Пример #1
0
 internal virtual AccessRule InternalAccessRuleFactory(QualifiedAce ace, Type targetType,
                                                       AccessControlType type)
 {
     return(AccessRuleFactory(ace.SecurityIdentifier.Translate(targetType),
                              ace.AccessMask, ace.IsInherited,
                              ace.InheritanceFlags, ace.PropagationFlags, type));
 }
        private bool ObjectTypesMatch(QualifiedAce ace, QualifiedAce newAce)
        {
            Guid guid = (ace is ObjectAce) ? ((ObjectAce)ace).ObjectAceType : Guid.Empty;
            Guid g    = (newAce is ObjectAce) ? ((ObjectAce)newAce).ObjectAceType : Guid.Empty;

            return(guid.Equals(g));
        }
Пример #3
0
        void AddAce(QualifiedAce newAce)
        {
            RequireCanonicity();

            int pos = GetAceInsertPosition(newAce.AceQualifier);

            raw_acl.InsertAce(pos, CopyAce(newAce));
            CanonicalizeAndClearAefa();
        }
Пример #4
0
        void AddAce(QualifiedAce newAce)
        {
            RequireCanonicity();

            int pos = GetAceInsertPosition(newAce.AceQualifier);

            raw_acl.InsertAce(pos, newAce);
            CleanAndRetestCanonicity();
        }
        private bool AccessMasksAreMergeable(QualifiedAce ace, QualifiedAce newAce)
        {
            if (this.ObjectTypesMatch(ace, newAce))
            {
                return(true);
            }
            ObjectAceFlags flags = (ace is ObjectAce) ? ((ObjectAce)ace).ObjectAceFlags : ObjectAceFlags.None;

            return((((ace.AccessMask & newAce.AccessMask) & ObjectAce.AccessMaskWithObjectType) == (newAce.AccessMask & ObjectAce.AccessMaskWithObjectType)) && ((flags & ObjectAceFlags.ObjectAceTypePresent) == ObjectAceFlags.None));
        }
        private bool AceFlagsAreMergeable(QualifiedAce ace, QualifiedAce newAce)
        {
            if (this.InheritedObjectTypesMatch(ace, newAce))
            {
                return(true);
            }
            ObjectAceFlags flags = (ace is ObjectAce) ? ((ObjectAce)ace).ObjectAceFlags : ObjectAceFlags.None;

            return((flags & ObjectAceFlags.InheritedObjectAceTypePresent) == ObjectAceFlags.None);
        }
Пример #7
0
        // DiscretionaryAcl/SystemAcl shared implementation below...
        internal void AddAce(AceQualifier aceQualifier,
                             SecurityIdentifier sid, int accessMask,
                             InheritanceFlags inheritanceFlags,
                             PropagationFlags propagationFlags,
                             AuditFlags auditFlags)
        {
            QualifiedAce ace = AddAceGetQualifiedAce(aceQualifier, sid, accessMask,
                                                     inheritanceFlags, propagationFlags, auditFlags);

            AddAce(ace);
        }
Пример #8
0
		internal override AuditRule InternalAuditRuleFactory (QualifiedAce ace, Type targetType)
		{
			ObjectAce oace = ace as ObjectAce;
			if (null == oace || ObjectAceFlags.None == oace.ObjectAceFlags)
				return base.InternalAuditRuleFactory (ace, targetType);
			
			return AuditRuleFactory (ace.SecurityIdentifier.Translate (targetType),
						 ace.AccessMask, ace.IsInherited,
						 ace.InheritanceFlags, ace.PropagationFlags, ace.AuditFlags,
						 oace.ObjectAceType, oace.InheritedObjectAceType);
		}
        private bool InspectAce(ref GenericAce ace, bool isDacl)
        {
            KnownAce ace2 = ace as KnownAce;

            if ((ace2 != null) && (ace2.AccessMask == 0))
            {
                return(false);
            }
            if (!this.IsContainer)
            {
                if (((byte)(ace.AceFlags & AceFlags.InheritOnly)) != 0)
                {
                    return(false);
                }
                if (((byte)(ace.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit))) != 0)
                {
                    ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 240));
                }
            }
            else
            {
                if (((((byte)(ace.AceFlags & AceFlags.InheritOnly)) != 0) && (((byte)(ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte)(ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
                {
                    return(false);
                }
                if (((((byte)(ace.AceFlags & (AceFlags.None | AceFlags.NoPropagateInherit))) != 0) && (((byte)(ace.AceFlags & AceFlags.ContainerInherit)) == 0)) && (((byte)(ace.AceFlags & (AceFlags.None | AceFlags.ObjectInherit))) == 0))
                {
                    ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 0xfb));
                }
            }
            QualifiedAce ace3 = ace2 as QualifiedAce;

            if (isDacl)
            {
                ace.AceFlags = (AceFlags)((byte)(((int)ace.AceFlags) & 0x3f));
                if (((ace3 != null) && (ace3.AceQualifier != AceQualifier.AccessAllowed)) && (ace3.AceQualifier != AceQualifier.AccessDenied))
                {
                    return(false);
                }
            }
            else
            {
                if (((byte)(ace.AceFlags & AceFlags.AuditFlags)) == 0)
                {
                    return(false);
                }
                if ((ace3 != null) && (ace3.AceQualifier != AceQualifier.SystemAudit))
                {
                    return(false);
                }
            }
            return(true);
        }
Пример #10
0
        void SetAce(QualifiedAce newAce)
        {
            RequireCanonicity();

            RemoveAces <QualifiedAce> (oldAce =>
            {
                return(oldAce.AceQualifier == newAce.AceQualifier &&
                       oldAce.SecurityIdentifier == newAce.SecurityIdentifier);
            });
            CleanAndRetestCanonicity();

            AddAce(newAce);
        }
Пример #11
0
        internal override AuditRule InternalAuditRuleFactory(QualifiedAce ace, Type targetType)
        {
            ObjectAce oace = ace as ObjectAce;

            if (null == oace || ObjectAceFlags.None == oace.ObjectAceFlags)
            {
                return(base.InternalAuditRuleFactory(ace, targetType));
            }

            return(AuditRuleFactory(ace.SecurityIdentifier.Translate(targetType),
                                    ace.AccessMask, ace.IsInherited,
                                    ace.InheritanceFlags, ace.PropagationFlags, ace.AuditFlags,
                                    oace.ObjectAceType, oace.InheritedObjectAceType));
        }
Пример #12
0
        internal void AddAce(AceQualifier aceQualifier,
                             SecurityIdentifier sid, int accessMask,
                             InheritanceFlags inheritanceFlags,
                             PropagationFlags propagationFlags,
                             AuditFlags auditFlags,
                             ObjectAceFlags objectFlags,
                             Guid objectType,
                             Guid inheritedObjectType)
        {
            QualifiedAce ace = AddAceGetQualifiedAce(aceQualifier, sid, accessMask,
                                                     inheritanceFlags, propagationFlags, auditFlags,
                                                     objectFlags, objectType, inheritedObjectType);

            AddAce(ace);
        }
Пример #13
0
        internal AuthorizationRuleCollection InternalGetAccessRules(bool includeExplicit,
                                                                    bool includeInherited,
                                                                    Type targetType)
        {
            List <AuthorizationRule> rules = new List <AuthorizationRule> ();

            ReadLock();
            try {
                foreach (GenericAce genericAce in descriptor.DiscretionaryAcl)
                {
                    QualifiedAce ace = genericAce as QualifiedAce;
                    if (null == ace)
                    {
                        continue;
                    }
                    if (ace.IsInherited && !includeInherited)
                    {
                        continue;
                    }
                    if (!ace.IsInherited && !includeExplicit)
                    {
                        continue;
                    }

                    AccessControlType type;
                    if (AceQualifier.AccessAllowed == ace.AceQualifier)
                    {
                        type = AccessControlType.Allow;
                    }
                    else if (AceQualifier.AccessDenied == ace.AceQualifier)
                    {
                        type = AccessControlType.Deny;
                    }
                    else
                    {
                        continue;
                    }

