GenericAce;
if (genericAce == null)
{
return(false);
}
if (this.AceType != genericAce.AceType || this.AceFlags != genericAce.AceFlags)
{
return(false);
}
int binaryLength = this.BinaryLength;
int binaryLength2 = genericAce.BinaryLength;
if (binaryLength != binaryLength2)
{
return(false);
}
byte[] array = new byte[binaryLength];
byte[] array2 = new byte[binaryLength2];
this.GetBinaryForm(array, 0);
genericAce.GetBinaryForm(array2, 0);
for (int i = 0; i < array.Length; i++)
{
if (array[i] != array2[i])
{
return(false);
}
}
return(true);
}
public RawAcl(byte [] binaryForm, int offset)
{
if (binaryForm == null)
{
throw new ArgumentNullException("binaryForm");
}
if (offset < 0 || offset > binaryForm.Length - 8)
{
throw new ArgumentOutOfRangeException("offset", offset, "Offset out of range");
}
revision = binaryForm[offset];
if (revision != AclRevision && revision != AclRevisionDS)
{
throw new ArgumentException("Invalid ACL - unknown revision", "binaryForm");
}
int binaryLength = ReadUShort(binaryForm, offset + 2);
if (offset > binaryForm.Length - binaryLength)
{
throw new ArgumentException("Invalid ACL - truncated", "binaryForm");
}
int pos = offset + 8;
int numAces = ReadUShort(binaryForm, offset + 4);
list = new List <GenericAce>(numAces);
for (int i = 0; i < numAces; ++i)
{
GenericAce newAce = GenericAce.CreateFromBinaryForm(binaryForm, pos);
list.Add(newAce);
pos += newAce.BinaryLength;
}
}
// A canonical ACL must have ACES sorted according to the following order:
// 1. Access-denied on the object
// 2. Access-denied on a child or property
// 3. Access-allowed on the object
// 4. Access-allowed on a child or property
// 5. All inherited ACEs
private static byte GetComparisonValue(GenericAce ace)
{
if ((ace.AceFlags & AceFlags.Inherited) != 0)
{
return(5);
}
switch (ace.AceType)
{
case AceType.AccessDenied:
case AceType.AccessDeniedCallback:
case AceType.SystemAudit:
case AceType.SystemAlarm:
case AceType.SystemAuditCallback:
case AceType.SystemAlarmCallback:
return(0);
case AceType.AccessDeniedObject:
case AceType.AccessDeniedCallbackObject:
case AceType.SystemAuditObject:
case AceType.SystemAlarmObject:
case AceType.SystemAuditCallbackObject:
case AceType.SystemAlarmCallbackObject:
return(1);
case AceType.AccessAllowed:
case AceType.AccessAllowedCallback:
return(2);
case AceType.AccessAllowedObject:
case AceType.AccessAllowedCallbackObject:
return(3);
default:
return(4);
}
}
internal static RawAcl ParseSddlForm(string sddlForm,
bool isDacl,
ref ControlFlags sdFlags,
ref int pos)
{
ParseFlags(sddlForm, isDacl, ref sdFlags, ref pos);
byte revision = GenericAcl.AclRevision;
List <GenericAce> aces = new List <GenericAce>();
while (pos < sddlForm.Length && sddlForm[pos] == '(')
{
GenericAce ace = GenericAce.CreateFromSddlForm(
sddlForm, ref pos);
if ((ace as ObjectAce) != null)
{
revision = GenericAcl.AclRevisionDS;
}
aces.Add(ace);
}
return(new RawAcl(revision, aces));
}
internal override bool IsAceMeaningless(GenericAce ace)
{
if (base.IsAceMeaningless(ace))
{
return(true);
}
if (!IsValidAuditFlags(ace.AuditFlags))
{
return(true);
}
QualifiedAce qace = ace as QualifiedAce;
if (null != qace)
{
if (!(AceQualifier.SystemAudit == qace.AceQualifier ||
