/// <summary> /// ProcessRecord method. /// </summary> protected override void ProcessRecord() { CommonSecurityDescriptor rawSecurityDescriptor = null; try { rawSecurityDescriptor = new CommonSecurityDescriptor(isContainer: false, isDS: false, Sddl); } catch (Exception e) { var ioe = PSTraceSource.NewInvalidOperationException(e, UtilityCommonStrings.InvalidSDDL, e.Message); ThrowTerminatingError(new ErrorRecord(ioe, "InvalidSDDL", ErrorCategory.InvalidArgument, Sddl)); } string owner = ConvertToNTAccount(rawSecurityDescriptor.Owner); string group = ConvertToNTAccount(rawSecurityDescriptor.Group); AccessRightTypeNames?typeToUse = _isTypeSet ? _type : (AccessRightTypeNames?)null; string[] discretionaryAcl = ConvertAccessControlListToStrings(rawSecurityDescriptor.DiscretionaryAcl, typeToUse); string[] systemAcl = ConvertAccessControlListToStrings(rawSecurityDescriptor.SystemAcl, typeToUse); var outObj = new SecurityDescriptorInfo(owner, group, discretionaryAcl, systemAcl, rawSecurityDescriptor); WriteObject(outObj); }
private string[] ConvertAccessControlListToStrings(CommonAcl acl, AccessRightTypeNames?typeName) { if (acl == null || acl.Count == 0) { return(Array.Empty <string>()); } List <string> aceStringList = new List <string>(acl.Count); foreach (CommonAce ace in acl) { StringBuilder aceString = new StringBuilder(); string ntAccount = ConvertToNTAccount(ace.SecurityIdentifier); aceString.Append($"{ntAccount}: {ace.AceQualifier}"); if (ace.AceFlags != AceFlags.None) { aceString.Append($" {ace.AceFlags}"); } List <string> accessRightList = GetApplicableAccessRights(ace.AccessMask, typeName); if (accessRightList.Count > 0) { string accessRights = String.Join(", ", accessRightList); aceString.Append($" ({accessRights})"); } aceStringList.Add(aceString.ToString()); } return(aceStringList.ToArray()); }
private List <string> GetApplicableAccessRights(int accessMask, AccessRightTypeNames?typeName) { List <Type> typesToExamine = new List <Type>(); List <string> foundAccessRightNames = new List <string>(); HashSet <int> foundAccessRightValues = new HashSet <int>(); if (typeName != null) { typesToExamine.Add(GetRealAccessRightType(typeName.Value)); } else { foreach (AccessRightTypeNames member in Enum.GetValues(typeof(AccessRightTypeNames))) { typesToExamine.Add(GetRealAccessRightType(member)); } } foreach (Type accessRightType in typesToExamine) { foreach (string memberName in Enum.GetNames(accessRightType)) { int memberValue = (int)Enum.Parse(accessRightType, memberName); if (!foundAccessRightValues.Contains(memberValue)) { foundAccessRightValues.Add(memberValue); if ((accessMask & memberValue) == memberValue) { foundAccessRightNames.Add(memberName); } } } } foundAccessRightNames.Sort(StringComparer.OrdinalIgnoreCase); return(foundAccessRightNames); }