                    AccessRule rule = InternalAccessRuleFactory(ace, targetType, type);
                    rules.Add(rule);
                }
            } finally {
                ReadUnlock();
            }

            return(new AuthorizationRuleCollection(rules.ToArray()));
        }
        internal void AddQualifiedAce(SecurityIdentifier sid, AceQualifier qualifier, int accessMask, AceFlags flags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType)
        {
            GenericAce ace;

            if (sid == null)
            {
                throw new ArgumentNullException("sid");
            }
            this.ThrowIfNotCanonical();
            bool flag = false;

            if ((qualifier == AceQualifier.SystemAudit) && (((byte)(flags & AceFlags.AuditFlags)) == 0))
            {
                throw new ArgumentException(Environment.GetResourceString("Arg_EnumAtLeastOneFlag"), "flags");
            }
            if (accessMask == 0)
            {
                throw new ArgumentException(Environment.GetResourceString("Argument_ArgumentZero"), "accessMask");
            }
            if (!this.IsDS || (objectFlags == ObjectAceFlags.None))
            {
                ace = new CommonAce(flags, qualifier, accessMask, sid, false, null);
            }
            else
            {
                ace = new ObjectAce(flags, qualifier, accessMask, sid, objectFlags, objectType, inheritedObjectType, false, null);
            }
            if (this.InspectAce(ref ace, this is DiscretionaryAcl))
            {
                for (int i = 0; i < this.Count; i++)
                {
                    QualifiedAce ace2 = this._acl[i] as QualifiedAce;
                    if ((ace2 != null) && this.MergeAces(ref ace2, ace as QualifiedAce))
                    {
                        flag = true;
                        break;
                    }
                }
                if (!flag)
                {
                    this._acl.InsertAce(this._acl.Count, ace);
                    this._isDirty = true;
                }
                this.OnAclModificationTried();
            }
        }
        internal void RemoveQualifiedAcesSpecific(SecurityIdentifier sid, AceQualifier qualifier, int accessMask, AceFlags flags, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType)
        {
            if (accessMask == 0)
            {
                throw new ArgumentException(Environment.GetResourceString("Argument_ArgumentZero"), "accessMask");
            }
            if ((qualifier == AceQualifier.SystemAudit) && (((byte)(flags & AceFlags.AuditFlags)) == 0))
            {
                throw new ArgumentException(Environment.GetResourceString("Arg_EnumAtLeastOneFlag"), "flags");
            }
            if (sid == null)
            {
                throw new ArgumentNullException("sid");
            }
            this.ThrowIfNotCanonical();
            for (int i = 0; i < this.Count; i++)
            {
                QualifiedAce ace = this._acl[i] as QualifiedAce;
                if ((((ace == null) || (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)) || ((ace.AceQualifier != qualifier) || (ace.SecurityIdentifier != sid))) || ((ace.AceFlags != flags) || (ace.AccessMask != accessMask)))
                {
                    continue;
                }
                if (this.IsDS)
                {
                    if ((ace is ObjectAce) && (objectFlags != ObjectAceFlags.None))
                    {
                        ObjectAce ace2 = ace as ObjectAce;
                        if (ace2.ObjectTypesMatch(objectFlags, objectType) && ace2.InheritedObjectTypesMatch(objectFlags, inheritedObjectType))
                        {
                            goto Label_00F2;
                        }
                        continue;
                    }
                    if ((ace is ObjectAce) || (objectFlags != ObjectAceFlags.None))
                    {
                        continue;
                    }
                }
Label_00F2:
                this._acl.RemoveAce(i);
                i--;
            }
            this.OnAclModificationTried();
        }
Пример #16
0
        internal int GetCanonicalExplicitDenyAceCount()
        {
            int i;

            for (i = 0; i < Count; i++)
            {
                if (this [i].IsInherited)
                {
                    break;
                }

                QualifiedAce ace = this [i] as QualifiedAce;
                if (ace == null || ace.AceQualifier != AceQualifier.AccessDenied)
                {
                    break;
                }
            }
            return(i);
        }
Пример #17
0
        internal AuthorizationRuleCollection InternalGetAuditRules(bool includeExplicit,
                                                                   bool includeInherited,
                                                                   Type targetType)
        {
            List <AuthorizationRule> rules = new List <AuthorizationRule> ();

            ReadLock();
            try {
                if (null != descriptor.SystemAcl)
                {
                    foreach (GenericAce genericAce in descriptor.SystemAcl)
                    {
                        QualifiedAce ace = genericAce as QualifiedAce;
                        if (null == ace)
                        {
                            continue;
                        }
                        if (ace.IsInherited && !includeInherited)
                        {
                            continue;
                        }
                        if (!ace.IsInherited && !includeExplicit)
                        {
                            continue;
                        }

                        if (AceQualifier.SystemAudit != ace.AceQualifier)
                        {
                            continue;
                        }

                        AuditRule rule = InternalAuditRuleFactory(ace, targetType);
                        rules.Add(rule);
                    }
                }
            } finally {
                ReadUnlock();
            }

            return(new AuthorizationRuleCollection(rules.ToArray()));
        }
 private bool GetAccessMaskForRemoval(QualifiedAce ace, ObjectAceFlags objectFlags, Guid objectType, ref int accessMask)
 {
     if (((ace.AccessMask & accessMask) & ObjectAce.AccessMaskWithObjectType) != 0)
     {
         if (ace is ObjectAce)
         {
             ObjectAce ace2 = ace as ObjectAce;
             if (((objectFlags & ObjectAceFlags.ObjectAceTypePresent) != ObjectAceFlags.None) && ((ace2.ObjectAceFlags & ObjectAceFlags.ObjectAceTypePresent) == ObjectAceFlags.None))
             {
                 return(false);
             }
             if (!(((objectFlags & ObjectAceFlags.ObjectAceTypePresent) == ObjectAceFlags.None) || ace2.ObjectTypesMatch(objectFlags, objectType)))
             {
                 accessMask &= ~ObjectAce.AccessMaskWithObjectType;
             }
         }
         else if ((objectFlags & ObjectAceFlags.ObjectAceTypePresent) != ObjectAceFlags.None)
         {
             return(false);
         }
     }
     return(true);
 }
 private bool GetInheritanceFlagsForRemoval(QualifiedAce ace, ObjectAceFlags objectFlags, Guid inheritedObjectType, ref AceFlags aceFlags)
 {
     if ((((byte)(ace.AceFlags & AceFlags.ContainerInherit)) != 0) && (((byte)(aceFlags & AceFlags.ContainerInherit)) != 0))
     {
         if (ace is ObjectAce)
         {
             ObjectAce ace2 = ace as ObjectAce;
             if (((objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != ObjectAceFlags.None) && ((ace2.ObjectAceFlags & ObjectAceFlags.InheritedObjectAceTypePresent) == ObjectAceFlags.None))
             {
                 return(false);
             }
             if (!(((objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) == ObjectAceFlags.None) || ace2.InheritedObjectTypesMatch(objectFlags, inheritedObjectType)))
             {
                 aceFlags = (AceFlags)((byte)(((int)aceFlags) & 240));
             }
         }
         else if ((objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != ObjectAceFlags.None)
         {
             return(false);
         }
     }
     return(true);
 }
 private void Canonicalize(bool compact, bool isDacl)
 {
     for (ushort i = 0; i < this._acl.Count; i = (ushort)(i + 1))
     {
         this._acl[i]._indexInAcl = i;
     }
     this.QuickSort(0, this._acl.Count - 1, isDacl);
     if (compact)
     {
         for (int j = 0; j < (this.Count - 1); j++)
         {
             QualifiedAce ace = this._acl[j] as QualifiedAce;
             if (ace != null)
             {
                 QualifiedAce newAce = this._acl[j + 1] as QualifiedAce;
                 if ((newAce != null) && this.MergeAces(ref ace, newAce))
                 {
                     this._acl.RemoveAce(j + 1);
                 }
             }
         }
     }
 }
Пример #21
0
        internal override bool IsAceMeaningless(GenericAce ace)
        {
            if (base.IsAceMeaningless(ace))
            {
                return(true);
            }
            if (AuditFlags.None != ace.AuditFlags)
            {
                return(true);
            }

            QualifiedAce qace = ace as QualifiedAce;

            if (null != qace)
            {
                if (!(AceQualifier.AccessAllowed == qace.AceQualifier ||
                      AceQualifier.AccessDenied == qace.AceQualifier))
                {
                    return(true);
                }
            }

            return(false);
        }
Пример #22
0
        internal override bool IsAceMeaningless(GenericAce ace)
        {
            if (base.IsAceMeaningless(ace))
            {
                return(true);
            }
            if (!IsValidAuditFlags(ace.AuditFlags))
            {
                return(true);
            }

            QualifiedAce qace = ace as QualifiedAce;

            if (null != qace)
            {
                if (!(AceQualifier.SystemAudit == qace.AceQualifier ||
                      AceQualifier.SystemAlarm == qace.AceQualifier))
                {
                    return(true);
                }
            }

            return(false);
        }
Пример #23
0
        private bool AceFlagsAreMergeable( QualifiedAce ace, QualifiedAce newAce )
        {
            //
            // The ace flags can be considered for merge in any of the following conditions
            // 1. Inherited object types match 
            // 2. (Inherited object types do not match) The existing ace does not have an inherited object type and 
            //     already contains all the bits of the new ace
            //

            if ( InheritedObjectTypesMatch( ace, newAce ))
            {
                // case 1
                return true;
            }

            ObjectAceFlags objectFlags = ( ace is ObjectAce ) ? (( ObjectAce ) ace ).ObjectAceFlags : ObjectAceFlags.None;
            if (( objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent ) == 0 )
            {
                // case 2

