static PermissionsCheck()
{
if (PlatformCheck.CurrentlyRunningInWindows())
groups = WindowsIdentity.GetCurrent().Groups;
else
groups = new IdentityReferenceCollection();
if (PlatformCheck.CurrentlyRunningInWindows())
sidCurrentUser = WindowsIdentity.GetCurrent().User.Value;
}
private IList <string> getStringNameGroups(IdentityReferenceCollection groups)
{
var groupsNames = new List <string>();
groups.ToList().ForEach(g =>
{
var nomeArray = g.Translate(typeof(NTAccount)).ToString().Split(new char[] { '\\' });
groupsNames.Add(nomeArray[nomeArray.Length - 1]);
});
return(groupsNames);
}
static void Main(string[] args)
{
while (true)
{
Helper.Timer(() =>
{
"Calling Service".ConsoleYellow();
var handler = new HttpClientHandler();
handler.UseDefaultCredentials = true;
var client = new HttpClient(handler) { BaseAddress = _baseAddress };
var response = client.GetAsync("identity").Result;
response.EnsureSuccessStatusCode();
var identity = response.Content.ReadAsAsync<ViewClaims>().Result;
identity.ForEach(c => Helper.ShowClaim(c));
// convert SIDs to NT account names
"\nConvert SIDs\n".ConsoleYellow();
// this approach does one round trip to the authority (e.g. domain controller) per SID
identity.ForEach(c =>
{
if (c.ClaimType == ClaimTypes.GroupSid)
{
Console.WriteLine(c.Value);
var name = new SecurityIdentifier(c.Value).Translate(typeof(NTAccount));
name.Value.ConsoleGreen();
Console.WriteLine();
}
});
// this approach collects all SIDs first, and does a single round trip
var sids = new IdentityReferenceCollection(16);
identity.ForEach(c =>
{
if (c.ClaimType == ClaimTypes.GroupSid)
{
sids.Add(new SecurityIdentifier(c.Value));
}
});
"\nGroups:\n".ConsoleYellow();
var groups = sids.Translate(typeof(NTAccount));
groups.ToList().ForEach(g => Console.WriteLine(g.Value));
});
Console.ReadLine();
}
}
// checks if a group belongs to the current user's groups
private bool IsUserInGroup(string fsRuleReference, IdentityReferenceCollection currentUsersGroups)
{
foreach (IdentityReference currentUsersIndividualGroup in currentUsersGroups)
{
if (fsRuleReference == currentUsersIndividualGroup.Value.ToLower())
{
return(true);
}
}
return(false);
}
private List <string> GetUsergroups(IdentityReferenceCollection irc)
{
List <string> lista = new List <string>();
foreach (IdentityReference group in irc)
{
SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier));
var name = sid.Translate(typeof(NTAccount));
lista.Add(name.ToString());
}
return(lista);
}
private static bool AuthorizeRequest(WindowsIdentity wid)
{
IdentityReferenceCollection groups = wid.Groups;
foreach (IdentityReference left in groups)
{
if (left == SupportApiService.s_localAdminsSid)
{
return(true);
}
}
return(false);
}
public static void showGroupsForCurrentUser()
{
// get the SIDs for my groups
IdentityReferenceCollection myGroups = WindowsIdentity.GetCurrent().Groups;
// translate them into NTaccount types
IdentityReferenceCollection myGroups2 = myGroups.Translate(typeof(NTAccount));
foreach (IdentityReference ir in myGroups2)
{
Console.WriteLine(ir.ToString());
}
}
public static bool IsUserInGroup(string groupName)
{
WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
IdentityReferenceCollection userGroups = currentUser.Groups;
foreach (IdentityReference group in userGroups)
{
IdentityReference translated = group.Translate(typeof(NTAccount));
Console.WriteLine(translated.Value);
}
return(false);
}
//Sample Helper Function used by Listing 10.21
private IdentityReferenceCollection ExpandTokenGroups(
DirectoryEntry user)
{
user.RefreshCache(new string[] { "tokenGroups" });
IdentityReferenceCollection irc =
new IdentityReferenceCollection();
foreach (byte[] sidBytes in user.Properties["tokenGroups"])
{
irc.Add(new SecurityIdentifier(sidBytes, 0));
}
return(irc);
}
public static List <string> Getgroups(out string name)
{
WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
IdentityReferenceCollection t = currentUser.Groups;
List <string> groups = new List <string>();
foreach (IdentityReference i in t)
{
groups.Add(new SecurityIdentifier(i.Value).Translate(typeof(NTAccount)).ToString());
GroupList.Add(i);
}
name = currentUser.Name;
return(groups);
}
/// <summary>
/// Checks if given file is readable/writable for the current user
/// The access rights that are expected of each file are: WriteData, ReadData, AppendData, CreateFile
/// </summary>
/// <param name="filePath">file to check for rights</param>
/// <returns>true if file is readable/writable/deletable, false otherwise</returns>
public bool IsSingleFileReadableWritable(string filePath)
{
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
string username = currentIdentity.Name;
IdentityReferenceCollection currentUsersGroups = currentIdentity.Groups.Translate(typeof(NTAccount));
FileSystemRights fsr = GetFilePermissions(username, filePath, currentUsersGroups);
if (!IsReadableWritable(fsr))
{
return(false);
}
return(true);
}
public static bool IsUserAdmin(string username)
{
WindowsIdentity ident = GetWindowsIdentity(username);
IdentityReferenceCollection groups = ident.Groups;
foreach (IdentityReference group in groups)
{
if (group.Value == "S-1-5-32-544") /* BUILTIN\Administrators */
{
return(true);
}
}
return(false);
}
public virtual bool IsInRole (string role) {
if (role == null || role.Length == 0)
return false;
NTAccount ntAccount = new NTAccount(role);
IdentityReferenceCollection source = new IdentityReferenceCollection(1);
source.Add(ntAccount);
