private MaximumAccess GetMaxAccess(TokenEntry token, NtObject obj, ulong obj_address, Dictionary <ulong, MaximumAccess> max_access)
        {
            if (max_access.ContainsKey(obj_address))
            {
                return(max_access[obj_address]);
            }

            NtType type = obj.NtType;

            if (!type.SecurityRequired && String.IsNullOrEmpty(GetObjectName(obj)))
            {
                max_access[obj_address] = new MaximumAccess(type.GenericMapping.GenericAll, String.Empty);
                return(max_access[obj_address]);
            }

            var result = obj.GetSecurityDescriptor(SecurityInformation.AllBasic, false);

            if (!result.IsSuccess && !obj.IsAccessMaskGranted(GenericAccessRights.ReadControl))
            {
                // Try and duplicate handle to see if we can just ask for ReadControl.
                using (var dup_obj = obj.DuplicateObject(GenericAccessRights.ReadControl, AttributeFlags.None,
                                                         DuplicateObjectOptions.None, false))
                {
                    if (dup_obj.IsSuccess)
                    {
                        result = dup_obj.Result.GetSecurityDescriptor(SecurityInformation.AllBasic, false);
                    }
                }
            }

            MaximumAccess access = null;

            if (result.IsSuccess)
            {
                access = new MaximumAccess(NtSecurity.GetMaximumAccess(result.Result, token.Token, type.GenericMapping), result.Result.ToSddl());
            }
            else if (type.CanOpen)
            {
                using (var new_obj = ReopenUnderImpersonation(token, type, obj))
                {
                    if (new_obj.IsSuccess)
                    {
                        access = new MaximumAccess(new_obj.Result.GrantedAccessMask, String.Empty);
                    }
                }
            }

            max_access[obj_address] = access;
            return(access);
        }
        private void DumpObject(IEnumerable <TokenEntry> tokens, HashSet <string> type_filter, AccessMask access_rights, NtObject obj, bool is_directory)
        {
            NtType type = obj.NtType;

            if (!IsTypeFiltered(type.Name, type_filter))
            {
                return;
            }

            AccessMask desired_access = type.MapGenericRights(access_rights);
            var        result         = obj.GetSecurityDescriptor(SecurityInformation.AllBasic, false);

            if (!result.IsSuccess && !obj.IsAccessMaskGranted(GenericAccessRights.ReadControl))
            {
                // Try and duplicate handle to see if we can just ask for ReadControl.
                using (var dup_obj = obj.DuplicateObject(GenericAccessRights.ReadControl, AttributeFlags.None, DuplicateObjectOptions.None, false))
                {
                    if (dup_obj.IsSuccess)
                    {
                        result = dup_obj.Result.GetSecurityDescriptor(SecurityInformation.AllBasic, false);
                    }
                }
            }

            if (result.IsSuccess)
            {
                foreach (var token in tokens)
                {
                    CheckAccess(token, obj, type, is_directory, desired_access, result.Result);
                }
            }
            else if (type.CanOpen)
            {
                // If we can't read security descriptor then try opening the object.
                foreach (var token in tokens)
                {
                    CheckAccessUnderImpersonation(token, type, is_directory, desired_access, obj);
                }
            }

            // TODO: Do we need a warning here?
        }
        private static SecurityDescriptor GetSecurityDescriptor(NtObject obj)
        {
            SecurityInformation security_info = 0;

            if (obj.IsAccessMaskGranted(GenericAccessRights.ReadControl))
            {
                security_info = SecurityInformation.AllNoSacl;
            }
            if (obj.IsAccessMaskGranted(GenericAccessRights.AccessSystemSecurity))
            {
                security_info |= SecurityInformation.Sacl;
            }
            if (security_info == 0)
            {
                // We can't seem to tell what access we have, just try and get basic information.
                security_info = SecurityInformation.AllBasic;
            }

            return(obj.GetSecurityDescriptor(security_info));
        }
Exemplo n.º 4
0
        private protected NtResult <SecurityDescriptor> GetSecurityDescriptor(NtObject obj)
        {
            SecurityInformation sec_info = GetMaximumSecurityInformation(obj);

            return(obj.GetSecurityDescriptor(sec_info, false));
        }
Exemplo n.º 5
0
 private static string GetSecurityDescriptor(NtObject obj)
 {
     return(GetSecurityDescriptor(obj.GetSecurityDescriptor(SecurityInformation.AllBasic, false).GetResultOrDefault()));
 }