                //
                // This method is called only when the access masks of the two aces are already confirmed to be exact matches
                // therefore the second condition of case 2 is already verified
                //
                Contract.Assert(( ace.AccessMask & newAce.AccessMask) ==  newAce.AccessMask, "AceFlagsAreMergeable:: AccessMask of existing ace does not contain all access bits of new ace.");
                return true;
            }

            return false;
        }
Пример #24
0
        GenericAce MergeExplicitAcePair(GenericAce ace1, GenericAce ace2)
        {
            QualifiedAce qace1 = ace1 as QualifiedAce;
            QualifiedAce qace2 = ace2 as QualifiedAce;

            if (!(null != qace1 && null != qace2))
            {
                return(null);
            }
            if (!(qace1.AceQualifier == qace2.AceQualifier))
            {
                return(null);
            }
            if (!(qace1.SecurityIdentifier == qace2.SecurityIdentifier))
            {
                return(null);
            }

            AceFlags aceFlags1 = qace1.AceFlags, aceFlags2 = qace2.AceFlags, aceFlagsNew;
            int      accessMask1 = qace1.AccessMask, accessMask2 = qace2.AccessMask, accessMaskNew;

            if (!IsContainer)
            {
                aceFlags1 &= ~AceFlags.InheritanceFlags;
                aceFlags2 &= ~AceFlags.InheritanceFlags;
            }

            if (aceFlags1 != aceFlags2)
            {
                if (accessMask1 != accessMask2)
                {
                    return(null);
                }
                if ((aceFlags1 & ~(AceFlags.ContainerInherit | AceFlags.ObjectInherit)) ==
                    (aceFlags2 & ~(AceFlags.ContainerInherit | AceFlags.ObjectInherit)))
                {
                    aceFlagsNew   = aceFlags1 | aceFlags2;                 // merge InheritanceFlags
                    accessMaskNew = accessMask1;
                }
                else if ((aceFlags1 & ~(AceFlags.SuccessfulAccess | AceFlags.FailedAccess)) ==
                         (aceFlags2 & ~(AceFlags.SuccessfulAccess | AceFlags.FailedAccess)))
                {
                    aceFlagsNew   = aceFlags1 | aceFlags2;                 // merge AuditFlags
                    accessMaskNew = accessMask1;
                }
                else
                {
                    return(null);
                }
            }
            else
            {
                aceFlagsNew   = aceFlags1;
                accessMaskNew = accessMask1 | accessMask2;
            }

            CommonAce cace1 = ace1 as CommonAce;
            CommonAce cace2 = ace2 as CommonAce;

            if (null != cace1 && null != cace2)
            {
                return(new CommonAce(aceFlagsNew, cace1.AceQualifier, accessMaskNew,
                                     cace1.SecurityIdentifier, cace1.IsCallback, cace1.GetOpaque()));
            }

            ObjectAce oace1 = ace1 as ObjectAce;
            ObjectAce oace2 = ace2 as ObjectAce;

            if (null != oace1 && null != oace2)
            {
                // See DiscretionaryAclTest.GuidEmptyMergesRegardlessOfFlagsAndOpaqueDataIsNotConsidered
                Guid type1, inheritedType1; GetObjectAceTypeGuids(oace1, out type1, out inheritedType1);
                Guid type2, inheritedType2; GetObjectAceTypeGuids(oace2, out type2, out inheritedType2);

                if (type1 == type2 && inheritedType1 == inheritedType2)
                {
                    return(new ObjectAce(aceFlagsNew, oace1.AceQualifier, accessMaskNew,
                                         oace1.SecurityIdentifier,
                                         oace1.ObjectAceFlags, oace1.ObjectAceType, oace1.InheritedObjectAceType,
                                         oace1.IsCallback, oace1.GetOpaque()));
                }
            }

            return(null);
        }
Пример #25
0
        private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, System.Type targetType)
        {
            ReadLock();

            try
            {
                AuthorizationRuleCollection result = new AuthorizationRuleCollection();

                if (!IsValidTargetTypeStatic(targetType))
                {
                    throw new ArgumentException(SR.Arg_MustBeIdentityReferenceType, nameof(targetType));
                }

                CommonAcl acl = null;

                if (access)
                {
                    if ((SecurityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != 0)
                    {
                        acl = SecurityDescriptor.DiscretionaryAcl;
                    }
                }
                else // !access == audit
                {
                    if ((SecurityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != 0)
                    {
                        acl = SecurityDescriptor.SystemAcl;
                    }
                }

                if (acl == null)
                {
                    //
                    // The required ACL was not present; return an empty collection.
                    //
                    return(result);
                }

                IdentityReferenceCollection irTarget = null;

                if (targetType != typeof(SecurityIdentifier))
                {
                    IdentityReferenceCollection irSource = new IdentityReferenceCollection(acl.Count);

                    for (int i = 0; i < acl.Count; i++)
                    {
                        //
                        // Calling the indexer on a common ACL results in cloning,
                        // (which would not be the case if we were to use the internal RawAcl property)
                        // but also ensures that the resulting order of ACEs is proper
                        // However, this is a big price to pay - cloning all the ACEs just so that
                        // the canonical order could be ascertained just once.
                        // A better way would be to have an internal method that would canonicalize the ACL
                        // and call it once, then use the RawAcl.
                        //
                        QualifiedAce ace = acl[i] as QualifiedAce;

                        if (ace == null)
                        {
                            //
                            // Only consider qualified ACEs
                            //
                            continue;
                        }

                        if (ace.IsCallback == true)
                        {
                            //
                            // Ignore callback ACEs
                            //
                            continue;
                        }

                        if (access)
                        {
                            if (ace.AceQualifier != AceQualifier.AccessAllowed && ace.AceQualifier != AceQualifier.AccessDenied)
                            {
                                continue;
                            }
                        }
                        else
                        {
                            if (ace.AceQualifier != AceQualifier.SystemAudit)
                            {
                                continue;
                            }
                        }

                        irSource.Add(ace.SecurityIdentifier);
                    }

                    irTarget = irSource.Translate(targetType);
                }

                for (int i = 0; i < acl.Count; i++)
                {
                    //
                    // Calling the indexer on a common ACL results in cloning,
                    // (which would not be the case if we were to use the internal RawAcl property)
                    // but also ensures that the resulting order of ACEs is proper
                    // However, this is a big price to pay - cloning all the ACEs just so that
                    // the canonical order could be ascertained just once.
                    // A better way would be to have an internal method that would canonicalize the ACL
                    // and call it once, then use the RawAcl.
                    //
                    QualifiedAce ace = acl[i] as CommonAce;

                    if (ace == null)
                    {
                        ace = acl[i] as ObjectAce;
                        if (ace == null)
                        {
                            //
                            // Only consider common or object ACEs
                            //
                            continue;
                        }
                    }

                    if (ace.IsCallback == true)
                    {
                        //
                        // Ignore callback ACEs
                        //
                        continue;
                    }

                    if (access)
                    {
                        if (ace.AceQualifier != AceQualifier.AccessAllowed && ace.AceQualifier != AceQualifier.AccessDenied)
                        {
                            continue;
                        }
                    }
                    else
                    {
                        if (ace.AceQualifier != AceQualifier.SystemAudit)
                        {
                            continue;
                        }
                    }

                    if ((includeExplicit && ((ace.AceFlags & AceFlags.Inherited) == 0)) || (includeInherited && ((ace.AceFlags & AceFlags.Inherited) != 0)))
                    {
                        IdentityReference iref = (targetType == typeof(SecurityIdentifier)) ? ace.SecurityIdentifier : irTarget[i];

                        if (access)
                        {
                            AccessControlType type;

                            if (ace.AceQualifier == AceQualifier.AccessAllowed)
                            {
                                type = AccessControlType.Allow;
                            }
                            else
                            {
                                type = AccessControlType.Deny;
                            }

                            if (ace is ObjectAce)
                            {
                                ObjectAce objectAce = ace as ObjectAce;

                                result.AddRule(AccessRuleFactory(iref, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, type, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
                            }
                            else
                            {
                                CommonAce commonAce = ace as CommonAce;

                                if (commonAce == null)
                                {
                                    continue;
                                }

                                result.AddRule(AccessRuleFactory(iref, commonAce.AccessMask, commonAce.IsInherited, commonAce.InheritanceFlags, commonAce.PropagationFlags, type));
                            }
                        }
                        else
                        {
                            if (ace is ObjectAce)
                            {
                                ObjectAce objectAce = ace as ObjectAce;

                                result.AddRule(AuditRuleFactory(iref, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, objectAce.AuditFlags, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
                            }
                            else
                            {
                                CommonAce commonAce = ace as CommonAce;

                                if (commonAce == null)
                                {
                                    continue;
                                }