IdentityReferenceCollection target = NTAccount.Translate(source, typeof(SecurityIdentifier), false);
SecurityIdentifier sid = target[0] as SecurityIdentifier;
if (sid == null)
return false;
return IsInRole(sid);
}
static void Main(string[] args)
{
while (true)
{
"Calling Service".ConsoleYellow();
Helper.Timer(() =>
{
var proxy = CreateProxy();
var identity = proxy.GetClientIdentity();
identity.ForEach(c => Helper.ShowClaim(c));
// convert SIDs to NT account names
"\nConvert SIDs\n".ConsoleYellow();
// this approach does one round trip to the authority (e.g. domain controller) per SID
identity.ForEach(c =>
{
if (c.ClaimType == ClaimTypes.GroupSid)
{
Console.WriteLine(c.Value);
var name = new SecurityIdentifier(c.Value).Translate(typeof(NTAccount));
name.Value.ConsoleGreen();
Console.WriteLine();
}
});
// this approach collects all SIDs first, and does a single round trip
var sids = new IdentityReferenceCollection(16);
identity.ForEach(c =>
{
if (c.ClaimType == ClaimTypes.GroupSid)
{
sids.Add(new SecurityIdentifier(c.Value));
}
});
"\nGroups:\n".ConsoleYellow();
var groups = sids.Translate(typeof(NTAccount));
groups.ToList().ForEach(g => Console.WriteLine(g.Value));
});
Console.ReadLine();
}
}
private async Task <IActionResult> ProcessWindowsLoginAsync(string returnUrl)
{
// see if windows auth has already been requested and succeeded
AuthenticateResult result = await this.HttpContext.AuthenticateAsync(AccountOptions.WindowsAuthenticationSchemeName);
if (result?.Principal is WindowsPrincipal wp)
{
// we will issue the external cookie and then redirect the
// user back to the external callback, in essence, treating windows
// auth the same as any other external authentication mechanism
AuthenticationProperties props = new AuthenticationProperties()
{
RedirectUri = Url.Action("Callback"),
Items =
{
{ "returnUrl", returnUrl },
{ "scheme", AccountOptions.WindowsAuthenticationSchemeName },
}
};
ClaimsIdentity id = new ClaimsIdentity(AccountOptions.WindowsAuthenticationSchemeName);
id.AddClaim(new Claim(JwtClaimTypes.Subject, wp.FindFirst(ClaimTypes.PrimarySid).Value));
id.AddClaim(new Claim(JwtClaimTypes.Name, wp.Identity.Name));
// add the groups as claims -- be careful if the number of groups is too large
if (AccountOptions.IncludeWindowsGroups)
{
WindowsIdentity wi = wp.Identity as WindowsIdentity;
IdentityReferenceCollection groups = wi.Groups.Translate(typeof(NTAccount));
IEnumerable <Claim> roles = groups.Select(x => new Claim(JwtClaimTypes.Role, x.Value));
id.AddClaims(roles);
}
await HttpContext.SignInAsync(
IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme,
new ClaimsPrincipal(id),
props);
return(Redirect(props.RedirectUri));
}
else
{
// trigger windows auth
// since windows auth don't support the redirect uri,
// this URL is re-triggered when we call challenge
return(Challenge(AccountOptions.WindowsAuthenticationSchemeName));
}
}
static PermissionsCheck()
{
if (PlatformCheck.CurrentlyRunningInWindows())
{
groups = WindowsIdentity.GetCurrent().Groups;
}
else
{
groups = new IdentityReferenceCollection();
}
if (PlatformCheck.CurrentlyRunningInWindows())
{
sidCurrentUser = WindowsIdentity.GetCurrent().User.Value;
}
}
private void initGroup()
{
if (_identity != null)
{
IdentityReferenceCollection colGroups = _identity.Groups;
foreach (IdentityReference group in colGroups)
{
try
{
NTAccount account = (NTAccount)group.Translate(typeof(NTAccount));
string group_name = CutDomain(account.ToString());
if (groups.Contains(group_name) == false)
{
groups.Add(group_name);
}
}
catch (Exception) { }
}
}
try
{
int propertyCount = adUser.Properties["memberOf"].Count;
String dn;
int equalsIndex, commaIndex;
for (int propertyCounter = 0; propertyCounter < propertyCount;
propertyCounter++)
{
dn = (String)adUser.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
continue;
}
string group_name = dn.Substring((equalsIndex + 1),
(commaIndex - equalsIndex) - 1);
if (groups.Contains(group_name) == false)
{
groups.Add(group_name);
}
}
}
catch (Exception) { }
_is_group_initilized = true;
}
public static Dictionary <string, string> TransalateActiveDirectorySids(List <string> sids)
{
var toReturn = new Dictionary <string, string>();
var groups = new IdentityReferenceCollection();
sids.ForEach(s => groups.Add(new SecurityIdentifier(s)));
var names = groups.Translate(typeof(NTAccount), false);
for (var i = 0; i < sids.Count; i++)
{
toReturn.Add(sids[i], names[i].Value);
}
return(toReturn);
}
static bool check_admin()
{
bool admin = false;
WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();
IdentityReferenceCollection group_current_user = windowsIdentity.Groups;
string userName = windowsIdentity.Name;
string sid_admin = "S-1-5-32-544";
foreach (IdentityReference ir in group_current_user)
{
if (ir.Value == sid_admin)
{
admin = true;
}
}
return(admin);
}
private static IEnumerable<Claim> CreateGroupClaims(WindowsPrincipal principal)
{
var groupSidClaims = principal.FindAll(ClaimTypes.GroupSid);
var sids = new IdentityReferenceCollection();
foreach (var sidClaim in groupSidClaims)
{
sids.Add(new SecurityIdentifier(sidClaim.Value));
}
var groupNames = sids.Translate(typeof(NTAccount));
var groupNameClaims = new List<Claim>(
from n in groupNames select new Claim("role", n.Value));
return groupNameClaims;
}
private static IEnumerable <Claim> CreateGroupClaims(WindowsPrincipal principal)
{
var groupSidClaims = principal.FindAll(ClaimTypes.GroupSid);
var sids = new IdentityReferenceCollection();
