private static SecurityIdentifier GetSidFromAce(GenericAce ace)
{
KnownAce knownAce = ace as KnownAce;
if (knownAce != null)
{
return(knownAce.SecurityIdentifier);
}
return(null);
}
private static RawSecurityDescriptor UpdateMailboxSecurityDescriptor(SecurityIdentifier userSid, ADUser userToConnect, MapiAdministrationSession mapiAdministrationSession, MailboxDatabase database, Guid deletedMailboxGuid, string parameterSetName, Task.TaskVerboseLoggingDelegate verboseLogger)
{
RawSecurityDescriptor rawSecurityDescriptor = null;
try
{
rawSecurityDescriptor = mapiAdministrationSession.GetMailboxSecurityDescriptor(new MailboxId(MapiTaskHelper.ConvertDatabaseADObjectToDatabaseId(database), deletedMailboxGuid));
}
catch (Microsoft.Exchange.Data.Mapi.Common.MailboxNotFoundException)
{
rawSecurityDescriptor = new RawSecurityDescriptor(ControlFlags.DiscretionaryAclDefaulted | ControlFlags.SystemAclDefaulted | ControlFlags.SelfRelative, WindowsIdentity.GetCurrent().User, WindowsIdentity.GetCurrent().User, null, null);
DiscretionaryAcl discretionaryAcl = new DiscretionaryAcl(true, true, 0);
byte[] binaryForm = new byte[discretionaryAcl.BinaryLength];
discretionaryAcl.GetBinaryForm(binaryForm, 0);
rawSecurityDescriptor.DiscretionaryAcl = new RawAcl(binaryForm, 0);
}
bool flag = false;
foreach (GenericAce genericAce in rawSecurityDescriptor.DiscretionaryAcl)
{
KnownAce knownAce = (KnownAce)genericAce;
if (knownAce.SecurityIdentifier.IsWellKnown(WellKnownSidType.SelfSid))
{
flag = true;
break;
}
}
if (!flag)
{
CommonAce ace = new CommonAce(AceFlags.ContainerInherit, AceQualifier.AccessAllowed, 131073, new SecurityIdentifier(WellKnownSidType.SelfSid, null), false, null);
rawSecurityDescriptor.DiscretionaryAcl.InsertAce(0, ace);
}
rawSecurityDescriptor.SetFlags(rawSecurityDescriptor.ControlFlags | ControlFlags.SelfRelative);
if ("Linked" == parameterSetName || "Shared" == parameterSetName || "Room" == parameterSetName || "Equipment" == parameterSetName)
{
RawSecurityDescriptor sd = userToConnect.ReadSecurityDescriptor();
MailboxTaskHelper.GrantPermissionToLinkedUserAccount(userToConnect.MasterAccountSid, ref rawSecurityDescriptor, ref sd);
verboseLogger(Strings.VerboseSaveADSecurityDescriptor(userToConnect.Id.ToString()));
userToConnect.SaveSecurityDescriptor(sd);
}
mapiAdministrationSession.Administration.PurgeCachedMailboxObject(deletedMailboxGuid);
return(rawSecurityDescriptor);
}
public void EnumerateSecurityDescriptor(RawSecurityDescriptor sd)
{
if (sd == null)
{
return;
}
this.sourceMapper.AddSid(sd.Owner);
if (sd.DiscretionaryAcl != null)
{
foreach (GenericAce genericAce in sd.DiscretionaryAcl)
{
KnownAce knownAce = genericAce as KnownAce;
if (knownAce != null)
{
this.sourceMapper.AddSid(knownAce.SecurityIdentifier);
}
}
}
}
private static bool TestPurge(DiscretionaryAcl discretionaryAcl, SecurityIdentifier sid, int aceCount)
{
KnownAce ace = null;
discretionaryAcl.Purge(sid);
if (aceCount != discretionaryAcl.Count)
{
return(false);
}
for (int i = 0; i < discretionaryAcl.Count; i++)
{
ace = discretionaryAcl[i] as KnownAce;
if (ace != null && ((ace.AceFlags & AceFlags.Inherited) == 0))
{
if (ace.SecurityIdentifier == sid)
{
return(false);
}
}
}
return(true);
}
private void UpdateTokenData()
{
UserGroup user = _token.GetUser();
txtUsername.Text = user.GetName();
txtUserSid.Text = user.Sid.ToString();
TokenType tokentype = _token.GetTokenType();
txtTokenType.Text = _token.GetTokenType().ToString();
TokenLibrary.TokenImpersonationLevel implevel = _token.GetImpersonationLevel();
txtImpLevel.Text = implevel.ToString();
txtTokenId.Text = FormatLuid(_token.GetTokenId());
txtModifiedId.Text = FormatLuid(_token.GetModifiedId());
txtAuthId.Text = FormatLuid(_token.GetAuthenticationId());
if (Enum.IsDefined(typeof(TokenLibrary.TokenIntegrityLevel), _token.GetTokenIntegrityLevel()))
{
comboBoxIL.SelectedItem = _token.GetTokenIntegrityLevel();
comboBoxILForDup.SelectedItem = _token.GetTokenIntegrityLevel();
}
else
{
comboBoxIL.Text = _token.GetTokenIntegrityLevel().ToString();
comboBoxILForDup.Text = _token.GetTokenIntegrityLevel().ToString();
}
txtSessionId.Text = _token.GetSessionId().ToString();
txtSourceName.Text = _token.GetSourceName();
txtSourceId.Text = FormatLuid(_token.GetSourceId());