AceQualifier.SystemAlarm == qace.AceQualifier))
{
return(true);
}
}
return(false);
}
// Parameters: // index: // The position at which to add the new ACE. Specify the value of the System.Security.AccessControl.RawAcl.Count // property to insert an ACE at the end of the System.Security.AccessControl.RawAcl // object. // // ace: // The ACE to insert. // // Exceptions: // System.ArgumentOutOfRangeException: // offset is negative or too high to allow the entire System.Security.AccessControl.GenericAcl // to be copied into array. public void InsertAce(int index, GenericAce ace);
internal override bool IsAceMeaningless (GenericAce ace)
{
if (base.IsAceMeaningless (ace)) return true;
QualifiedAce qace = ace as QualifiedAce;
if (null != qace) {
return !(AceQualifier.AccessAllowed == qace.AceQualifier ||
AceQualifier.AccessDenied == qace.AceQualifier);
}
return false;
}
private bool InspectAce(ref GenericAce ace, bool isDacl)
{
KnownAce ace2 = ace as KnownAce;
if ((ace2 != null) && (ace2.AccessMask == 0))
{
return false;
}
if (!this.IsContainer)
{
if (((byte) (ace.AceFlags & AceFlags.InheritOnly)) != 0)
{
return false;
}
if (((byte) (ace.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit))) != 0)
{
ace.AceFlags = (AceFlags) ((byte) (((int) ace.AceFlags) & 240));
}
}
else
{
if (((((byte) (ace.AceFlags & AceFlags.InheritOnly)) != 0) && (((byte) (ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte) (ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
{
return false;
}
if (((((byte) (ace.AceFlags & (AceFlags.None | AceFlags.NoPropagateInherit))) != 0) && (((byte) (ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte) (ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
{
ace.AceFlags = (AceFlags) ((byte) (((int) ace.AceFlags) & 0xfb));
}
}
QualifiedAce ace3 = ace2 as QualifiedAce;
if (isDacl)
{
ace.AceFlags = (AceFlags) ((byte) (((int) ace.AceFlags) & 0x3f));
if (((ace3 != null) && (ace3.AceQualifier != AceQualifier.AccessAllowed)) && (ace3.AceQualifier != AceQualifier.AccessDenied))
{
return false;
}
}
else
{
if (((byte) (ace.AceFlags & AceFlags.AuditFlags)) == 0)
{
return false;
}
if ((ace3 != null) && (ace3.AceQualifier != AceQualifier.SystemAudit))
{
return false;
}
}
return true;
}
public void ContiguousRangeSorting ()
{
SecurityIdentifier[] sids = new SecurityIdentifier[] {
new SecurityIdentifier (WellKnownSidType.BuiltinAdministratorsSid, null), // S-1-5-32-544
new SecurityIdentifier (WellKnownSidType.BuiltinUsersSid, null), // S-1-5-32-545
new SecurityIdentifier (WellKnownSidType.WorldSid, null), // S-1-1-0
new SecurityIdentifier ("S-1-5-40"),
new SecurityIdentifier ("S-1-5-30-123"),
new SecurityIdentifier ("S-1-5-32-99"),
new SecurityIdentifier ("S-1-5-23-45-67"),
new SecurityIdentifier ("S-1-5-32-5432"),
new SecurityIdentifier ("S-1-0-2"),
new SecurityIdentifier ("S-1-6-0")
};
GenericAce[] aces = new GenericAce[sids.Length];
for (int i = 0; i < aces.Length; i ++)
aces [i] = new CommonAce (AceFlags.None, AceQualifier.AccessAllowed, 1, sids[i], false, null);
RawAcl acl = MakeRawAcl (aces);
DiscretionaryAcl dacl = new DiscretionaryAcl (false, false, acl);
Assert.IsTrue (dacl.IsCanonical);
Assert.AreEqual (sids[8], ((CommonAce)dacl [0]).SecurityIdentifier); // S-1-0-2