                                result.AddRule(AuditRuleFactory(iref, commonAce.AccessMask, commonAce.IsInherited, commonAce.InheritanceFlags, commonAce.PropagationFlags, commonAce.AuditFlags));
                            }
                        }
                    }
                }

                return(result);
            }
            finally
            {
                ReadUnlock();
            }
        }
 private bool GetAccessMaskForRemoval(QualifiedAce ace, ObjectAceFlags objectFlags, Guid objectType, ref int accessMask)
 {
     if (((ace.AccessMask & accessMask) & ObjectAce.AccessMaskWithObjectType) != 0)
     {
         if (ace is ObjectAce)
         {
             ObjectAce ace2 = ace as ObjectAce;
             if (((objectFlags & ObjectAceFlags.ObjectAceTypePresent) != ObjectAceFlags.None) && ((ace2.ObjectAceFlags & ObjectAceFlags.ObjectAceTypePresent) == ObjectAceFlags.None))
             {
                 return false;
             }
             if (!(((objectFlags & ObjectAceFlags.ObjectAceTypePresent) == ObjectAceFlags.None) || ace2.ObjectTypesMatch(objectFlags, objectType)))
             {
                 accessMask &= ~ObjectAce.AccessMaskWithObjectType;
             }
         }
         else if ((objectFlags & ObjectAceFlags.ObjectAceTypePresent) != ObjectAceFlags.None)
         {
             return false;
         }
     }
     return true;
 }
        internal bool RemoveQualifiedAces(SecurityIdentifier sid, AceQualifier qualifier, int accessMask, AceFlags flags, bool saclSemantics, ObjectAceFlags objectFlags, Guid objectType, Guid inheritedObjectType)
        {
            if (accessMask == 0)
            {
                throw new ArgumentException(Environment.GetResourceString("Argument_ArgumentZero"), "accessMask");
            }
            if ((qualifier == AceQualifier.SystemAudit) && (((byte)(flags & AceFlags.AuditFlags)) == 0))
            {
                throw new ArgumentException(Environment.GetResourceString("Arg_EnumAtLeastOneFlag"), "flags");
            }
            if (sid == null)
            {
                throw new ArgumentNullException("sid");
            }
            this.ThrowIfNotCanonical();
            bool     flag   = true;
            bool     flag2  = true;
            int      num    = accessMask;
            AceFlags flags2 = flags;

            byte[] binaryForm = new byte[this.BinaryLength];
            this.GetBinaryForm(binaryForm, 0);
Label_0075:
            try
            {
                for (int i = 0; i < this.Count; i++)
                {
                    QualifiedAce ace = this._acl[i] as QualifiedAce;
                    if (((ace == null) || (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)) || ((ace.AceQualifier != qualifier) || (ace.SecurityIdentifier != sid)))
                    {
                        continue;
                    }
                    if (this.IsDS)
                    {
                        accessMask = num;
                        bool flag3 = !this.GetAccessMaskForRemoval(ace, objectFlags, objectType, ref accessMask);
                        if ((ace.AccessMask & accessMask) == 0)
                        {
                            continue;
                        }
                        flags = flags2;
                        bool flag4 = !this.GetInheritanceFlagsForRemoval(ace, objectFlags, inheritedObjectType, ref flags);
                        if (((((((byte)(ace.AceFlags & AceFlags.ContainerInherit)) == 0) && (((byte)(flags & AceFlags.ContainerInherit)) != 0)) && (((byte)(flags & AceFlags.InheritOnly)) != 0)) || (((((byte)(flags & AceFlags.ContainerInherit)) == 0) && (((byte)(ace.AceFlags & AceFlags.ContainerInherit)) != 0)) && (((byte)(ace.AceFlags & AceFlags.InheritOnly)) != 0))) || (((((byte)(flags2 & AceFlags.ContainerInherit)) != 0) && (((byte)(flags2 & AceFlags.InheritOnly)) != 0)) && (((byte)(flags & AceFlags.ContainerInherit)) == 0)))
                        {
                            continue;
                        }
                        if (!flag3 && !flag4)
                        {
                            goto Label_0184;
                        }
                        flag2 = false;
                        goto Label_0483;
                    }
                    if ((ace.AccessMask & accessMask) == 0)
                    {
                        continue;
                    }
Label_0184:
                    if (!saclSemantics || (((byte)(((byte)(ace.AceFlags & flags)) & 0xc0)) != 0))
                    {
                        AceFlags       none     = AceFlags.None;
                        int            num3     = 0;
                        ObjectAceFlags flags4   = ObjectAceFlags.None;
                        Guid           empty    = Guid.Empty;
                        Guid           guid2    = Guid.Empty;
                        AceFlags       aceFlags = AceFlags.None;
                        int            num4     = 0;
                        ObjectAceFlags flags6   = ObjectAceFlags.None;
                        Guid           guid3    = Guid.Empty;
                        Guid           guid4    = Guid.Empty;
                        AceFlags       existing = AceFlags.None;
                        int            num5     = 0;
                        ObjectAceFlags flags8   = ObjectAceFlags.None;
                        Guid           guid5    = Guid.Empty;
                        Guid           guid6    = Guid.Empty;
                        AceFlags       result   = AceFlags.None;
                        bool           total    = false;
                        none = ace.AceFlags;
                        num3 = ace.AccessMask & ~accessMask;
                        if (ace is ObjectAce)
                        {
                            this.GetObjectTypesForSplit(ace as ObjectAce, num3, none, out flags4, out empty, out guid2);
                        }
                        if (saclSemantics)
                        {
                            aceFlags = (AceFlags)((byte)(ace.AceFlags & ~((byte)(flags & AceFlags.AuditFlags))));
                            num4     = ace.AccessMask & accessMask;
                            if (ace is ObjectAce)
                            {
                                this.GetObjectTypesForSplit(ace as ObjectAce, num4, aceFlags, out flags6, out guid3, out guid4);
                            }
                        }
                        existing = (AceFlags)((byte)(((byte)(ace.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit))) | ((byte)(((byte)(flags & ace.AceFlags)) & 0xc0))));
                        num5     = ace.AccessMask & accessMask;
                        if (!saclSemantics || (((byte)(existing & AceFlags.AuditFlags)) != 0))
                        {
                            if (!RemoveInheritanceBits(existing, flags, this.IsDS, out result, out total))
                            {
                                flag2 = false;
                                goto Label_0483;
                            }
                            if (!total)
                            {
                                result = (AceFlags)((byte)(result | ((byte)(existing & AceFlags.AuditFlags))));
                                if (ace is ObjectAce)
                                {
                                    this.GetObjectTypesForSplit(ace as ObjectAce, num5, result, out flags8, out guid5, out guid6);
                                }
                            }
                        }
                        if (!flag)
                        {
                            QualifiedAce ace2;
                            if (num3 != 0)
                            {
                                if (((ace is ObjectAce) && ((((ObjectAce)ace).ObjectAceFlags & ObjectAceFlags.ObjectAceTypePresent) != ObjectAceFlags.None)) && ((flags4 & ObjectAceFlags.ObjectAceTypePresent) == ObjectAceFlags.None))
                                {
                                    this._acl.RemoveAce(i);
                                    ObjectAce ace3 = new ObjectAce(none, qualifier, num3, ace.SecurityIdentifier, flags4, empty, guid2, false, null);
                                    this._acl.InsertAce(i, ace3);
                                }
                                else
                                {
                                    ace.AceFlags   = none;
                                    ace.AccessMask = num3;
                                    if (ace is ObjectAce)
                                    {
                                        ObjectAce ace4 = ace as ObjectAce;
                                        ace4.ObjectAceFlags         = flags4;
                                        ace4.ObjectAceType          = empty;
                                        ace4.InheritedObjectAceType = guid2;
                                    }
                                }
                            }
                            else
                            {
                                this._acl.RemoveAce(i);
                                i--;
                            }
                            if (saclSemantics && (((byte)(aceFlags & AceFlags.AuditFlags)) != 0))
                            {
                                if (ace is CommonAce)
                                {
                                    ace2 = new CommonAce(aceFlags, qualifier, num4, ace.SecurityIdentifier, false, null);
                                }
                                else
                                {
                                    ace2 = new ObjectAce(aceFlags, qualifier, num4, ace.SecurityIdentifier, flags6, guid3, guid4, false, null);
                                }
                                i++;
                                this._acl.InsertAce(i, ace2);
                            }
                            if (!total)
                            {
                                if (ace is CommonAce)
                                {
                                    ace2 = new CommonAce(result, qualifier, num5, ace.SecurityIdentifier, false, null);
                                }
                                else
                                {
                                    ace2 = new ObjectAce(result, qualifier, num5, ace.SecurityIdentifier, flags8, guid5, guid6, false, null);
                                }
                                i++;
                                this._acl.InsertAce(i, ace2);
                            }
                        }
                    }
                }
            }
            catch (OverflowException)
            {
                this._acl.SetBinaryForm(binaryForm, 0);
                return(false);
            }
Label_0483:
            if (flag && flag2)
            {
                flag = false;
                goto Label_0075;
            }
            this.OnAclModificationTried();
            return(flag2);
        }
Пример #28
0
        // Token: 0x06001FF6 RID: 8182 RVA: 0x0006FAEC File Offset: 0x0006DCEC
        private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, Type targetType)
        {
            base.ReadLock();
            AuthorizationRuleCollection result;