foreach (var sidClaim in groupSidClaims)
{
sids.Add(new SecurityIdentifier(sidClaim.Value));
}
var groupNames = sids.Translate(typeof(NTAccount));
var groupNameClaims = new List <Claim>(
from n in groupNames select new Claim("role", n.Value));
return(groupNameClaims);
}
public void ExpandTokenGroupsFx2()
{
//point this to a user in the directory
DirectoryEntry user = TestUtils.CreateDirectoryEntry(
"CN=User1,OU=Users," + TestUtils.Settings.DefaultPartition);
using (user)
{
//we use the collection in order to
//batch the request for translation
IdentityReferenceCollection irc
= ExpandTokenGroups(user).Translate(typeof(NTAccount));
foreach (NTAccount account in irc)
{
Console.WriteLine(account);
}
}
}
private static bool AuthorizeRequest()
{
WindowsIdentity windowsIdentity = ServiceSecurityContext.Current.PrimaryIdentity as WindowsIdentity;
if (windowsIdentity == null)
{
return(false);
}
IdentityReferenceCollection groups = windowsIdentity.Groups;
foreach (IdentityReference left in groups)
{
if (left == NotifyService.s_localAdminsSid)
{
return(true);
}
}
return(false);
}
private List <string> GetUserMembership()
{
List <string> SIDs = new List <string>();
IntPtr accountToken = WindowsIdentity.GetCurrent().Token;
WindowsIdentity windowsIdentity = new WindowsIdentity(accountToken);
SecurityIdentifier SIDGroup;
string groupName;
//User SID
SIDs.Add(windowsIdentity.Owner.ToString());
IdentityReferenceCollection irc = windowsIdentity.Groups;
foreach (IdentityReference ir in irc)
{
groupName = "";
SIDGroup = new SecurityIdentifier(ir.Value);
SIDs.Add(ir.Value);
try
{
groupName = SIDGroup.Translate(typeof(NTAccount)).Value;
AppLogger.WriteLine("User is member of " + groupName);
} catch
{
AppLogger.WriteLine("Error translating SID/GroupName");
continue;
}
if (groupName == Environment.MachineName + @"\" + Constants.LOCAL_SECURITYGROUP_NAME)
{
AppLogger.WriteLine("Enabling Composition for User");
_isMemberOfDesignatedGroup = true;
}
SIDGroup = null;
}
windowsIdentity.Dispose();
return(SIDs);
}
protected internal virtual async Task <IEnumerable <string> > GetCurrentWindowsUserRoles()
{
var securityIdentifiers = WindowsIdentity.GetCurrent().Groups
.Cast <SecurityIdentifier>()
.Where(securityIdentifier => securityIdentifier.AccountDomainSid != null);
var identityReferences = new IdentityReferenceCollection();
foreach (var securityIdentifier in securityIdentifiers)
{
identityReferences.Add(securityIdentifier);
}
var roles = identityReferences.Translate(typeof(NTAccount)).Select(ntAccount => ntAccount.Value);
roles = roles.Where(role => !role.StartsWith($"{Environment.MachineName}\\", StringComparison.OrdinalIgnoreCase));
roles = roles.OrderBy(item => item, StringComparer.OrdinalIgnoreCase);
return(await Task.FromResult(roles));
}
/// <summary>
/// Checks if all files in a directory are readable/writable for the current user and recursively checks all subdirectories.
/// Also checks if current user has create/delete permissions for directories
/// </summary>
/// <param name="rootDirectory">Starting path to check the files in</param>
/// <returns>false if there is at least one file which doesn't fulfill the above rights, true otherwise</returns>
public static bool AreFilesReadableWritable(string rootDirectory)
{
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
string username = currentIdentity.Name;
IdentityReferenceCollection currentUsersGroups = currentIdentity.Groups.Translate(typeof(NTAccount));
string[] subDirectories = Directory.GetDirectories(rootDirectory);
foreach (string directory in subDirectories)
{
string[] files = Directory.GetFiles(directory);
foreach (string file in files)
{
FileSystemRights fsr;
try
{
fsr = GetFilePermissions(username, file, currentUsersGroups);
}
catch (Exception)
{
return(false);
}
if (!IsReadableWritable(fsr))
{
return(false);
}
}
// check if can create/delete files;
if (!CanCreateDeleteFiles(directory))
{
return(false);
}
}
return(true);
}
public static ISet <string> AsRoles(this IdentityReferenceCollection identityReferences, WindowsRolesOptions options = null)
{
if (identityReferences == null)
{
throw new ArgumentNullException(nameof(identityReferences));
}
options ??= new WindowsRolesOptions();
// ReSharper disable AssignNullToNotNullAttribute
var securityIdentifiers = identityReferences.Cast <SecurityIdentifier>();
// ReSharper restore AssignNullToNotNullAttribute
if (!options.BuiltInRolesEnabled)
{
securityIdentifiers = securityIdentifiers.Where(securityIdentifier => securityIdentifier.AccountDomainSid != null);
}
identityReferences = new IdentityReferenceCollection();
foreach (var securityIdentifier in securityIdentifiers)
{
identityReferences.Add(securityIdentifier);
}
// ReSharper disable AssignNullToNotNullAttribute
var roles = identityReferences.Translate(typeof(NTAccount)).Select(ntAccount => ntAccount.Value);
// ReSharper restore AssignNullToNotNullAttribute
if (!options.MachineRolesEnabled)
{
roles = roles.Where(role => !role.StartsWith($"{Environment.MachineName}\\", StringComparison.OrdinalIgnoreCase));
}
return(new SortedSet <string>(roles, StringComparer.OrdinalIgnoreCase));
}
public static void CloneAndProperties(bool cloneViaSerialization)
{
SafeAccessTokenHandle token = WindowsIdentity.GetCurrent().AccessToken;
bool gotRef = false;
try
{
token.DangerousAddRef(ref gotRef);
IntPtr logonToken = token.DangerousGetHandle();
WindowsIdentity winId = new WindowsIdentity(logonToken);
WindowsIdentity cloneWinId = cloneViaSerialization ?
