Active Directory ACL Translate

1. using System;
2. using System.Collections.Generic;
3. using System.DirectoryServices;
4. using System.IO;
5. using ActiveDs;
6.  
7. namespace AD_Security
8. {
9.     class Program
10.     {
11.  
12.         #region AccessMask Constants
13.         static uint ADS_RIGHT_GENERIC_READ = 0x80000000;
14.         const int ADS_RIGHT_GENERIC_WRITE = 0x40000000;
15.         const int ADS_RIGHT_GENERIC_EXECUTE = 0x20000000;
16.         const int ADS_RIGHT_GENERIC_ALL = 0x10000000;
17.         const int ADS_RIGHT_SYSTEM_SECURITY = 0x1000000;
18.         const int ADS_RIGHT_SYNCHRONIZE = 0x100000;
19.         const int ADS_RIGHT_WRITE_OWNER = 0x80000;
20.         const int ADS_RIGHT_WRITE_DAC = 0x40000;
21.         const int ADS_RIGHT_READ_CONTROL = 0x20000;
22.         const int ADS_RIGHT_DELETE = 0x10000;
23.         const int ADS_RIGHT_DS_CONTROL_ACCESS = 0x100;
24.         const int ADS_RIGHT_DS_LIST_OBJECT = 0x80;
25.         const int ADS_RIGHT_DS_DELETE_TREE = 0x40;
26.         const int ADS_RIGHT_DS_WRITE_PROP = 0x20;
27.         const int ADS_RIGHT_DS_READ_PROP = 0x10;
28.         const int ADS_RIGHT_DS_SELF = 0x8;
29.         const int ADS_RIGHT_ACTRL_DS_LIST = 0x4;
30.         const int ADS_RIGHT_DS_DELETE_CHILD = 0x2;
31.         const int ADS_RIGHT_DS_CREATE_CHILD = 0x1;
32.         #endregion
33.  
34.         #region AceType Constants
35.         const int ADS_ACETYPE_SYSTEM_ALARM_OBJECT = 0x8;
36.         const int ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = 0x7;
37.         const int ADS_ACETYPE_ACCESS_DENIED_OBJECT = 0x6;
38.         const int ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = 0x5;
39.         const int ADS_ACETYPE_SYSTEM_AUDIT = 0x2;
40.         const int ADS_ACETYPE_ACCESS_DENIED = 0x1;
41.         const int ADS_ACETYPE_ACCESS_ALLOWED = 0x0;
42.         #endregion
43.  
44.         #region AceFlags Constants
45.         const int ADS_ACEFLAG_FAILED_ACCESS = 0x80;
46.         const int ADS_ACEFLAG_SUCCESSFUL_ACCESS = 0x40;
47.         const int ADS_ACEFLAG_VALID_INHERIT_FLAGS = 0x1F;
48.         const int ADS_ACEFLAG_INHERITED_ACE = 0x10;
49.         const int ADS_ACEFLAG_INHERIT_ONLY_ACE = 0x8;
50.         const int ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = 0x4;
51.         const int ADS_ACEFLAG_INHERIT_ACE = 0x2;
52.         #endregion
53.  
54.         #region Security Descriptor Constants
55.         const int ADS_SD_CONTROL_SE_OWNER_DEFAULTED = 0x1;
56.         const int ADS_SD_CONTROL_SE_GROUP_DEFAULTED = 0x2;
57.         const int ADS_SD_CONTROL_SE_DACL_PRESENT = 0x4;
58.         const int ADS_SD_CONTROL_SE_DACL_DEFAULTED = 0x8;
59.         const int ADS_SD_CONTROL_SE_SACL_PRESENT = 0x10;
60.         const int ADS_SD_CONTROL_SE_SACL_DEFAULTED = 0x20;
61.         const int ADS_SD_CONTROL_SE_DACL_AUTO_INHERIT_REQ = 0x100;
62.         const int ADS_SD_CONTROL_SE_SACL_AUTO_INHERIT_REQ = 0x200;
63.         const int ADS_SD_CONTROL_SE_DACL_AUTO_INHERITED = 0x400;
64.         const int ADS_SD_CONTROL_SE_SACL_AUTO_INHERITED = 0x800;
65.         const int ADS_SD_CONTROL_SE_DACL_PROTECTED = 0x1000;
66.         const int ADS_SD_CONTROL_SE_SACL_PROTECTED = 0x2000;
67.         #endregion
68.  
69.         #region Flags Constants
70.         const int ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = 0x2;
71.         const int ADS_FLAG_OBJECT_TYPE_PRESENT = 0x1;
72.         #endregion
73.  
74.         static void Main(string[] args)
75.         {
76.             DirectoryEntry root = new DirectoryEntry();
77.  
78.             IADsSecurityDescriptor sd = (ActiveDs.IADsSecurityDescriptor)root.Properties["ntSecurityDescriptor"].Value;
79.             IADsAccessControlList acl = (ActiveDs.IADsAccessControlList)sd.DiscretionaryAcl;
80.             foreach (IADsAccessControlEntry ace in acl)
81.             {
82.                 Log("------------------------------------------------------------");
83.                 Log("------------------------------------------------------------");
84.                 Log("Trustee: " + ace.Trustee);
85.                 Log("Type: " + TranslateAceType(ace.AceType));
86.                 Log("------------------------------------------------------------");
87.                 foreach (string flag in TranslateAceFlags(ace.AceFlags))
88.                 {
89.                     Log(flag);
90.                 }
91.                 Log("------------------------------------------------------------");
92.                 foreach (string permission in TranslateMask(ace.AccessMask))
93.                 {
94.                     Log(permission);
95.                 }
96.                 Log("------------------------------------------------------------");
97.                 Log("------------------------------------------------------------");
98.  