            try
            {
                AuthorizationRuleCollection authorizationRuleCollection = new AuthorizationRuleCollection();
                if (!SecurityIdentifier.IsValidTargetTypeStatic(targetType))
                {
                    throw new ArgumentException(Environment.GetResourceString("Arg_MustBeIdentityReferenceType"), "targetType");
                }
                CommonAcl commonAcl = null;
                if (access)
                {
                    if ((this._securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != ControlFlags.None)
                    {
                        commonAcl = this._securityDescriptor.DiscretionaryAcl;
                    }
                }
                else if ((this._securityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != ControlFlags.None)
                {
                    commonAcl = this._securityDescriptor.SystemAcl;
                }
                if (commonAcl == null)
                {
                    result = authorizationRuleCollection;
                }
                else
                {
                    IdentityReferenceCollection identityReferenceCollection = null;
                    if (targetType != typeof(SecurityIdentifier))
                    {
                        IdentityReferenceCollection identityReferenceCollection2 = new IdentityReferenceCollection(commonAcl.Count);
                        for (int i = 0; i < commonAcl.Count; i++)
                        {
                            QualifiedAce qualifiedAce = commonAcl[i] as QualifiedAce;
                            if (!(qualifiedAce == null) && !qualifiedAce.IsCallback)
                            {
                                if (access)
                                {
                                    if (qualifiedAce.AceQualifier != AceQualifier.AccessAllowed && qualifiedAce.AceQualifier != AceQualifier.AccessDenied)
                                    {
                                        goto IL_EB;
                                    }
                                }
                                else if (qualifiedAce.AceQualifier != AceQualifier.SystemAudit)
                                {
                                    goto IL_EB;
                                }
                                identityReferenceCollection2.Add(qualifiedAce.SecurityIdentifier);
                            }
                            IL_EB :;
                        }
                        identityReferenceCollection = identityReferenceCollection2.Translate(targetType);
                    }
                    int j = 0;
                    while (j < commonAcl.Count)
                    {
                        QualifiedAce qualifiedAce2 = commonAcl[j] as CommonAce;
                        if (!(qualifiedAce2 == null))
                        {
                            goto IL_142;
                        }
                        qualifiedAce2 = (commonAcl[j] as ObjectAce);
                        if (!(qualifiedAce2 == null))
                        {
                            goto IL_142;
                        }
IL_306:
                        j++;
                        continue;
IL_142:
                        if (qualifiedAce2.IsCallback)
                        {
                            goto IL_306;
                        }
                        if (access)
                        {
                            if (qualifiedAce2.AceQualifier != AceQualifier.AccessAllowed && qualifiedAce2.AceQualifier != AceQualifier.AccessDenied)
                            {
                                goto IL_306;
                            }
                        }
                        else if (qualifiedAce2.AceQualifier != AceQualifier.SystemAudit)
                        {
                            goto IL_306;
                        }
                        if ((!includeExplicit || (qualifiedAce2.AceFlags & AceFlags.Inherited) != AceFlags.None) && (!includeInherited || (qualifiedAce2.AceFlags & AceFlags.Inherited) == AceFlags.None))
                        {
                            goto IL_306;
                        }
                        IdentityReference identityReference = (targetType == typeof(SecurityIdentifier)) ? qualifiedAce2.SecurityIdentifier : identityReferenceCollection[j];
                        if (access)
                        {
                            AccessControlType type;
                            if (qualifiedAce2.AceQualifier == AceQualifier.AccessAllowed)
                            {
                                type = AccessControlType.Allow;
                            }
                            else
                            {
                                type = AccessControlType.Deny;
                            }
                            if (qualifiedAce2 is ObjectAce)
                            {
                                ObjectAce objectAce = qualifiedAce2 as ObjectAce;
                                authorizationRuleCollection.AddRule(this.AccessRuleFactory(identityReference, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, type, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
                                goto IL_306;
                            }
                            CommonAce commonAce = qualifiedAce2 as CommonAce;
                            if (!(commonAce == null))
                            {
                                authorizationRuleCollection.AddRule(this.AccessRuleFactory(identityReference, commonAce.AccessMask, commonAce.IsInherited, commonAce.InheritanceFlags, commonAce.PropagationFlags, type));
                                goto IL_306;
                            }
                            goto IL_306;
                        }
                        else
                        {
                            if (qualifiedAce2 is ObjectAce)
                            {
                                ObjectAce objectAce2 = qualifiedAce2 as ObjectAce;
                                authorizationRuleCollection.AddRule(this.AuditRuleFactory(identityReference, objectAce2.AccessMask, objectAce2.IsInherited, objectAce2.InheritanceFlags, objectAce2.PropagationFlags, objectAce2.AuditFlags, objectAce2.ObjectAceType, objectAce2.InheritedObjectAceType));
                                goto IL_306;
                            }
                            CommonAce commonAce2 = qualifiedAce2 as CommonAce;
                            if (!(commonAce2 == null))
                            {
                                authorizationRuleCollection.AddRule(this.AuditRuleFactory(identityReference, commonAce2.AccessMask, commonAce2.IsInherited, commonAce2.InheritanceFlags, commonAce2.PropagationFlags, commonAce2.AuditFlags));
                                goto IL_306;
                            }
                            goto IL_306;
                        }
                    }
                    result = authorizationRuleCollection;
                }
            }
            finally
            {
                base.ReadUnlock();
            }
            return(result);
        }
 private bool MergeAces(ref QualifiedAce ace, QualifiedAce newAce)
 {
     if (((byte)(ace.AceFlags & AceFlags.Inherited)) == 0)
     {
         if (((byte)(newAce.AceFlags & AceFlags.Inherited)) != 0)
         {
             return(false);
         }
         if (ace.AceQualifier != newAce.AceQualifier)
         {
             return(false);
         }
         if (ace.SecurityIdentifier != newAce.SecurityIdentifier)
         {
             return(false);
         }
         if (ace.AceFlags == newAce.AceFlags)
         {
             if (!(ace is ObjectAce) && !(newAce is ObjectAce))
             {
                 ace.AccessMask |= newAce.AccessMask;
                 return(true);
             }
             if (this.InheritedObjectTypesMatch(ace, newAce) && this.AccessMasksAreMergeable(ace, newAce))
             {
                 ace.AccessMask |= newAce.AccessMask;
                 return(true);
             }
         }
         if ((((byte)(ace.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit))) == ((byte)(newAce.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit)))) && (ace.AccessMask == newAce.AccessMask))
         {
             if (!(ace is ObjectAce) && !(newAce is ObjectAce))
             {
                 ace.AceFlags = (AceFlags)((byte)(ace.AceFlags | ((byte)(newAce.AceFlags & AceFlags.AuditFlags))));
                 return(true);
             }
             if (this.InheritedObjectTypesMatch(ace, newAce) && this.ObjectTypesMatch(ace, newAce))
             {
                 ace.AceFlags = (AceFlags)((byte)(ace.AceFlags | ((byte)(newAce.AceFlags & AceFlags.AuditFlags))));
                 return(true);
             }
         }
         if ((((byte)(ace.AceFlags & AceFlags.AuditFlags)) == ((byte)(newAce.AceFlags & AceFlags.AuditFlags))) && (ace.AccessMask == newAce.AccessMask))
         {
             AceFlags flags;
             if ((ace is ObjectAce) || (newAce is ObjectAce))
             {
                 if ((this.ObjectTypesMatch(ace, newAce) && this.AceFlagsAreMergeable(ace, newAce)) && MergeInheritanceBits(ace.AceFlags, newAce.AceFlags, this.IsDS, out flags))
                 {
                     ace.AceFlags = (AceFlags)((byte)(flags | ((byte)(ace.AceFlags & AceFlags.AuditFlags))));
                     return(true);
                 }
             }
             else if (MergeInheritanceBits(ace.AceFlags, newAce.AceFlags, this.IsDS, out flags))
             {
                 ace.AceFlags = (AceFlags)((byte)(flags | ((byte)(ace.AceFlags & AceFlags.AuditFlags))));
                 return(true);
             }
         }
     }
     return(false);
 }
Пример #30
0
		internal virtual AuditRule InternalAuditRuleFactory (QualifiedAce ace, Type targetType)
		{
			return AuditRuleFactory (ace.SecurityIdentifier.Translate (targetType),
						 ace.AccessMask, ace.IsInherited,
						 ace.InheritanceFlags, ace.PropagationFlags, ace.AuditFlags);
		}
Пример #31
0
        private bool InheritedObjectTypesMatch( QualifiedAce ace, QualifiedAce newAce )
        {
            Guid inheritedObjectType = ( ace is ObjectAce ) ? (( ObjectAce ) ace ).InheritedObjectAceType : Guid.Empty;
            Guid newInheritedObjectType = ( newAce is ObjectAce ) ? (( ObjectAce ) newAce ).InheritedObjectAceType : Guid.Empty;