BinaryFormatterHelpers.Clone(winId) :
winId.Clone() as WindowsIdentity;
Assert.NotNull(cloneWinId);
Assert.Equal(winId.IsSystem, cloneWinId.IsSystem);
Assert.Equal(winId.IsGuest, cloneWinId.IsGuest);
Assert.Equal(winId.ImpersonationLevel, cloneWinId.ImpersonationLevel);
Assert.Equal(winId.Name, cloneWinId.Name);
Assert.Equal(winId.Owner, cloneWinId.Owner);
IdentityReferenceCollection irc1 = winId.Groups;
IdentityReferenceCollection irc2 = cloneWinId.Groups;
Assert.Equal(irc1.Count, irc2.Count);
CheckDispose(winId);
CheckDispose(cloneWinId);
}
finally
{
if (gotRef)
{
token.DangerousRelease();
}
}
}
// Token: 0x060023A1 RID: 9121 RVA: 0x000A745C File Offset: 0x000A565C
internal static bool AuthorizeRequest(WindowsIdentity wid)
{
List <SecurityIdentifier> list = new List <SecurityIdentifier>(2);
if (RemoteDataProvider.s_exchangeGroupSid != null)
{
list.Add(RemoteDataProvider.s_exchangeGroupSid);
}
list.Add(RemoteDataProvider.s_localAdminsSid);
IdentityReferenceCollection groups = wid.Groups;
foreach (IdentityReference left in groups)
{
foreach (SecurityIdentifier right in list)
{
if (left == right)
{
return(true);
}
}
}
return(false);
}
public static void CloneAndProperties()
{
IntPtr logonToken = WindowsIdentity.GetCurrent().AccessToken.DangerousGetHandle();
WindowsIdentity winId = new WindowsIdentity(logonToken);
WindowsIdentity cloneWinId = winId.Clone() as WindowsIdentity;
Assert.NotNull(cloneWinId);
Assert.Equal(winId.IsSystem, cloneWinId.IsSystem);
Assert.Equal(winId.IsGuest, cloneWinId.IsGuest);
Assert.Equal(winId.ImpersonationLevel, cloneWinId.ImpersonationLevel);
Assert.Equal(winId.Name, cloneWinId.Name);
Assert.Equal(winId.Owner, cloneWinId.Owner);
IdentityReferenceCollection irc1 = winId.Groups;
IdentityReferenceCollection irc2 = cloneWinId.Groups;
Assert.Equal(irc1.Count, irc2.Count);
CheckDispose(winId);
CheckDispose(cloneWinId);
}
//
// Public methods.
//
public override bool IsInRole(string role)
{
if (role == null || role.Length == 0)
return false;
NTAccount ntAccount = new NTAccount(role);
IdentityReferenceCollection source = new IdentityReferenceCollection(1);
source.Add(ntAccount);
IdentityReferenceCollection target = NTAccount.Translate(source, typeof(SecurityIdentifier), false);
SecurityIdentifier sid = target[0] as SecurityIdentifier;
if (sid != null)
{
if (IsInRole(sid))
{
return true;
}
}
// possible that identity has other role claims that match
return base.IsInRole(role);
}
public KlijentServis(NetTcpBinding binding, EndpointAddress address)
: base(binding, address)
{
//IPrincipal principal = Thread.CurrentPrincipal;
//WindowsIdentity id = (WindowsIdentity)principal.Identity;
//IdentityReferenceCollection clGroups = id.Groups;
IdentityReferenceCollection clGroups = WindowsIdentity.GetCurrent().Groups;
string groupName = "";
foreach (IdentityReference group in clGroups)
{
SecurityIdentifier sid = (SecurityIdentifier)group.Translate(typeof(SecurityIdentifier));
var name = sid.Translate(typeof(NTAccount));
groupName = Formatter.ParseName(name.ToString()); /// return name of the Windows group
if (groupName == "admini" || groupName == "radnik" || groupName == "korisnik")
{
break;
}
}
factory = this.CreateChannel();
}
public static bool CheckFileAccessRights(string path, FileSystemRights rightsToCheck)
{
if (string.IsNullOrEmpty(path))
{
throw new ArgumentException();
}
if (!File.Exists(path))
{
throw new FileNotFoundException(path);
}
WindowsIdentity current = WindowsIdentity.GetCurrent();
IdentityReferenceCollection groups = current.Groups;
AuthorizationRuleCollection rules = new FileInfo(path).GetAccessControl().GetAccessRules(true, true, typeof(SecurityIdentifier));
bool flag = false;
bool flag2 = false;
foreach (FileSystemAccessRule rule in rules)
{
if (groups.Contains(rule.IdentityReference) || current.User.Equals(rule.IdentityReference))
{
if (rule.AccessControlType.Equals(AccessControlType.Deny))
{
if ((rule.FileSystemRights & rightsToCheck) == 0)
{
continue;
}
flag2 = true;
break;
}
if (rule.AccessControlType.Equals(AccessControlType.Allow) && ((rule.FileSystemRights & rightsToCheck) == rightsToCheck))
{
flag = true;
}
}
}
return(flag & !flag2);
}
protected internal virtual async Task <ISet <string> > GetWindowsRoles(WindowsIdentity windowsIdentity)
{
if (windowsIdentity == null)
{
throw new ArgumentNullException(nameof(windowsIdentity));
}
// ReSharper disable AssignNullToNotNullAttribute
var securityIdentifiers = windowsIdentity.Groups.Cast <SecurityIdentifier>();
// ReSharper restore AssignNullToNotNullAttribute
var options = this.OptionsMonitor.CurrentValue.Roles.Windows;
if (!options.BuiltInRolesEnabled)
{
securityIdentifiers = securityIdentifiers.Where(securityIdentifier => securityIdentifier.AccountDomainSid != null);
}
var identityReferences = new IdentityReferenceCollection();
foreach (var securityIdentifier in securityIdentifiers)
{
identityReferences.Add(securityIdentifier);
}
// ReSharper disable AssignNullToNotNullAttribute
var windowsRoles = identityReferences.Translate(typeof(NTAccount)).Select(ntAccount => ntAccount.Value);
// ReSharper restore AssignNullToNotNullAttribute
if (!options.MachineRolesEnabled)
{
windowsRoles = windowsRoles.Where(windowsRole => !windowsRole.StartsWith($"{Environment.MachineName}\\", StringComparison.OrdinalIgnoreCase));
}
return(await Task.FromResult(new SortedSet <string>(windowsRoles, StringComparer.OrdinalIgnoreCase)));
}
/// <summary>
///
/// </summary>
/// <param name="root"></param>
/// <param name="username"></param>
/// <returns></returns>
public static string[] GetRolesForUser(DirectoryEntry root, string username)
{
var user = getUser(root, username);
var roles = new List <string>();
IdentityReferenceCollection groupCollection = ExpandTokenGroups(user).Translate(typeof(NTAccount), false);
if (groupCollection != null)
{
foreach (object g in groupCollection)
{
try
{
NTAccount group = g as NTAccount;
String roleName = group.ToString().Substring(group.ToString().IndexOf(@"\") + 1);
if (roleName != String.Empty)
{
roles.Add(roleName);
}
}
catch { }
}
}
return(roles.ToArray());
}
public static void CloneAndProperties()
{
TestUsingAccessToken((logonToken) =>
{
var winId = new WindowsIdentity(logonToken);
WindowsIdentity cloneWinId = winId.Clone() as WindowsIdentity;
Assert.NotNull(cloneWinId);
Assert.Equal(winId.IsSystem, cloneWinId.IsSystem);
Assert.Equal(winId.IsGuest, cloneWinId.IsGuest);
Assert.Equal(winId.ImpersonationLevel, cloneWinId.ImpersonationLevel);
Assert.Equal(winId.Name, cloneWinId.Name);
Assert.Equal(winId.Owner, cloneWinId.Owner);
IdentityReferenceCollection irc1 = winId.Groups;
IdentityReferenceCollection irc2 = cloneWinId.Groups;
Assert.Equal(irc1.Count, irc2.Count);
CheckDispose(winId);
CheckDispose(cloneWinId);
});
}
private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, System.Type targetType)
{
ReadLock();
try
{
AuthorizationRuleCollection result = new AuthorizationRuleCollection();
if (!IsValidTargetTypeStatic(targetType))
{
throw new ArgumentException(SR.Arg_MustBeIdentityReferenceType, "targetType");
}
CommonAcl acl = null;
if (access)
{
if ((_securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != 0)
{
acl = _securityDescriptor.DiscretionaryAcl;
}
}
else // !access == audit
{
if ((_securityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != 0)
{
acl = _securityDescriptor.SystemAcl;
}
}
if (acl == null)
{
//
// The required ACL was not present; return an empty collection.
