/// <summary>
/// Checks whether the AceFlags attribute of the ACE contains the given AceFlag of the AceAssertion. If the
/// requiredFlag is null, yet the aceFlags are not (or empty), or vice versa, or they DO NOT contain
/// the required flag, a false result is returned.
/// @param aceFlags
/// list of AceFlags from the ACE
/// @param requiredFlag
/// AceFlag required by the AceAssertion (e.g., AceFlag.CONTAINER_INHERIT_ACE)
/// @param isDenial
/// whether the AceType is a denial, in which case the aceFlags must not contain AceFlag.INHERITED_ACE
/// and the requiredFlag is ignored.
/// @return true if match, false if not
/// </summary>
private bool DoRequiredFlagsMatch(List <AceFlag> aceFlags, AceFlag requiredFlag, bool isDenial)
{
var res = true;
if (isDenial)
{
// If the AceType is denial, the flags must NOT contain the inherited flag. Such denials are ineffective
// when countered by an allowed right, so we only consider non-inherited denials as a match.
if (aceFlags == null || !aceFlags.Contains(AceFlag.InheritedAce))
{
res = true;
}
else
{
res = false;
}
}
else if (requiredFlag != AceFlag.None)
{
// aceFlags could be null if the ACE applies to 'this object only' and has no other flags set
if (aceFlags == null || aceFlags.Count == 0 || !aceFlags.Contains(requiredFlag))
{
res = false;
}
}
else if (aceFlags != null && aceFlags.Count != 0)
{
res = false;
}
return(res);
}
public static string GetString(this AceFlag flag)
{
switch (flag)
{
case AceFlag.ContainerInheritAce:
return("CI");
case AceFlag.FailedAccessAceFlag:
return("FA");
case AceFlag.InheritOnlyAce:
return("IO");
case AceFlag.InheritedAce:
return("ID");
case AceFlag.NoPropagateInheritAce:
return("NP");
case AceFlag.ObjectInheritAce:
return("OI");
case AceFlag.SuccessfulAccessAceFlag:
return("SA");
case AceFlag.None:
return(string.Empty);
default:
return(flag.ToString());
}
}
/// <summary>
/// AceAssertion constructor
/// </summary>
/// <param name="aceRight">
/// A single AceRight (e.g.: use AceRights.parseValue(0x00000004) if AceRights.ObjectRight enum does not contain
/// desired right.) MUST be specified.
/// </param>
/// <param name="aceObjFlags">One or more AceObjectFlags, may be null.</param>
/// <param name="objectType">Object type GUID. Must be set if Flag.ACE_OBJECT_TYPE_PRESENT is in aceObjFlags</param>
/// <param name="inheritedObjectType">
/// Inherited object type GUID. Must be set if Flag.ACE_INHERITED_OBJECT_TYPE_PRESENT is in aceObjFlags
/// </param>
/// <param name="requiredFlag">Single AceFlag that stipulates an ACE must contain it; may be null.</param>
/// <param name="excludedFlag">Single AceFlag that stipulates an ACE must NOT contain it; may be null.</param>
public AceAssertion(AceRights aceRight, AceObjectFlags aceObjFlags, Guid?objectType, Guid?inheritedObjectType,
AceFlag requiredFlag, AceFlag excludedFlag)
{
this.aceRight = aceRight;
this.aceObjectFlags = aceObjFlags;
this.objectType = objectType;
this.inheritedObjectType = inheritedObjectType;
this.requiredFlag = requiredFlag;
this.excludedFlag = excludedFlag;
}
/// <summary>
/// Checks whether the AceFlags attribute of the ACE contains the given AceFlag of the AceAssertion. If the
/// excludedFlag is null, or the {@code aceFlags} are null (or empty), or are non-null and do DO NOT contain
/// the excluded flag, a false result is returned. Otherwise, a true result is returned.
/// @param aceFlags
/// list of AceFlags from the ACE
/// @param excludedFlag
/// AceFlag disallowed by the AceAssertion (e.g., AceFlag.INHERIT_ONLY_ACE)
/// @param isDenial
/// whether the AceType is a denial, in which case the excludedFlag evaluation is skipped
/// @return true if AceFlags is excluded, false if not
/// </summary>
private bool IsAceExcluded(List <AceFlag> aceFlags, AceFlag excludedFlag, bool isDenial)
{
var res = false;
if (excludedFlag != AceFlag.None && !isDenial)
{
// aceFlags could be null if the ACE applies to 'this object only' and has no other flags set
if (aceFlags != null && aceFlags.Count != 0 && aceFlags.Contains(excludedFlag))
{
res = true;
}
}
return(res);
}
/// <summary> /// Adds ACE flag. /// @param flag ACE flag. /// AceFlag /// </summary> public void AddFlag(AceFlag flag) => this.flags.Add(flag);