            return inheritedObjectType.Equals( newInheritedObjectType );
        }
 private bool MergeAces(ref QualifiedAce ace, QualifiedAce newAce)
 {
     if (((byte) (ace.AceFlags & AceFlags.Inherited)) == 0)
     {
         if (((byte) (newAce.AceFlags & AceFlags.Inherited)) != 0)
         {
             return false;
         }
         if (ace.AceQualifier != newAce.AceQualifier)
         {
             return false;
         }
         if (ace.SecurityIdentifier != newAce.SecurityIdentifier)
         {
             return false;
         }
         if (ace.AceFlags == newAce.AceFlags)
         {
             if (!(ace is ObjectAce) && !(newAce is ObjectAce))
             {
                 ace.AccessMask |= newAce.AccessMask;
                 return true;
             }
             if (this.InheritedObjectTypesMatch(ace, newAce) && this.AccessMasksAreMergeable(ace, newAce))
             {
                 ace.AccessMask |= newAce.AccessMask;
                 return true;
             }
         }
         if ((((byte) (ace.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit))) == ((byte) (newAce.AceFlags & (AceFlags.ContainerInherit | AceFlags.InheritOnly | AceFlags.NoPropagateInherit | AceFlags.ObjectInherit)))) && (ace.AccessMask == newAce.AccessMask))
         {
             if (!(ace is ObjectAce) && !(newAce is ObjectAce))
             {
                 ace.AceFlags = (AceFlags) ((byte) (ace.AceFlags | ((byte) (newAce.AceFlags & AceFlags.AuditFlags))));
                 return true;
             }
             if (this.InheritedObjectTypesMatch(ace, newAce) && this.ObjectTypesMatch(ace, newAce))
             {
                 ace.AceFlags = (AceFlags) ((byte) (ace.AceFlags | ((byte) (newAce.AceFlags & AceFlags.AuditFlags))));
                 return true;
             }
         }
         if ((((byte) (ace.AceFlags & AceFlags.AuditFlags)) == ((byte) (newAce.AceFlags & AceFlags.AuditFlags))) && (ace.AccessMask == newAce.AccessMask))
         {
             AceFlags flags;
             if ((ace is ObjectAce) || (newAce is ObjectAce))
             {
                 if ((this.ObjectTypesMatch(ace, newAce) && this.AceFlagsAreMergeable(ace, newAce)) && MergeInheritanceBits(ace.AceFlags, newAce.AceFlags, this.IsDS, out flags))
                 {
                     ace.AceFlags = (AceFlags) ((byte) (flags | ((byte) (ace.AceFlags & AceFlags.AuditFlags))));
                     return true;
                 }
             }
             else if (MergeInheritanceBits(ace.AceFlags, newAce.AceFlags, this.IsDS, out flags))
             {
                 ace.AceFlags = (AceFlags) ((byte) (flags | ((byte) (ace.AceFlags & AceFlags.AuditFlags))));
                 return true;
             }
         }
     }
     return false;
 }
Пример #33
0
        private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, Type targetType)
        {
            AuthorizationRuleCollection rules2;

            base.ReadLock();
            try
            {
                AuthorizationRuleCollection rules = new AuthorizationRuleCollection();
                if (!SecurityIdentifier.IsValidTargetTypeStatic(targetType))
                {
                    throw new ArgumentException(Environment.GetResourceString("Arg_MustBeIdentityReferenceType"), "targetType");
                }
                CommonAcl discretionaryAcl = null;
                if (access)
                {
                    if ((base._securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != ControlFlags.None)
                    {
                        discretionaryAcl = base._securityDescriptor.DiscretionaryAcl;
                    }
                }
                else if ((base._securityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != ControlFlags.None)
                {
                    discretionaryAcl = base._securityDescriptor.SystemAcl;
                }
                if (discretionaryAcl == null)
                {
                    return(rules);
                }
                IdentityReferenceCollection references = null;
                if (targetType != typeof(SecurityIdentifier))
                {
                    IdentityReferenceCollection references2 = new IdentityReferenceCollection(discretionaryAcl.Count);
                    for (int j = 0; j < discretionaryAcl.Count; j++)
                    {
                        QualifiedAce ace = discretionaryAcl[j] as QualifiedAce;
                        if ((ace == null) || ace.IsCallback)
                        {
                            continue;
                        }
                        if (access)
                        {
                            if ((ace.AceQualifier == AceQualifier.AccessAllowed) || (ace.AceQualifier == AceQualifier.AccessDenied))
                            {
                                goto Label_00DD;
                            }
                            continue;
                        }
                        if (ace.AceQualifier != AceQualifier.SystemAudit)
                        {
                            continue;
                        }
Label_00DD:
                        references2.Add(ace.SecurityIdentifier);
                    }
                    references = references2.Translate(targetType);
                }
                for (int i = 0; i < discretionaryAcl.Count; i++)
                {
                    QualifiedAce ace2 = discretionaryAcl[i] as CommonAce;
                    if (ace2 == null)
                    {
                        ace2 = discretionaryAcl[i] as ObjectAce;
                        if (ace2 == null)
                        {
                            continue;
                        }
                    }
                    if (ace2.IsCallback)
                    {
                        continue;
                    }
                    if (access)
                    {
                        if ((ace2.AceQualifier == AceQualifier.AccessAllowed) || (ace2.AceQualifier == AceQualifier.AccessDenied))
                        {
                            goto Label_0174;
                        }
                        continue;
                    }
                    if (ace2.AceQualifier != AceQualifier.SystemAudit)
                    {
                        continue;
                    }
Label_0174:
                    if ((includeExplicit && (((byte)(ace2.AceFlags & AceFlags.Inherited)) == 0)) || (includeInherited && (((byte)(ace2.AceFlags & AceFlags.Inherited)) != 0)))
                    {
                        IdentityReference identityReference = (targetType == typeof(SecurityIdentifier)) ? ace2.SecurityIdentifier : references[i];
                        if (access)
                        {
                            AccessControlType allow;
                            if (ace2.AceQualifier == AceQualifier.AccessAllowed)
                            {
                                allow = AccessControlType.Allow;
                            }
                            else
                            {
                                allow = AccessControlType.Deny;
                            }
                            if (ace2 is ObjectAce)
                            {
                                ObjectAce ace3 = ace2 as ObjectAce;
                                rules.AddRule(this.AccessRuleFactory(identityReference, ace3.AccessMask, ace3.IsInherited, ace3.InheritanceFlags, ace3.PropagationFlags, allow, ace3.ObjectAceType, ace3.InheritedObjectAceType));
                            }
                            else
                            {
                                CommonAce ace4 = ace2 as CommonAce;
                                if (ace4 != null)
                                {
                                    rules.AddRule(this.AccessRuleFactory(identityReference, ace4.AccessMask, ace4.IsInherited, ace4.InheritanceFlags, ace4.PropagationFlags, allow));
                                }
                            }
                        }
                        else if (ace2 is ObjectAce)
                        {
                            ObjectAce ace5 = ace2 as ObjectAce;
                            rules.AddRule(this.AuditRuleFactory(identityReference, ace5.AccessMask, ace5.IsInherited, ace5.InheritanceFlags, ace5.PropagationFlags, ace5.AuditFlags, ace5.ObjectAceType, ace5.InheritedObjectAceType));
                        }
                        else
                        {
                            CommonAce ace6 = ace2 as CommonAce;
                            if (ace6 != null)
                            {
                                rules.AddRule(this.AuditRuleFactory(identityReference, ace6.AccessMask, ace6.IsInherited, ace6.InheritanceFlags, ace6.PropagationFlags, ace6.AuditFlags));
                            }
                        }
                    }
                }
                rules2 = rules;
            }
            finally
            {
                base.ReadUnlock();
            }
            return(rules2);
        }
Пример #34
0
        private bool GetInheritanceFlagsForRemoval( QualifiedAce ace, ObjectAceFlags objectFlags, Guid inheritedObjectType, ref AceFlags aceFlags )
        {
            if ((( ace.AceFlags & AceFlags.ContainerInherit ) != 0 )  && (( aceFlags & AceFlags.ContainerInherit ) != 0 ))
            {

                // 
                // If the aces have inheritance bits in common 
                // then we follow these rules:
                //
                //       Remove    No IOT    IOT = A        IOT = B
                // Existing
                // 
                //   No IOT          Remove   Invalid        Invalid
                //
                //   IOT = A        Remove   Remove      Nothing Common
                //
            
                
                if ( ace is ObjectAce )
                {
                    bool commonInheritanceFlagsExist = true;
                    ObjectAce objectAce = ace as ObjectAce;

                    //
                    // if what we are trying to remove has an inherited object type 
                    // but the existing ace does not then this is an invalid case
                    //
                    if ((( objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent ) != 0 ) && 
                        (( objectAce.ObjectAceFlags & ObjectAceFlags.InheritedObjectAceTypePresent ) == 0 ))
                    {
                        return false;
                    }

                    //
                    // if what we are trying to remove has no inherited object type or
                    // if inherited object types match then we have common inheritance flags                     
                    //
                    commonInheritanceFlagsExist = (( objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent ) == 0 ) ||
                                                                       objectAce.InheritedObjectTypesMatch( objectFlags, inheritedObjectType );
                    if ( !commonInheritanceFlagsExist ) 
                    {
                        aceFlags &= ~AceFlags.InheritanceFlags;
                    }
                }
                else if (( objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent ) != 0 ) 
                {
                    // the existing ace is a common ace and the one we're removing 
                    // refers to a specific child type so this is invalid
                    return false;
                }               
            }

            return true;