//
return result;
}
IdentityReferenceCollection irTarget = null;
if (targetType != typeof(SecurityIdentifier))
{
IdentityReferenceCollection irSource = new IdentityReferenceCollection(acl.Count);
for (int i = 0; i < acl.Count; i++)
{
//
// Calling the indexer on a common ACL results in cloning,
// (which would not be the case if we were to use the internal RawAcl property)
// but also ensures that the resulting order of ACEs is proper
// However, this is a big price to pay - cloning all the ACEs just so that
// the canonical order could be ascertained just once.
// A better way would be to have an internal method that would canonicalize the ACL
// and call it once, then use the RawAcl.
//
QualifiedAce ace = acl[i] as QualifiedAce;
if (ace == null)
{
//
// Only consider qualified ACEs
//
continue;
}
if (ace.IsCallback == true)
{
//
// Ignore callback ACEs
//
continue;
}
if (access)
{
if (ace.AceQualifier != AceQualifier.AccessAllowed && ace.AceQualifier != AceQualifier.AccessDenied)
{
continue;
}
}
else
{
if (ace.AceQualifier != AceQualifier.SystemAudit)
{
continue;
}
}
irSource.Add(ace.SecurityIdentifier);
}
irTarget = irSource.Translate(targetType);
}
for (int i = 0; i < acl.Count; i++)
{
//
// Calling the indexer on a common ACL results in cloning,
// (which would not be the case if we were to use the internal RawAcl property)
// but also ensures that the resulting order of ACEs is proper
// However, this is a big price to pay - cloning all the ACEs just so that
// the canonical order could be ascertained just once.
// A better way would be to have an internal method that would canonicalize the ACL
// and call it once, then use the RawAcl.
//
QualifiedAce ace = acl[i] as CommonAce;
if (ace == null)
{
ace = acl[i] as ObjectAce;
if (ace == null)
{
//
// Only consider common or object ACEs
//
continue;
}
}
if (ace.IsCallback == true)
{
//
// Ignore callback ACEs
//
continue;
}
if (access)
{
if (ace.AceQualifier != AceQualifier.AccessAllowed && ace.AceQualifier != AceQualifier.AccessDenied)
{
continue;
}
}
else
{
if (ace.AceQualifier != AceQualifier.SystemAudit)
{
continue;
}
}
if ((includeExplicit && ((ace.AceFlags & AceFlags.Inherited) == 0)) || (includeInherited && ((ace.AceFlags & AceFlags.Inherited) != 0)))
{
IdentityReference iref = (targetType == typeof(SecurityIdentifier)) ? ace.SecurityIdentifier : irTarget[i];
if (access)
{
AccessControlType type;
if (ace.AceQualifier == AceQualifier.AccessAllowed)
{
type = AccessControlType.Allow;
}
else
{
type = AccessControlType.Deny;
}
if (ace is ObjectAce)
{
ObjectAce objectAce = ace as ObjectAce;
result.AddRule(AccessRuleFactory(iref, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, type, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
}
else
{
CommonAce commonAce = ace as CommonAce;
if (commonAce == null)
{
continue;
}
result.AddRule(AccessRuleFactory(iref, commonAce.AccessMask, commonAce.IsInherited, commonAce.InheritanceFlags, commonAce.PropagationFlags, type));
}
}
else
{
if (ace is ObjectAce)
{
ObjectAce objectAce = ace as ObjectAce;
result.AddRule(AuditRuleFactory(iref, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, objectAce.AuditFlags, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
}
else
{
CommonAce commonAce = ace as CommonAce;
if (commonAce == null)
{
continue;
}
result.AddRule(AuditRuleFactory(iref, commonAce.AccessMask, commonAce.IsInherited, commonAce.InheritanceFlags, commonAce.PropagationFlags, commonAce.AuditFlags));
}
}
}
}
return result;
}
finally
{
ReadUnlock();
}
}
private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, Type targetType)
{
AuthorizationRuleCollection rules2;
base.ReadLock();
try
{
AuthorizationRuleCollection rules = new AuthorizationRuleCollection();
if (!SecurityIdentifier.IsValidTargetTypeStatic(targetType))
{
throw new ArgumentException(Environment.GetResourceString("Arg_MustBeIdentityReferenceType"), "targetType");
}
CommonAcl discretionaryAcl = null;
if (access)
{
if ((base._securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != ControlFlags.None)
{
discretionaryAcl = base._securityDescriptor.DiscretionaryAcl;
}
}
else if ((base._securityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != ControlFlags.None)
{
discretionaryAcl = base._securityDescriptor.SystemAcl;
}
if (discretionaryAcl == null)
{
return rules;
}
IdentityReferenceCollection references = null;
if (targetType != typeof(SecurityIdentifier))
{
IdentityReferenceCollection references2 = new IdentityReferenceCollection(discretionaryAcl.Count);
for (int j = 0; j < discretionaryAcl.Count; j++)
{
QualifiedAce ace = discretionaryAcl[j] as QualifiedAce;
if ((ace == null) || ace.IsCallback)
{
continue;
}
if (access)
{
if ((ace.AceQualifier == AceQualifier.AccessAllowed) || (ace.AceQualifier == AceQualifier.AccessDenied))
{
goto Label_00DD;
}
continue;
}
if (ace.AceQualifier != AceQualifier.SystemAudit)
{
continue;
}
Label_00DD:
references2.Add(ace.SecurityIdentifier);
}
references = references2.Translate(targetType);
}
