Пример #1
0
        private static List <AclTableEntry> BuildAclTableFromSecurityDescriptor(RawSecurityDescriptor securityDescriptor, RawSecurityDescriptor freeBusySecurityDescriptor, LazilyInitialized <ExternalUserCollection> lazilyInitializedExternalUserCollection, IRecipientSession recipientSession, AclTableIdMap aclTableIdMap, out bool isCanonical, out string canonicalErrorInformation)
        {
            FolderSecurity.AnnotatedAceList annotatedAceList = new FolderSecurity.AnnotatedAceList(securityDescriptor, freeBusySecurityDescriptor, (SecurityIdentifier securityIdentifier) => AclModifyTable.GetSecurityIdentifierType(recipientSession, securityIdentifier));
            isCanonical = annotatedAceList.IsCanonical(out canonicalErrorInformation);
            IList <FolderSecurity.SecurityIdentifierAndFolderRights> list;

            if (isCanonical)
            {
                list = annotatedAceList.GetSecurityIdentifierAndRightsList();
            }
            else
            {
                ExTraceGlobals.StorageTracer.TraceWarning <string, string>(0L, "Got non canonical SD: {0}, ErrorInfo: ", securityDescriptor.GetSddlForm(AccessControlSections.All), canonicalErrorInformation);
                list = Array <FolderSecurity.SecurityIdentifierAndFolderRights> .Empty;
            }
            List <AclTableEntry> list2 = new List <AclTableEntry>(list.Count + 1);

            foreach (FolderSecurity.SecurityIdentifierAndFolderRights securityIdentifierAndFolderRights in list)
            {
                MemberRights memberRights = (MemberRights)(securityIdentifierAndFolderRights.AllowRights & ~(MemberRights)securityIdentifierAndFolderRights.DenyRights);
                bool         flag         = false;
                bool         flag2        = false;
                byte[]       entryId;
                string       text;
                List <SecurityIdentifier> list3;
                SecurityIdentifier        securityIdentifier;
                if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.WorldSid))
                {
                    entryId = Array <byte> .Empty;
                    text    = string.Empty;
                    string legacyDN = string.Empty;
                    securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
                    list3 = null;
                    flag2 = true;
                }
                else if (securityIdentifierAndFolderRights.SecurityIdentifier.IsWellKnown(WellKnownSidType.AnonymousSid))
                {
                    entryId            = Array <byte> .Empty;
                    text               = "Anonymous";
                    securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
                    list3              = null;
                }
                else if (ExternalUser.IsExternalUserSid(securityIdentifierAndFolderRights.SecurityIdentifier))
                {
                    ExternalUser externalUser = AclHelper.TryGetExternalUser(securityIdentifierAndFolderRights.SecurityIdentifier, lazilyInitializedExternalUserCollection);
                    if (externalUser == null)
                    {
                        ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find external user with SID {0}, build entry from information we have", securityIdentifierAndFolderRights.SecurityIdentifier);
                        string text2 = AclHelper.CreateLocalUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
                        text = text2;
                    }
                    else
                    {
                        text = externalUser.Name;
                        string legacyDN = externalUser.LegacyDn;
                    }
                    entryId            = AddressBookEntryId.MakeAddressBookEntryIDFromLocalDirectorySid(securityIdentifierAndFolderRights.SecurityIdentifier);
                    securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
                    list3 = null;
                }
                else
                {
                    MiniRecipient miniRecipient = recipientSession.FindMiniRecipientBySid <MiniRecipient>(securityIdentifierAndFolderRights.SecurityIdentifier, Array <PropertyDefinition> .Empty);
                    string        legacyDN;
                    if (miniRecipient == null)
                    {
                        ExTraceGlobals.StorageTracer.TraceWarning <SecurityIdentifier>(0L, "Cannot find recipient with SID {0}, build entry from the information we have", securityIdentifierAndFolderRights.SecurityIdentifier);
                        flag = (securityIdentifierAndFolderRights.SecurityIdentifierType == FolderSecurity.SecurityIdentifierType.Group);
                        string text3 = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
                        text               = text3;
                        legacyDN           = text3;
                        securityIdentifier = securityIdentifierAndFolderRights.SecurityIdentifier;
                        list3              = null;
                    }
                    else
                    {
                        flag = AclHelper.IsGroupRecipientType(miniRecipient.RecipientType);
                        if (string.IsNullOrEmpty(miniRecipient.DisplayName))
                        {
                            text = AclHelper.CreateNTUserStrignRepresentation(securityIdentifierAndFolderRights.SecurityIdentifier);
                        }
                        else
                        {
                            text = miniRecipient.DisplayName;
                        }
                        if (string.IsNullOrEmpty(miniRecipient.LegacyExchangeDN))
                        {
                            legacyDN = text;
                        }
                        else
                        {
                            legacyDN = miniRecipient.LegacyExchangeDN;
                        }
                        SecurityIdentifier masterAccountSid = miniRecipient.MasterAccountSid;
                        if (masterAccountSid != null && !masterAccountSid.IsWellKnown(WellKnownSidType.SelfSid))
                        {
                            securityIdentifier = masterAccountSid;
                            list3 = null;
                        }
                        else
                        {
                            securityIdentifier = miniRecipient.Sid;
                            MultiValuedProperty <SecurityIdentifier> sidHistory = miniRecipient.SidHistory;
                            if (sidHistory != null && sidHistory.Count != 0)
                            {
                                list3 = new List <SecurityIdentifier>(sidHistory);
                            }
                            else
                            {
                                list3 = null;
                            }
                        }
                    }
                    entryId = AddressBookEntryId.MakeAddressBookEntryID(legacyDN, flag);
                }
                AclTableEntry aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == securityIdentifier);
                if (aclTableEntry == null && list3 != null)
                {
                    using (List <SecurityIdentifier> .Enumerator enumerator2 = list3.GetEnumerator())
                    {
                        while (enumerator2.MoveNext())
                        {
                            SecurityIdentifier sid = enumerator2.Current;
                            aclTableEntry = list2.Find((AclTableEntry entry) => entry.SecurityIdentifier == sid);
                            if (aclTableEntry != null)
                            {
                                break;
                            }
                        }
                    }
                }
                if (aclTableEntry == null)
                {
                    aclTableEntry = new AclTableEntry(AclModifyTable.GetIdForSecurityIdentifier(securityIdentifier, list3, aclTableIdMap), entryId, text, memberRights);
                    aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag);
                    if (flag2)
                    {
                        list2.Insert(0, aclTableEntry);
                    }
                    else
                    {
                        list2.Add(aclTableEntry);
                    }
                }
                else
                {
                    aclTableEntry.MemberRights &= memberRights;
                    if (aclTableEntry.IsGroup != flag)
                    {
                        throw new NonCanonicalACLException(annotatedAceList.CreateErrorInformation((LID)35788U, new int[0]));
                    }
                    aclTableEntry.SetSecurityIdentifier(securityIdentifier, flag);
                }
            }
            return(list2);
        }
Пример #2
0
 private static long GetIdForSecurityIdentifier(SecurityIdentifier securityIdentifier, List <SecurityIdentifier> sidHistory, AclTableIdMap aclTableIdMap)
 {
     if (securityIdentifier.IsWellKnown(WellKnownSidType.WorldSid))
     {
         return(0L);
     }
     if (securityIdentifier.IsWellKnown(WellKnownSidType.AnonymousSid))
     {
         return(-1L);
     }
     return(aclTableIdMap.GetIdForSecurityIdentifier(securityIdentifier, sidHistory));
 }