        }
 private bool AceFlagsAreMergeable(QualifiedAce ace, QualifiedAce newAce)
 {
     if (this.InheritedObjectTypesMatch(ace, newAce))
     {
         return true;
     }
     ObjectAceFlags flags = (ace is ObjectAce) ? ((ObjectAce) ace).ObjectAceFlags : ObjectAceFlags.None;
     return ((flags & ObjectAceFlags.InheritedObjectAceTypePresent) == ObjectAceFlags.None);
 }
Пример #36
0
        static private bool AcesAreMergeable( QualifiedAce ace, QualifiedAce newAce )
        {
            //
            // Only interested in ACEs with the specified type
            //

            if ( ace.AceType != newAce.AceType )
            {
                return false;
            }

            //
            // Only interested in explicit (non-inherited) ACEs
            //

            if (( ace.AceFlags & AceFlags.Inherited ) != 0 )
            {
                return false;
            }

            if (( newAce.AceFlags & AceFlags.Inherited ) != 0 )
            {
                return false;
            }

            //
            // Only interested in ACEs with the specified qualifier
            //

            if ( ace.AceQualifier != newAce.AceQualifier )
            {
                return false;
            }

            //
            // Only interested in ACEs with the specified SID
            //

            if ( ace.SecurityIdentifier != newAce.SecurityIdentifier )
            {
                return false;
            }

            //
            // Only interested in ACEs with the specified callback data
            //

            if ( !AceOpaquesMatch( ace, newAce ))
            {
                return false;
            }

            return true;
        }
Пример #37
0
        private bool ObjectTypesMatch( QualifiedAce ace, QualifiedAce newAce )
        {
            Guid objectType = ( ace is ObjectAce ) ? (( ObjectAce ) ace ).ObjectAceType : Guid.Empty;
            Guid newObjectType = ( newAce is ObjectAce ) ? (( ObjectAce ) newAce ).ObjectAceType : Guid.Empty;

            return objectType.Equals( newObjectType );
        }
 private bool ObjectTypesMatch(QualifiedAce ace, QualifiedAce newAce)
 {
     Guid guid = (ace is ObjectAce) ? ((ObjectAce) ace).ObjectAceType : Guid.Empty;
     Guid g = (newAce is ObjectAce) ? ((ObjectAce) newAce).ObjectAceType : Guid.Empty;
     return guid.Equals(g);
 }
Пример #39
0
        private bool AccessMasksAreMergeable( QualifiedAce ace, QualifiedAce newAce )
        {
            //
            // The access masks are mergeable in any of the following conditions
            // 1. Object types match
            // 2. (Object types do not match) The existing ace does not have an object type and 
            //     already contains all the bits of the new ace which refer to the object type
            //

            if ( ObjectTypesMatch( ace, newAce ))
            {
                // case 1
                return true;
            }

            ObjectAceFlags objectFlags = ( ace is ObjectAce ) ? (( ObjectAce ) ace ).ObjectAceFlags : ObjectAceFlags.None;
            if ((( ace.AccessMask & newAce.AccessMask & ObjectAce.AccessMaskWithObjectType ) ==  ( newAce.AccessMask & ObjectAce.AccessMaskWithObjectType )) &&
                 (( objectFlags & ObjectAceFlags.ObjectAceTypePresent ) == 0 ))
            {
                // case 2
                return true;
            }

            return false;
        }
 private bool GetInheritanceFlagsForRemoval(QualifiedAce ace, ObjectAceFlags objectFlags, Guid inheritedObjectType, ref AceFlags aceFlags)
 {
     if ((((byte) (ace.AceFlags & AceFlags.ContainerInherit)) != 0) && (((byte) (aceFlags & AceFlags.ContainerInherit)) != 0))
     {
         if (ace is ObjectAce)
         {
             ObjectAce ace2 = ace as ObjectAce;
             if (((objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != ObjectAceFlags.None) && ((ace2.ObjectAceFlags & ObjectAceFlags.InheritedObjectAceTypePresent) == ObjectAceFlags.None))
             {
                 return false;
             }
             if (!(((objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) == ObjectAceFlags.None) || ace2.InheritedObjectTypesMatch(objectFlags, inheritedObjectType)))
             {
                 aceFlags = (AceFlags) ((byte) (((int) aceFlags) & 240));
             }
         }
         else if ((objectFlags & ObjectAceFlags.InheritedObjectAceTypePresent) != ObjectAceFlags.None)
         {
             return false;
         }
     }
     return true;
 }
Пример #41
0
        private bool GetAccessMaskForRemoval( QualifiedAce ace, ObjectAceFlags objectFlags, Guid objectType, ref int accessMask )
        {
            if (( ace.AccessMask & accessMask & ObjectAce.AccessMaskWithObjectType ) != 0 ) 
            {

                // 
                // If the aces have access bits in common which refer to object types
                // then we follow these rules:
                //
                //       Remove    No OT    OT = A        OT = B
                // Existing
                // 
                //   No OT          Remove   Invalid        Invalid
                //
                //   OT = A        Remove   Remove      Nothing Common
                //
            
                
                if ( ace is ObjectAce )
                {
                    bool commonAccessBitsWithObjectTypeExist = true;
                    ObjectAce objectAce = ace as ObjectAce;

                    //
                    // if what we are trying to remove has an object type 
                    // but the existing ace does not then this is an invalid case
                    //
                    if ((( objectFlags & ObjectAceFlags.ObjectAceTypePresent ) != 0 ) && 
                        (( objectAce.ObjectAceFlags & ObjectAceFlags.ObjectAceTypePresent ) == 0 ))
                    {
                        return false;
                    }

                    //
                    // if what we are trying to remove has no object type or
                    // if object types match (since at this point we have ensured that both have object types present) 
                    // then we have common access bits with object type
                    //
                    commonAccessBitsWithObjectTypeExist = (( objectFlags & ObjectAceFlags.ObjectAceTypePresent ) == 0 ) ||
                                                                                    objectAce.ObjectTypesMatch( objectFlags, objectType );
                    if ( !commonAccessBitsWithObjectTypeExist ) 
                    {
                        accessMask &= ~ObjectAce.AccessMaskWithObjectType;
                    }
                }
                else if (( objectFlags & ObjectAceFlags.ObjectAceTypePresent ) != 0 ) 
                {
                    // the existing ace is a common ace and the one we're removing 
                    // refers to a specific object type so this is invalid
                    return false;
                }               
            }

            return true;

        }
Пример #42
0
 private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit, bool includeInherited, Type targetType)
 {
     this.ReadLock();
     try
     {
         AuthorizationRuleCollection authorizationRuleCollection = new AuthorizationRuleCollection();
         if (!SecurityIdentifier.IsValidTargetTypeStatic(targetType))
         {
             throw new ArgumentException(Environment.GetResourceString("Arg_MustBeIdentityReferenceType"), "targetType");
         }
         CommonAcl commonAcl = (CommonAcl)null;
         if (access)
         {
             if ((this._securityDescriptor.ControlFlags & ControlFlags.DiscretionaryAclPresent) != ControlFlags.None)
             {
                 commonAcl = (CommonAcl)this._securityDescriptor.DiscretionaryAcl;
             }
         }
         else if ((this._securityDescriptor.ControlFlags & ControlFlags.SystemAclPresent) != ControlFlags.None)
         {
             commonAcl = (CommonAcl)this._securityDescriptor.SystemAcl;
         }
         if (commonAcl == null)
         {
             return(authorizationRuleCollection);
         }
         IdentityReferenceCollection referenceCollection1 = (IdentityReferenceCollection)null;
         if (targetType != typeof(SecurityIdentifier))
         {
             IdentityReferenceCollection referenceCollection2 = new IdentityReferenceCollection(commonAcl.Count);
             for (int index = 0; index < commonAcl.Count; ++index)
             {
                 QualifiedAce qualifiedAce = commonAcl[index] as QualifiedAce;
                 if (!((GenericAce)qualifiedAce == (GenericAce)null) && !qualifiedAce.IsCallback)
                 {
                     if (access)
                     {
                         if (qualifiedAce.AceQualifier != AceQualifier.AccessAllowed && qualifiedAce.AceQualifier != AceQualifier.AccessDenied)
                         {
                             continue;
                         }
                     }
                     else if (qualifiedAce.AceQualifier != AceQualifier.SystemAudit)
                     {
                         continue;
                     }
                     referenceCollection2.Add((IdentityReference)qualifiedAce.SecurityIdentifier);
                 }
             }
             referenceCollection1 = referenceCollection2.Translate(targetType);
         }
         for (int index = 0; index < commonAcl.Count; ++index)
         {
             QualifiedAce qualifiedAce = (QualifiedAce)(commonAcl[index] as CommonAce);
             if ((GenericAce)qualifiedAce == (GenericAce)null)
             {
                 qualifiedAce = (QualifiedAce)(commonAcl[index] as ObjectAce);
                 if ((GenericAce)qualifiedAce == (GenericAce)null)
                 {
                     continue;
                 }
             }
             if (!qualifiedAce.IsCallback)
             {
                 if (access)
                 {
                     if (qualifiedAce.AceQualifier != AceQualifier.AccessAllowed && qualifiedAce.AceQualifier != AceQualifier.AccessDenied)
                     {
                         continue;
                     }
                 }
                 else if (qualifiedAce.AceQualifier != AceQualifier.SystemAudit)
                 {
                     continue;
                 }
                 if (includeExplicit && (qualifiedAce.AceFlags & AceFlags.Inherited) == AceFlags.None || includeInherited && (qualifiedAce.AceFlags & AceFlags.Inherited) != AceFlags.None)
                 {
                     IdentityReference identityReference = targetType == typeof(SecurityIdentifier) ? (IdentityReference)qualifiedAce.SecurityIdentifier : referenceCollection1[index];
                     if (access)
                     {
                         AccessControlType type = qualifiedAce.AceQualifier != AceQualifier.AccessAllowed ? AccessControlType.Deny : AccessControlType.Allow;
                         if (qualifiedAce is ObjectAce)
                         {
                             ObjectAce objectAce = qualifiedAce as ObjectAce;
                             authorizationRuleCollection.AddRule((AuthorizationRule)this.AccessRuleFactory(identityReference, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, type, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
                         }
                         else
                         {
                             CommonAce commonAce = qualifiedAce as CommonAce;
                             if (!((GenericAce)commonAce == (GenericAce)null))
                             {
                                 authorizationRuleCollection.AddRule((AuthorizationRule)this.AccessRuleFactory(identityReference, commonAce.AccessMask, commonAce.IsInherited, commonAce.InheritanceFlags, commonAce.PropagationFlags, type));
                             }
                         }
                     }
                     else if (qualifiedAce is ObjectAce)
                     {
                         ObjectAce objectAce = qualifiedAce as ObjectAce;
                         authorizationRuleCollection.AddRule((AuthorizationRule)this.AuditRuleFactory(identityReference, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, objectAce.AuditFlags, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
                     }
                     else
                     {
                         CommonAce commonAce = qualifiedAce as CommonAce;
                         if (!((GenericAce)commonAce == (GenericAce)null))
                         {
                             authorizationRuleCollection.AddRule((AuthorizationRule)this.AuditRuleFactory(identityReference, commonAce.AccessMask, commonAce.IsInherited, commonAce.InheritanceFlags, commonAce.PropagationFlags, commonAce.AuditFlags));
                         }
                     }
                 }
             }
         }
         return(authorizationRuleCollection);
     }
     finally
     {
         this.ReadUnlock();
     }
 }
Пример #43
0
        static private bool AceOpaquesMatch( QualifiedAce ace, QualifiedAce newAce )
        {
            byte[] aceOpaque = ace.GetOpaque();
            byte[] newAceOpaque = newAce.GetOpaque();