for (int i = 0; i < discretionaryAcl.Count; i++)
{
QualifiedAce ace2 = discretionaryAcl[i] as CommonAce;
if (ace2 == null)
{
ace2 = discretionaryAcl[i] as ObjectAce;
if (ace2 == null)
{
continue;
}
}
if (ace2.IsCallback)
{
continue;
}
if (access)
{
if ((ace2.AceQualifier == AceQualifier.AccessAllowed) || (ace2.AceQualifier == AceQualifier.AccessDenied))
{
goto Label_0174;
}
continue;
}
if (ace2.AceQualifier != AceQualifier.SystemAudit)
{
continue;
}
Label_0174:
if ((includeExplicit && (((byte) (ace2.AceFlags & AceFlags.Inherited)) == 0)) || (includeInherited && (((byte) (ace2.AceFlags & AceFlags.Inherited)) != 0)))
{
IdentityReference identityReference = (targetType == typeof(SecurityIdentifier)) ? ace2.SecurityIdentifier : references[i];
if (access)
{
AccessControlType allow;
if (ace2.AceQualifier == AceQualifier.AccessAllowed)
{
allow = AccessControlType.Allow;
}
else
{
allow = AccessControlType.Deny;
}
if (ace2 is ObjectAce)
{
ObjectAce ace3 = ace2 as ObjectAce;
rules.AddRule(this.AccessRuleFactory(identityReference, ace3.AccessMask, ace3.IsInherited, ace3.InheritanceFlags, ace3.PropagationFlags, allow, ace3.ObjectAceType, ace3.InheritedObjectAceType));
}
else
{
CommonAce ace4 = ace2 as CommonAce;
if (ace4 != null)
{
rules.AddRule(this.AccessRuleFactory(identityReference, ace4.AccessMask, ace4.IsInherited, ace4.InheritanceFlags, ace4.PropagationFlags, allow));
}
}
}
else if (ace2 is ObjectAce)
{
ObjectAce ace5 = ace2 as ObjectAce;
rules.AddRule(this.AuditRuleFactory(identityReference, ace5.AccessMask, ace5.IsInherited, ace5.InheritanceFlags, ace5.PropagationFlags, ace5.AuditFlags, ace5.ObjectAceType, ace5.InheritedObjectAceType));
}
else
{
CommonAce ace6 = ace2 as CommonAce;
if (ace6 != null)
{
rules.AddRule(this.AuditRuleFactory(identityReference, ace6.AccessMask, ace6.IsInherited, ace6.InheritanceFlags, ace6.PropagationFlags, ace6.AuditFlags));
}
}
}
}
rules2 = rules;
}
finally
{
base.ReadUnlock();
}
return rules2;
}
internal IdentityNotMappedException(string message, IdentityReferenceCollection unmappedIdentities)
: this(message)
{
_unmappedIdentities = unmappedIdentities;
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(SR.Arg_EmptyCollection, "sourceAccounts");
}
Contract.EndContractBlock();
SafeLsaPolicyHandle LsaHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle ReferencedDomainsPtr = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle SidsPtr = SafeLsaMemoryHandle.InvalidHandle;
try
{
//
// Construct an array of unicode strings
//
Interop.UNICODE_STRING[] Names = new Interop.UNICODE_STRING[sourceAccounts.Count];
int currentName = 0;
foreach (IdentityReference id in sourceAccounts)
{
NTAccount nta = id as NTAccount;
if (nta == null)
{
throw new ArgumentException(SR.Argument_ImproperType, "sourceAccounts");
}
Names[currentName].Buffer = nta.ToString();
if (Names[currentName].Buffer.Length * 2 + 2 > ushort.MaxValue)
{
// this should never happen since we are already validating account name length in constructor and
// it is less than this limit
Debug.Assert(false, "NTAccount::TranslateToSids - source account name is too long.");
throw new InvalidOperationException();
}
Names[currentName].Length = (ushort)(Names[currentName].Buffer.Length * 2);
Names[currentName].MaximumLength = (ushort)(Names[currentName].Length + 2);
currentName++;
}
//
// Open LSA policy (for lookup requires it)
//
LsaHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
//
// Now perform the actual lookup
//
someFailed = false;
uint ReturnCode;
ReturnCode = Interop.mincore.LsaLookupNames2(LsaHandle, 0, sourceAccounts.Count, Names, ref ReferencedDomainsPtr, ref SidsPtr);
//
// Make a decision regarding whether it makes sense to proceed
// based on the return code and the value of the forceSuccess argument
//
if (ReturnCode == Interop.StatusOptions.STATUS_NO_MEMORY ||
ReturnCode == Interop.StatusOptions.STATUS_INSUFFICIENT_RESOURCES)
{
throw new OutOfMemoryException();
}
else if (ReturnCode == Interop.StatusOptions.STATUS_ACCESS_DENIED)
{
throw new UnauthorizedAccessException();
}
else if (ReturnCode == Interop.StatusOptions.STATUS_NONE_MAPPED ||
ReturnCode == Interop.StatusOptions.STATUS_SOME_NOT_MAPPED)
{
someFailed = true;
}
else if (ReturnCode != 0)
{
int win32ErrorCode = Interop.mincore.RtlNtStatusToDosError(unchecked((int)ReturnCode));
if (win32ErrorCode != Interop.mincore.Errors.ERROR_TRUSTED_RELATIONSHIP_FAILURE)
{
Debug.Assert(false, string.Format(CultureInfo.InvariantCulture, "Interop.LsaLookupNames(2) returned unrecognized error {0}", win32ErrorCode));
}
throw new Exception(Interop.mincore.GetMessage(win32ErrorCode));
}
//
// Interpret the results and generate SID objects
//
IdentityReferenceCollection Result = new IdentityReferenceCollection(sourceAccounts.Count);
if (ReturnCode == 0 || ReturnCode == Interop.StatusOptions.STATUS_SOME_NOT_MAPPED)
{
SidsPtr.Initialize((uint)sourceAccounts.Count, (uint)Marshal.SizeOf<Interop.LSA_TRANSLATED_SID2>());
Win32.InitializeReferencedDomainsPointer(ReferencedDomainsPtr);