Assert.AreEqual (sids[2], ((CommonAce)dacl [1]).SecurityIdentifier); // S-1-1-0
Assert.AreEqual (sids[3], ((CommonAce)dacl [2]).SecurityIdentifier); // S-1-5-40
Assert.AreEqual (sids[4], ((CommonAce)dacl [3]).SecurityIdentifier); // S-1-5-30-123
Assert.AreEqual (sids[5], ((CommonAce)dacl [4]).SecurityIdentifier); // S-1-5-32-99
Assert.AreEqual (sids[0], ((CommonAce)dacl [5]).SecurityIdentifier); // S-1-5-32-544
Assert.AreEqual (sids[1], ((CommonAce)dacl [6]).SecurityIdentifier); // S-1-5-32-545
Assert.AreEqual (sids[7], ((CommonAce)dacl [7]).SecurityIdentifier); // S-1-5-32-5432
Assert.AreEqual (sids[6], ((CommonAce)dacl [8]).SecurityIdentifier); // S-1-5-23-45-67
Assert.AreEqual (sids[9], ((CommonAce)dacl [9]).SecurityIdentifier); // S-1-6-0
}
internal virtual bool IsAceMeaningless (GenericAce ace)
{
AceFlags flags = ace.AceFlags;
KnownAce knownAce = ace as KnownAce;
if (knownAce != null) {
if (0 == knownAce.AccessMask) return true;
if (0 != (flags & AceFlags.InheritOnly)) {
if (knownAce is ObjectAce) return true;
if (!IsContainer) return true;
if (0 == (flags & (AceFlags.ContainerInherit|AceFlags.ObjectInherit))) return true;
}
}
return false;
}
GenericAce MergeExplicitAcePair (GenericAce ace1, GenericAce ace2)
{
QualifiedAce qace1 = ace1 as QualifiedAce;
QualifiedAce qace2 = ace2 as QualifiedAce;
if (!(null != qace1 && null != qace2)) return null;
if (!(qace1.AceFlags == qace2.AceFlags && qace1.AceQualifier == qace2.AceQualifier)) return null;
if (!(qace1.SecurityIdentifier == qace2.SecurityIdentifier)) return null;
CommonAce cace1 = ace1 as CommonAce;
CommonAce cace2 = ace2 as CommonAce;
if (null != cace1 && null != cace2) {
return new CommonAce (cace1.AceFlags, cace1.AceQualifier, cace1.AccessMask|cace2.AccessMask,
cace1.SecurityIdentifier, cace1.IsCallback, cace1.GetOpaque());
}
ObjectAce oace1 = ace1 as ObjectAce;
ObjectAce oace2 = ace2 as ObjectAce;
if (null != oace1 && null != oace2) {
// See DiscretionaryAclTest.GuidEmptyMergesRegardlessOfFlagsAndOpaqueDataIsNotConsidered
Guid type1, inheritedType1; GetObjectAceTypeGuids(oace1, out type1, out inheritedType1);
Guid type2, inheritedType2; GetObjectAceTypeGuids(oace2, out type2, out inheritedType2);
if (type1 == type2 && inheritedType1 == inheritedType2) {
return new ObjectAce (oace1.AceFlags, oace1.AceQualifier, oace1.AccessMask|oace2.AccessMask,
oace1.SecurityIdentifier,
oace1.ObjectAceFlags, oace1.ObjectAceType, oace1.InheritedObjectAceType,
oace1.IsCallback, oace1.GetOpaque());
}
}
return null;
}
//
// Compares two system ACEs and returns
// LessThan if ace1 < ace2
// EqualTo if ace1 == ace2
// GreaterThan if ace1 > ace2
//
// The order is:
// - explicit audit or alarm ACEs
// - explicit audit or alarm object ACEs
// - inherited ACEs (in the original order )
// - user-defined ACEs (in the original order )
//
private static int SaclAcePriority( GenericAce ace )
{
int result;
AceType type = ace.AceType;
if (( ace.AceFlags & AceFlags.Inherited ) != 0 )
{
result = 2 * ushort.MaxValue + ace._indexInAcl;
}
else if ( type == AceType.SystemAudit ||
type == AceType.SystemAlarm ||
type == AceType.SystemAuditCallback ||
type == AceType.SystemAlarmCallback )
{