            if ( aceOpaque == null || newAceOpaque == null )
            {
                return aceOpaque == newAceOpaque;
            }

            if ( aceOpaque.Length != newAceOpaque.Length )
            {
                return false;
            }

            for ( int i = 0; i < aceOpaque.Length; ++i )
            {
                if ( aceOpaque[i] != newAceOpaque[i] )
                {
                    return false;
                }
            }

            return true;
        }
        private bool CanonicalCheck(bool isDacl)
        {
            if (isDacl)
            {
                int num = 0;
                for (int i = 0; i < this._acl.Count; i++)
                {
                    int        num3 = 3;
                    GenericAce ace  = this._acl[i];
                    if (((byte)(ace.AceFlags & AceFlags.Inherited)) != 0)
                    {
                        num3 = 2;
                    }
                    else
                    {
                        QualifiedAce ace2 = ace as QualifiedAce;
                        if (ace2 != null)
                        {
                            if (ace2.AceQualifier == AceQualifier.AccessAllowed)
                            {
                                num3 = 1;
                                goto Label_0059;
                            }
                            if (ace2.AceQualifier == AceQualifier.AccessDenied)
                            {
                                num3 = 0;
                                goto Label_0059;
                            }
                        }
                        return(false);
                    }
Label_0059:
                    if (num3 != 3)
                    {
                        if (num3 > num)
                        {
                            num = num3;
                        }
                        else if (num3 < num)
                        {
                            return(false);
                        }
                    }
                }
            }
            else
            {
                int num4 = 0;
                for (int j = 0; j < this._acl.Count; j++)
                {
                    int        num6 = 2;
                    GenericAce ace3 = this._acl[j];
                    if (ace3 != null)
                    {
                        if (((byte)(ace3.AceFlags & AceFlags.Inherited)) != 0)
                        {
                            num6 = 1;
                        }
                        else
                        {
                            QualifiedAce ace4 = ace3 as QualifiedAce;
                            if (ace4 == null)
                            {
                                return(false);
                            }
                            if ((ace4.AceQualifier != AceQualifier.SystemAudit) && (ace4.AceQualifier != AceQualifier.SystemAlarm))
                            {
                                return(false);
                            }
                            num6 = 0;
                        }
                        if (num6 > num4)
                        {
                            num4 = num6;
                        }
                        else if (num6 < num4)
                        {
                            return(false);
                        }
                    }
                }
            }
            return(true);
        }
Пример #45
0
        //
        // Merge routine for qualified ACEs
        //

        private bool MergeAces( ref QualifiedAce ace, QualifiedAce newAce )
        {
            //
            // Check whether the ACEs are potentially mergeable
            //

            if ( !AcesAreMergeable( ace, newAce ))
            {
                return false;
            }

            //
            // The modification algorithm proceeds in stages
            //
            // Stage 1: if flags match, add to the access mask
            //

            if ( ace.AceFlags == newAce.AceFlags )
            {
                if ( ace is ObjectAce  || newAce is ObjectAce ) 
                {
                    // for object aces we need to match the inherited object types (for ace flags equality)
                    if ( InheritedObjectTypesMatch( ace, newAce ))
                    {
                        // also since access mask bits are further qualified by object type, they cannot always be added on
                        if ( AccessMasksAreMergeable( ace, newAce ))
                        {
                            ace.AccessMask |= newAce.AccessMask;
                            return true;
                        }
                    }
                }
                else 
                {
                    ace.AccessMask |= newAce.AccessMask;
                    return true;
                }
            }
            
           
            
            //
            // Stage 2: Audit flags can be combined if the rest of the
            //          flags (both access mask and inheritance) match
            //
            
            if ((( ace.AceFlags & AceFlags.InheritanceFlags ) == ( newAce.AceFlags & AceFlags.InheritanceFlags )) &&
                ( ace.AccessMask == newAce.AccessMask ))
            {           
                if (( ace is ObjectAce ) || ( newAce is ObjectAce ))
                {
                    // for object aces we need to match the inherited object types (for inheritance flags equality) and object type (for access mask equality) as well
                    if ( InheritedObjectTypesMatch( ace, newAce ) && 
                        ( ObjectTypesMatch( ace, newAce )))
                    {
                        ace.AceFlags |= ( newAce.AceFlags & AceFlags.AuditFlags );
                        return true;
                    }
                }
                else 
                {
                    ace.AceFlags |= ( newAce.AceFlags & AceFlags.AuditFlags );
                    return true;
                }
                
            }
            
            //
            // Stage 3: Inheritance flags can be combined in some cases
            //          provided access mask and audit bits are the same
            //
            
            if ((( ace.AceFlags & AceFlags.AuditFlags ) == ( newAce.AceFlags & AceFlags.AuditFlags )) &&
                ( ace.AccessMask == newAce.AccessMask ))
            {
                AceFlags merged;

                //
                // See whether the inheritance bits can be merged
                //
            
                if (( ace is ObjectAce ) || ( newAce is ObjectAce ))
                {
                    // object types need to match (for access mask equality) and inheritance flags need additional DS specific logic 
                    // to check whether they can be merged                  
                    if (( ObjectTypesMatch( ace, newAce )) &&
                         ( AceFlagsAreMergeable( ace, newAce )))
                    {
                        if ( true == MergeInheritanceBits( ace.AceFlags, newAce.AceFlags, IsDS, out merged ))
                        {
                            ace.AceFlags = ( merged | ( ace.AceFlags & AceFlags.AuditFlags ));
                            return true;
                        }
                    }
                }
                else
                {
                    if ( true == MergeInheritanceBits( ace.AceFlags, newAce.AceFlags, IsDS, out merged ))
                    {
                        ace.AceFlags = ( merged | ( ace.AceFlags & AceFlags.AuditFlags ));
                        return true;
                    }
                }
                
            }

            return false;
        }
 private bool AccessMasksAreMergeable(QualifiedAce ace, QualifiedAce newAce)
 {
     if (this.ObjectTypesMatch(ace, newAce))
     {
         return true;
     }
     ObjectAceFlags flags = (ace is ObjectAce) ? ((ObjectAce) ace).ObjectAceFlags : ObjectAceFlags.None;
     return ((((ace.AccessMask & newAce.AccessMask) & ObjectAce.AccessMaskWithObjectType) == (newAce.AccessMask & ObjectAce.AccessMaskWithObjectType)) && ((flags & ObjectAceFlags.ObjectAceTypePresent) == ObjectAceFlags.None));
 }