Interop.LSA_TRANSLATED_SID2[] translatedSids = new Interop.LSA_TRANSLATED_SID2[sourceAccounts.Count];
SidsPtr.ReadArray(0, translatedSids, 0, translatedSids.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Interop.LSA_TRANSLATED_SID2 Lts = translatedSids[i];
//
// Only some names are recognized as NTAccount objects
//
switch ((SidNameUse)Lts.Use)
{
case SidNameUse.User:
case SidNameUse.Group:
case SidNameUse.Alias:
case SidNameUse.Computer:
case SidNameUse.WellKnownGroup:
Result.Add(new SecurityIdentifier(Lts.Sid, true));
break;
default:
someFailed = true;
Result.Add(sourceAccounts[i]);
break;
}
}
}
else
{
for (int i = 0; i < sourceAccounts.Count; i++)
{
Result.Add(sourceAccounts[i]);
}
}
return Result;
}
finally
{
LsaHandle.Dispose();
ReferencedDomainsPtr.Dispose();
SidsPtr.Dispose();
}
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceAccounts, Type targetType, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
Contract.EndContractBlock();
if (targetType == typeof(SecurityIdentifier))
{
return TranslateToSids(sourceAccounts, out someFailed);
}
throw new ArgumentException(SR.IdentityReference_MustBeIdentityReference, "targetType");
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceAccounts, Type targetType, bool forceSuccess)
{
bool someFailed = false;
IdentityReferenceCollection references = Translate(sourceAccounts, targetType, out someFailed);
if (!forceSuccess || !someFailed)
{
return references;
}
IdentityReferenceCollection unmappedIdentities = new IdentityReferenceCollection();
foreach (IdentityReference reference in references)
{
if (reference.GetType() != targetType)
{
unmappedIdentities.Add(reference);
}
}
throw new IdentityNotMappedException(Environment.GetResourceString("IdentityReference_IdentityNotMapped"), unmappedIdentities);
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceAccounts, Type targetType, out bool someFailed)
{
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (targetType != typeof(SecurityIdentifier))
{
throw new ArgumentException(Environment.GetResourceString("IdentityReference_MustBeIdentityReference"), "targetType");
}
return TranslateToSids(sourceAccounts, out someFailed);
}
private static IdentityReferenceCollection TranslateToSids(IdentityReferenceCollection sourceAccounts, out bool someFailed)
{
IdentityReferenceCollection references2;
if (sourceAccounts == null)
{
throw new ArgumentNullException("sourceAccounts");
}
if (sourceAccounts.Count == 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EmptyCollection"), "sourceAccounts");
}
SafeLsaPolicyHandle invalidHandle = SafeLsaPolicyHandle.InvalidHandle;
SafeLsaMemoryHandle referencedDomains = SafeLsaMemoryHandle.InvalidHandle;
SafeLsaMemoryHandle sids = SafeLsaMemoryHandle.InvalidHandle;
try
{
uint num2;
Win32Native.UNICODE_STRING[] names = new Win32Native.UNICODE_STRING[sourceAccounts.Count];
int index = 0;
foreach (IdentityReference reference in sourceAccounts)
{
NTAccount account = reference as NTAccount;
if (account == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_ImproperType"), "sourceAccounts");
}
names[index].Buffer = account.ToString();
if (((names[index].Buffer.Length * 2) + 2) > 0xffff)
{
throw new SystemException();
}
names[index].Length = (ushort) (names[index].Buffer.Length * 2);
names[index].MaximumLength = (ushort) (names[index].Length + 2);
index++;
}
invalidHandle = Win32.LsaOpenPolicy(null, PolicyRights.POLICY_LOOKUP_NAMES);
someFailed = false;
if (Win32.LsaLookupNames2Supported)
{
num2 = Win32Native.LsaLookupNames2(invalidHandle, 0, sourceAccounts.Count, names, ref referencedDomains, ref sids);
}
else
{
num2 = Win32Native.LsaLookupNames(invalidHandle, sourceAccounts.Count, names, ref referencedDomains, ref sids);
}
if ((num2 == 0xc0000017) || (num2 == 0xc000009a))
{
throw new OutOfMemoryException();
}
if (num2 == 0xc0000022)
{
throw new UnauthorizedAccessException();
}
if ((num2 == 0xc0000073) || (num2 == 0x107))
{
someFailed = true;
}
else if (num2 != 0)
{
int errorCode = Win32Native.LsaNtStatusToWinError((int) num2);
throw new SystemException(Win32Native.GetMessage(errorCode));
}
IdentityReferenceCollection references = new IdentityReferenceCollection(sourceAccounts.Count);
switch (num2)
{
case 0:
case 0x107:
if (Win32.LsaLookupNames2Supported)
{
sids.Initialize((uint) sourceAccounts.Count, (uint) Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID2)));
Win32.InitializeReferencedDomainsPointer(referencedDomains);
Win32Native.LSA_TRANSLATED_SID2[] array = new Win32Native.LSA_TRANSLATED_SID2[sourceAccounts.Count];
sids.ReadArray<Win32Native.LSA_TRANSLATED_SID2>(0L, array, 0, array.Length);
for (int i = 0; i < sourceAccounts.Count; i++)
{
Win32Native.LSA_TRANSLATED_SID2 lsa_translated_sid = array[i];
switch (lsa_translated_sid.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
{
references.Add(new SecurityIdentifier(lsa_translated_sid.Sid, true));
continue;
}
}
someFailed = true;
references.Add(sourceAccounts[i]);
}
}
else
{
sids.Initialize((uint) sourceAccounts.Count, (uint) Marshal.SizeOf(typeof(Win32Native.LSA_TRANSLATED_SID)));