result = 0;
}
else if ( type == AceType.SystemAuditObject ||
type == AceType.SystemAlarmObject ||
type == AceType.SystemAuditCallbackObject ||
type == AceType.SystemAlarmCallbackObject )
{
result = 1;
}
else
{
result = ushort.MaxValue + ace._indexInAcl;
}
return result;
}
/// <summary>Removes the specified access control rule from the current <see cref="T:System.Security.AccessControl.DiscretionaryAcl" /> object.</summary>
/// <param name="accessType">The type of access control (allow or deny) to remove.</param>
/// <param name="sid">The <see cref="T:System.Security.Principal.SecurityIdentifier" /> for which to remove an access control rule.</param>
/// <param name="accessMask">The access mask for the rule to be removed.</param>
/// <param name="inheritanceFlags">Flags that specify the inheritance properties of the rule to be removed.</param>
/// <param name="propagationFlags">Flags that specify the inheritance propagation properties for the rule to be removed.</param>
/// <returns>
/// <see langword="true" /> if this method successfully removes the specified access; otherwise, <see langword="false" />.</returns>
// Token: 0x06001EEA RID: 7914 RVA: 0x0006CD78 File Offset: 0x0006AF78
public bool RemoveAccess(AccessControlType accessType, SecurityIdentifier sid, int accessMask, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
base.CheckAccessType(accessType);
this.everyOneFullAccessForNullDacl = false;
return(base.RemoveQualifiedAces(sid, (accessType == AccessControlType.Allow) ? AceQualifier.AccessAllowed : AceQualifier.AccessDenied, accessMask, GenericAce.AceFlagsFromInheritanceFlags(inheritanceFlags, propagationFlags), false, ObjectAceFlags.None, Guid.Empty, Guid.Empty));
}
private static int SaclAcePriority(GenericAce ace)
{
AceType aceType = ace.AceType;
if (((byte) (ace.AceFlags & AceFlags.Inherited)) != 0)
{
return (0x1fffe + ace._indexInAcl);
}
switch (aceType)
{
case AceType.SystemAudit:
case AceType.SystemAlarm:
case AceType.SystemAuditCallback:
case AceType.SystemAlarmCallback:
return 0;
case AceType.SystemAuditObject:
case AceType.SystemAlarmObject:
case AceType.SystemAuditCallbackObject:
case AceType.SystemAlarmCallbackObject:
return 1;
}
return (0xffff + ace._indexInAcl);
}
public GenericAce Copy()
{
byte[] buffer = new byte[BinaryLength];
GetBinaryForm(buffer, 0);
return(GenericAce.CreateFromBinaryForm(buffer, 0));
}
//
// Inspects the ACE, modifies it by stripping away unnecessary or
// meaningless flags.
// Returns 'true' if the ACE should remain in the ACL, 'false' otherwise
//
private bool InspectAce( ref GenericAce ace, bool isDacl )
{
const AceFlags AuditFlags =
AceFlags.SuccessfulAccess |
AceFlags.FailedAccess;
const AceFlags InheritFlags =
AceFlags.ObjectInherit |
AceFlags.ContainerInherit |
AceFlags.NoPropagateInherit |
AceFlags.InheritOnly;
//
// Any ACE without at least one bit set in the access mask can be removed
//
KnownAce knownAce = ace as KnownAce;
if ( knownAce != null )
{
if ( knownAce.AccessMask == 0 )
{
return false;
}
}
if ( !IsContainer )
{
//
// On a leaf object ACL, inheritance bits are meaningless.
// Specifically, an ACE marked "inherit-only" will never participate
// in access control and can be removed.
