Exemplo n.º 1
0
 private AuthZAccessCheckResult[] AccessCheck(AuthZContext context, SecurityDescriptor sd, Sid object_sid, ObjectTypeTree tree)
 {
     if (context.Remote && tree?.Count > kMaxRemoteObjectTypes)
     {
         return(tree.Split(kMaxRemoteObjectTypes).SelectMany(t => AccessCheck(context, sd, object_sid, t)).ToArray());
     }
     return(context.AccessCheck(sd, null, DirectoryServiceAccessRights.MaximumAllowed, object_sid, tree?.ToArray(), sd.NtType));
 }
Exemplo n.º 2
0
 internal TokenInformation(AuthZContext context)
 {
     SourceData         = new Dictionary <string, object>();
     User               = context.User.Sid;
     IntegrityLevel     = TokenIntegrityLevel.Medium;
     TokenType          = TokenType.Impersonation;
     ImpersonationLevel = SecurityImpersonationLevel.Impersonation;
     Groups             = context.Groups.ToList().AsReadOnly();
 }
Exemplo n.º 3
0
 /// <summary>
 /// Constructor.
 /// </summary>
 public GetAccessibleDsObject()
 {
     _context       = new DisposableList <AuthZContext>();
     _token_info    = new List <TokenInformation>();
     _checked_paths = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
     ObjectClass    = new string[0];
     Exclude        = new string[0];
     Include        = new string[0];
     Context        = new AuthZContext[0];
     Depth          = int.MaxValue;
 }
Exemplo n.º 4
0
        private bool CheckUserId(FirewallFilter filter, Guid condition_guid, AuthZContext context)
        {
            if (!filter.HasCondition(condition_guid))
            {
                return(true);
            }

            FirewallFilterCondition condition = filter.GetCondition(condition_guid);

            if (!(condition.Value.Value is SecurityDescriptor sd))
            {
                return(false);
            }
            switch (condition.MatchType)
            {
            case FirewallMatchType.Equal:
            case FirewallMatchType.NotEqual:
                break;

            default:
                return(false);
            }

            if (sd.Owner == null || sd.Group == null)
            {
                sd = sd.Clone();
                if (sd.Owner == null)
                {
                    sd.Owner = new SecurityDescriptorSid(KnownSids.LocalSystem, true);
                }
                if (sd.Group == null)
                {
                    sd.Group = new SecurityDescriptorSid(KnownSids.LocalSystem, true);
                }
            }
            bool result = context.AccessCheck(sd, null, FirewallFilterAccessRights.Match,
                                              null, null, FirewallUtils.FirewallFilterType).First().IsSuccess;

            return(condition.MatchType == FirewallMatchType.Equal ? result : !result);
        }
Exemplo n.º 5
0
 private static void AddGroups(AuthZContext context, AuthZGroupSidType type, IEnumerable <UserGroup> groups)
 {
     groups = groups.Where(FilterGroup).Select(MapGroupAttributes);
     context.ModifyGroups(type, groups, groups.Select(_ => AuthZSidOperation.Add));
 }
Exemplo n.º 6
0
 private AccessMask AccessCheckSingle(AuthZContext context, SecurityDescriptor sd, Sid object_sid, IDirectoryServiceObjectTree tree)
 {
     return(context.AccessCheck(sd, null, DirectoryServiceAccessRights.MaximumAllowed, object_sid,
                                tree?.ToObjectTypeTree()?.ToArray(), sd.NtType).First().GrantedAccess);
 }