Win32.InitializeReferencedDomainsPointer(referencedDomains);
Win32Native.LSA_REFERENCED_DOMAIN_LIST lsa_referenced_domain_list = referencedDomains.Read<Win32Native.LSA_REFERENCED_DOMAIN_LIST>(0L);
SecurityIdentifier[] identifierArray = new SecurityIdentifier[lsa_referenced_domain_list.Entries];
for (int j = 0; j < lsa_referenced_domain_list.Entries; j++)
{
Win32Native.LSA_TRUST_INFORMATION lsa_trust_information = (Win32Native.LSA_TRUST_INFORMATION) Marshal.PtrToStructure(new IntPtr(((long) lsa_referenced_domain_list.Domains) + (j * Marshal.SizeOf(typeof(Win32Native.LSA_TRUST_INFORMATION)))), typeof(Win32Native.LSA_TRUST_INFORMATION));
identifierArray[j] = new SecurityIdentifier(lsa_trust_information.Sid, true);
}
Win32Native.LSA_TRANSLATED_SID[] lsa_translated_sidArray2 = new Win32Native.LSA_TRANSLATED_SID[sourceAccounts.Count];
sids.ReadArray<Win32Native.LSA_TRANSLATED_SID>(0L, lsa_translated_sidArray2, 0, lsa_translated_sidArray2.Length);
for (int k = 0; k < sourceAccounts.Count; k++)
{
Win32Native.LSA_TRANSLATED_SID lsa_translated_sid2 = lsa_translated_sidArray2[k];
switch (lsa_translated_sid2.Use)
{
case 1:
case 2:
case 4:
case 5:
case 9:
{
references.Add(new SecurityIdentifier(identifierArray[lsa_translated_sid2.DomainIndex], lsa_translated_sid2.Rid));
continue;
}
}
someFailed = true;
references.Add(sourceAccounts[k]);
}
}
break;
default:
for (int m = 0; m < sourceAccounts.Count; m++)
{
references.Add(sourceAccounts[m]);
}
break;
}
references2 = references;
}
finally
{
invalidHandle.Dispose();
referencedDomains.Dispose();
sids.Dispose();
}
return references2;
}
private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, Type targetType)
{
AuthorizationRuleCollection rules2;
base.ReadLock();
try
{
AuthorizationRuleCollection rules = new AuthorizationRuleCollection();
if (!SecurityIdentifier.IsValidTargetTypeStatic(targetType))
{
throw new ArgumentException(Environment.GetResourceString("Arg_MustBeIdentityReferenceType"), "targetType");
}
CommonAcl discretionaryAcl = null;
if (access)
{
if ((base._securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != ControlFlags.None)
{
discretionaryAcl = base._securityDescriptor.DiscretionaryAcl;
}
}
else if ((base._securityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != ControlFlags.None)
{
discretionaryAcl = base._securityDescriptor.SystemAcl;
}
if (discretionaryAcl == null)
{
return rules;
}
IdentityReferenceCollection references = null;
if (targetType != typeof(SecurityIdentifier))
{
IdentityReferenceCollection references2 = new IdentityReferenceCollection(discretionaryAcl.Count);
for (int j = 0; j < discretionaryAcl.Count; j++)
{
CommonAce ace = discretionaryAcl[j] as CommonAce;
if (this.AceNeedsTranslation(ace, access, includeExplicit, includeInherited))
{
references2.Add(ace.SecurityIdentifier);
}
}
references = references2.Translate(targetType);
}
int num2 = 0;
for (int i = 0; i < discretionaryAcl.Count; i++)
{
CommonAce ace2 = discretionaryAcl[i] as CommonAce;
if (this.AceNeedsTranslation(ace2, access, includeExplicit, includeInherited))
{
IdentityReference identityReference = (targetType == typeof(SecurityIdentifier)) ? ace2.SecurityIdentifier : references[num2++];
if (access)
{
AccessControlType allow;
if (ace2.AceQualifier == AceQualifier.AccessAllowed)
{
allow = AccessControlType.Allow;
}
else
{
allow = AccessControlType.Deny;
}
rules.AddRule(this.AccessRuleFactory(identityReference, ace2.AccessMask, ace2.IsInherited, ace2.InheritanceFlags, ace2.PropagationFlags, allow));
}
else
{
rules.AddRule(this.AuditRuleFactory(identityReference, ace2.AccessMask, ace2.IsInherited, ace2.InheritanceFlags, ace2.PropagationFlags, ace2.AuditFlags));
}
}
}
rules2 = rules;
}
finally
{
base.ReadUnlock();
}
return rules2;
}
public override IdentityReference Translate(Type targetType)
{
if (targetType == null)
{
throw new ArgumentNullException("targetType");
}
Contract.EndContractBlock();
if (targetType == typeof(NTAccount))
{
return this; // assumes that NTAccount objects are immutable
}
else if (targetType == typeof(SecurityIdentifier))
{
IdentityReferenceCollection irSource = new IdentityReferenceCollection(1);
irSource.Add(this);
IdentityReferenceCollection irTarget;
irTarget = NTAccount.Translate(irSource, targetType, true);
return irTarget[0];
}
else
{
throw new ArgumentException(SR.IdentityReference_MustBeIdentityReference, "targetType");
}
}
internal static IdentityReferenceCollection Translate(IdentityReferenceCollection sourceAccounts, Type targetType, bool forceSuccess)
{
bool SomeFailed = false;
IdentityReferenceCollection Result;
Result = Translate(sourceAccounts, targetType, out SomeFailed);
if (forceSuccess && SomeFailed)
{
IdentityReferenceCollection UnmappedIdentities = new IdentityReferenceCollection();
foreach (IdentityReference id in Result)
{
if (id.GetType() != targetType)
{
UnmappedIdentities.Add(id);
}
}
throw new IdentityNotMappedException(SR.IdentityReference_IdentityNotMapped, UnmappedIdentities);
}
return Result;
}