// Similarly, an ACE marked "container-inherit", "no-propagate-inherit"
// or "object-inherit" can have those bits cleared since they carry
// no meaning.
//
if (( ace.AceFlags & AceFlags.InheritOnly ) != 0 )
{
return false;
}
if (( ace.AceFlags & InheritFlags ) != 0 )
{
unchecked { ace.AceFlags &= ~InheritFlags; }
}
}
else
{
//
// Without either "container inherit" or "object inherit" to go with it,
// the InheritOnly bit is meaningless and the entire ACE can be removed.
//
if ((( ace.AceFlags & AceFlags.InheritOnly ) != 0 ) &&
(( ace.AceFlags & AceFlags.ContainerInherit ) == 0 ) &&
(( ace.AceFlags & AceFlags.ObjectInherit ) == 0 ))
{
return false;
}
//
// Without either "container inherit" or "object inherit" to go with it,
// the NoPropagateInherit bit is meaningless and can be turned off.
//
if ((( ace.AceFlags & AceFlags.NoPropagateInherit ) != 0 ) &&
(( ace.AceFlags & AceFlags.ContainerInherit ) == 0 ) &&
(( ace.AceFlags & AceFlags.ObjectInherit ) == 0 ))
{
unchecked { ace.AceFlags &= ~AceFlags.NoPropagateInherit; }
}
}
QualifiedAce qualifiedAce = knownAce as QualifiedAce;
if ( isDacl )
{
//
// There is no place for audit flags on a DACL
//
unchecked { ace.AceFlags &= ~AuditFlags; }
if ( qualifiedAce != null )
{
//
// Qualified ACEs in a DACL must be allow or deny ACEs
//
if ( qualifiedAce.AceQualifier != AceQualifier.AccessAllowed &&
qualifiedAce.AceQualifier != AceQualifier.AccessDenied )
{
return false;
}
}
}
else
{
//
// On a SACL, any ACE that does not specify Success or Failure
// flags can be removed
//
if (( ace.AceFlags & AuditFlags ) == 0 )
{
return false;
}
//
// Qualified ACEs in a SACL must be audit ACEs
//
if ( qualifiedAce != null )
{
if ( qualifiedAce.AceQualifier != AceQualifier.SystemAudit )
{
return false;
}
}
}
return true;
}
static RawAcl MakeRawAcl (GenericAce[] aces)
{
RawAcl acl = new RawAcl (RawAcl.AclRevision, 0);
for (int i = 0; i < aces.Length; i ++) { acl.InsertAce (i, aces [i]); }
return acl;
}
//
// Adds an ACE at the specified index
//
public void InsertAce( int index, GenericAce ace )
{
if ( ace == null )
{
throw new ArgumentNullException( "ace" );
}
Contract.EndContractBlock();
if ( BinaryLength + ace.BinaryLength > MaxBinaryLength )
{
throw new OverflowException( Environment.GetResourceString( "AccessControl_AclTooLong" ));
}
_aces.Insert( index, ace );
}
private static int DaclAcePriority(GenericAce ace)
{
AceType aceType = ace.AceType;
if (((byte) (ace.AceFlags & AceFlags.Inherited)) != 0)
{
return (0x1fffe + ace._indexInAcl);
}
switch (aceType)
{
case AceType.AccessDenied:
case AceType.AccessDeniedCallback:
return 0;
case AceType.AccessDeniedObject:
case AceType.AccessDeniedCallbackObject:
return 1;
case AceType.AccessAllowed:
case AceType.AccessAllowedCallback:
return 2;
case AceType.AccessAllowedObject:
case AceType.AccessAllowedCallbackObject:
return 3;
}
return (0xffff + ace._indexInAcl);
}
private static ComparisonResult CompareAces(GenericAce ace1, GenericAce ace2, bool isDacl)
{
int num = isDacl ? DaclAcePriority(ace1) : SaclAcePriority(ace1);
int num2 = isDacl ? DaclAcePriority(ace2) : SaclAcePriority(ace2);
if (num < num2)
{