TokenElevationType evtype = _token.GetElevationType();
txtElevationType.Text = evtype.ToString();
txtIsElevated.Text = _token.IsElevated().ToString();
txtOriginLoginId.Text = FormatLuid(_token.GetTokenOriginId());
btnLinkedToken.Enabled = evtype != TokenElevationType.Default;
UpdateGroupList();
txtPrimaryGroup.Text = _token.GetPrimaryGroup().GetName();
txtOwner.Text = _token.GetDefaultOwner().GetName();
RawAcl defdacl = _token.GetDefaultDacl();
if (defdacl != null)
{
foreach (GenericAce ace in defdacl)
{
KnownAce kace = ace as KnownAce;
if (kace != null)
{
UserGroup group = new UserGroup(kace.SecurityIdentifier, GroupFlags.None);
ListViewItem item = new ListViewItem(group.GetName());
uint mask = (uint)(GenericAccessRights.GenericAll | GenericAccessRights.GenericExecute | GenericAccessRights.GenericRead | GenericAccessRights.GenericWrite);
string maskstr;
if (((uint)kace.AccessMask & ~mask) != 0)
{
maskstr = String.Format("0x{0:X08}", kace.AccessMask);
}
else
{
GenericAccessRights generic = (GenericAccessRights)kace.AccessMask;
maskstr = generic.ToString();
}
item.SubItems.Add(maskstr);
item.SubItems.Add(kace.AceFlags.ToString());
item.SubItems.Add(kace.AceType.ToString());
listViewDefDacl.Items.Add(item);
}
}
}
else
{
listViewDefDacl.Items.Add("No Default DACL");
}
listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewDefDacl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
if (_token.IsRestricted())
{
PopulateGroupList(listViewRestrictedSids, _token.GetRestrictedSids());
}
else
{
tabControlMain.TabPages.Remove(tabPageRestricted);
}
if (_token.IsAppContainer())
{
PopulateGroupList(listViewCapabilities, _token.GetCapabilities());
txtACNumber.Text = _token.GetAppContainerNumber().ToString();
txtPackageSid.Text = _token.GetPackageSid().GetName();
}
else
{
tabControlMain.TabPages.Remove(tabPageAppContainer);
}
txtUIAccess.Text = _token.IsUIAccess().ToString();
txtSandboxInert.Text = _token.IsSandboxInert().ToString();
bool virtAllowed = _token.IsVirtualizationAllowed();
txtVirtualizationAllowed.Text = virtAllowed.ToString();
if (virtAllowed)
{
txtVirtualizationEnabled.Text = _token.IsVirtualizationEnabled().ToString();
}
else
{
txtVirtualizationEnabled.Text = "N/A";
}
txtMandatoryILPolicy.Text = _token.GetIntegrityLevelPolicy().ToString();
UpdatePrivileges();
}
public RawSecurityDescriptor TranslateSecurityDescriptor(RawSecurityDescriptor sourceSD, TranslateSecurityDescriptorFlags flags)
{
if (sourceSD == null)
{
return(null);
}
this.ResolveMappings();
RawSecurityDescriptor rawSecurityDescriptor = new RawSecurityDescriptor(sourceSD.ControlFlags, sourceSD.Owner, sourceSD.Group, sourceSD.SystemAcl, sourceSD.DiscretionaryAcl);
bool flag = (flags & TranslateSecurityDescriptorFlags.ExcludeUnmappedACEs) != TranslateSecurityDescriptorFlags.None;
SecurityIdentifier securityIdentifier;
if (this.TryTranslateSid(sourceSD.Owner, out securityIdentifier))
{
rawSecurityDescriptor.Owner = securityIdentifier;
MrsTracer.Service.Debug("Mapped SD owner from {0} to {1}", new object[]
{
sourceSD.Owner,
rawSecurityDescriptor.Owner
});
}
else if (flag)
{
rawSecurityDescriptor.Owner = null;
}
if (this.TryTranslateSid(sourceSD.Group, out securityIdentifier))
{
rawSecurityDescriptor.Group = securityIdentifier;
MrsTracer.Service.Debug("Mapped SD group from {0} to {1}", new object[]
{
sourceSD.Group,
rawSecurityDescriptor.Group
});
}
else if (flag)
{
rawSecurityDescriptor.Group = null;
}
if (sourceSD.DiscretionaryAcl != null)
{
for (int i = sourceSD.DiscretionaryAcl.Count - 1; i >= 0; i--)
{
KnownAce knownAce = sourceSD.DiscretionaryAcl[i] as KnownAce;
if (knownAce == null)
{
if (flag)
{
sourceSD.DiscretionaryAcl.RemoveAce(i);
}
}
else if (this.TryTranslateSid(knownAce.SecurityIdentifier, out securityIdentifier))
{
RawSecurityDescriptor rawSecurityDescriptor2 = new RawSecurityDescriptor("D:");
rawSecurityDescriptor2.DiscretionaryAcl.InsertAce(0, knownAce);
MrsTracer.Service.Debug("Mapped ACE {0} to {1}", new object[]
{
CommonUtils.GetSDDLString(rawSecurityDescriptor2),
securityIdentifier
});
sourceSD.DiscretionaryAcl.RemoveAce(i);
knownAce.SecurityIdentifier = securityIdentifier;
sourceSD.DiscretionaryAcl.InsertAce(i, knownAce);
}
else if (flag)
{
sourceSD.DiscretionaryAcl.RemoveAce(i);
}
}
}
return(rawSecurityDescriptor);
}