return ComparisonResult.LessThan;
}
if (num > num2)
{
return ComparisonResult.GreaterThan;
}
KnownAce ace = ace1 as KnownAce;
KnownAce ace3 = ace2 as KnownAce;
if ((ace != null) && (ace3 != null))
{
int num3 = ace.SecurityIdentifier.CompareTo(ace3.SecurityIdentifier);
if (num3 < 0)
{
return ComparisonResult.LessThan;
}
if (num3 > 0)
{
return ComparisonResult.GreaterThan;
}
}
return ComparisonResult.EqualTo;
}
public void CopyTo( GenericAce[] array, int index )
{
(( ICollection )this ).CopyTo( array, index );
}
//
// Adds an ACE at the specified index
//
public void InsertAce( int index, GenericAce ace )
{
if ( ace == null )
{
throw new ArgumentNullException( nameof(ace));
}
Contract.EndContractBlock();
if ( BinaryLength + ace.BinaryLength > MaxBinaryLength )
{
throw new OverflowException( SR.AccessControl_AclTooLong );
}
_aces.Insert( index, ace );
}
//
// Compares two discretionary ACEs and returns
// LessThan if ace1 < ace2
// EqualTo if ace1 == ace2
// GreaterThan if ace1 > ace2
//
// The order is:
// - explicit Access Denied ACEs
// [regular aces first, then object aces]
// - explicit Access Allowed ACEs
// [regular aces first, then object aces]
// - inherited ACEs (in the original order )
// - user-defined ACEs (in the original order )
//
private static int DaclAcePriority( GenericAce ace)
{
int result;
AceType type = ace.AceType;
if (( ace.AceFlags & AceFlags.Inherited ) != 0 )
{
//
// inherited aces are at the end as a group
//
result = 2 * ushort.MaxValue + ace._indexInAcl;
}
else if ( type == AceType.AccessDenied ||
type == AceType.AccessDeniedCallback )
{
result = 0;
}
else if ( type == AceType.AccessDeniedObject ||
type == AceType.AccessDeniedCallbackObject )
{
result = 1;
}
else if ( type == AceType.AccessAllowed ||
type == AceType.AccessAllowedCallback )
{
result = 2;
}
else if ( type == AceType.AccessAllowedObject ||
type == AceType.AccessAllowedCallbackObject )
{
result = 3;
}
else
{
//
// custom aces are at the second group
//
result = ushort.MaxValue + ace._indexInAcl;
}
return result;
}
public void CopyTo(GenericAce[] array, int index)
{
}
private static ComparisonResult CompareAces( GenericAce ace1, GenericAce ace2, bool isDacl )
{
int ace1Priority = isDacl ? DaclAcePriority( ace1 ) : SaclAcePriority( ace1 );
int ace2Priority = isDacl ? DaclAcePriority( ace2 ) : SaclAcePriority( ace2 );
if ( ace1Priority < ace2Priority )
{
return ComparisonResult.LessThan;
}
else if ( ace1Priority > ace2Priority )
{
return ComparisonResult.GreaterThan;
}
else
{
KnownAce k_ace1 = ace1 as KnownAce;
KnownAce k_ace2 = ace2 as KnownAce;
if ( k_ace1 != null && k_ace2 != null )
{
int result = k_ace1.SecurityIdentifier.CompareTo( k_ace2.SecurityIdentifier );
if ( result < 0 )
{
return ComparisonResult.LessThan;
}
else if ( result > 0 )
{
return ComparisonResult.GreaterThan;
}
}
return ComparisonResult.EqualTo;
}
}
internal override bool IsAceMeaningless (GenericAce ace)
{
if (base.IsAceMeaningless (ace)) return true;
QualifiedAce qace = ace as QualifiedAce;
if (null != qace) {
return !(AceQualifier.SystemAudit == qace.AceQualifier ||
AceQualifier.SystemAlarm == qace.AceQualifier);
}
return false;
}