99.             }
100.  
101.             Console.Read();
102.         }
103.  
104.         static string TranslateAceType(int type)
105.         {
106.             switch (type)
107.             {
108.                 case ADS_ACETYPE_SYSTEM_ALARM_OBJECT:
109.                     return "ADS_ACETYPE_SYSTEM_ALARM_OBJECT";
110.                 case ADS_ACETYPE_SYSTEM_AUDIT_OBJECT:
111.                     return "ADS_ACETYPE_SYSTEM_AUDIT_OBJECT";
112.                 case ADS_ACETYPE_ACCESS_DENIED_OBJECT:
113.                     return "ADS_ACETYPE_ACCESS_DENIED_OBJECT";
114.                 case ADS_ACETYPE_ACCESS_ALLOWED_OBJECT:
115.                     return "ADS_ACETYPE_ACCESS_ALLOWED_OBJECT";
116.                 case ADS_ACETYPE_SYSTEM_AUDIT:
117.                     return "ADS_ACETYPE_SYSTEM_AUDIT";
118.                 case ADS_ACETYPE_ACCESS_DENIED:
119.                     return "ADS_ACETYPE_ACCESS_DENIED";
120.                 case ADS_ACETYPE_ACCESS_ALLOWED:
121.                     return "ADS_ACETYPE_ACCESS_ALLOWED";
122.                 default:
123.                     return "Unknown Type: " + type.ToString();
124.             }
125.         }
126.  
127.         static List<string> TranslateAceFlags(int flags)
128.         {
129.             List<string> permissions = new List<string>();
130.             if ((flags & ADS_ACEFLAG_FAILED_ACCESS) != 0) permissions.Add("ADS_ACEFLAG_FAILED_ACCESS");
131.             if ((flags & ADS_ACEFLAG_SUCCESSFUL_ACCESS) != 0) permissions.Add("ADS_ACEFLAG_SUCCESSFUL_ACCESS");
132.             if ((flags & ADS_ACEFLAG_VALID_INHERIT_FLAGS) != 0) permissions.Add("ADS_ACEFLAG_VALID_INHERIT_FLAGS");
133.             if ((flags & ADS_ACEFLAG_INHERITED_ACE) != 0) permissions.Add("ADS_ACEFLAG_INHERITED_ACE");
134.             if ((flags & ADS_ACEFLAG_INHERIT_ONLY_ACE) != 0) permissions.Add("ADS_ACEFLAG_INHERIT_ONLY_ACE");
135.             if ((flags & ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE) != 0) permissions.Add("ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE");
136.             if ((flags & ADS_ACEFLAG_INHERIT_ACE) != 0) permissions.Add("ADS_ACEFLAG_INHERIT_ACE");
137.             return permissions;
138.         }
139.  
140.         static List<string> TranslateMask(int mask)
141.         {
142.             List<string> permissions = new List<string>();
143.             if ((mask & ADS_RIGHT_GENERIC_READ) != 0) permissions.Add("ADS_RIGHT_GENERIC_READ");
144.             if ((mask & ADS_RIGHT_GENERIC_WRITE) != 0) permissions.Add("ADS_RIGHT_GENERIC_WRITE");
145.             if ((mask & ADS_RIGHT_GENERIC_EXECUTE) != 0) permissions.Add("ADS_RIGHT_GENERIC_EXECUTE");
146.             if ((mask & ADS_RIGHT_GENERIC_ALL) != 0) permissions.Add("ADS_RIGHT_GENERIC_ALL");
147.             if ((mask & ADS_RIGHT_SYSTEM_SECURITY) != 0) permissions.Add("ADS_RIGHT_SYSTEM_SECURITY");
148.             if ((mask & ADS_RIGHT_SYNCHRONIZE) != 0) permissions.Add("ADS_RIGHT_SYNCHRONIZE");
149.             if ((mask & ADS_RIGHT_WRITE_OWNER) != 0) permissions.Add("ADS_RIGHT_WRITE_OWNER");
150.             if ((mask & ADS_RIGHT_WRITE_DAC) != 0) permissions.Add("ADS_RIGHT_WRITE_DAC");
151.             if ((mask & ADS_RIGHT_READ_CONTROL) != 0) permissions.Add("ADS_RIGHT_READ_CONTROL");
152.             if ((mask & ADS_RIGHT_DELETE) != 0) permissions.Add("ADS_RIGHT_DELETE");
153.             if ((mask & ADS_RIGHT_DS_CONTROL_ACCESS) != 0) permissions.Add("ADS_RIGHT_DS_CONTROL_ACCESS");
154.             if ((mask & ADS_RIGHT_DS_LIST_OBJECT) != 0) permissions.Add("ADS_RIGHT_DS_LIST_OBJECT");
155.             if ((mask & ADS_RIGHT_DS_DELETE_TREE) != 0) permissions.Add("ADS_RIGHT_DS_DELETE_TREE");
156.             if ((mask & ADS_RIGHT_DS_WRITE_PROP) != 0) permissions.Add("ADS_RIGHT_DS_WRITE_PROP");
157.             if ((mask & ADS_RIGHT_DS_READ_PROP) != 0) permissions.Add("ADS_RIGHT_DS_READ_PROP");
158.             if ((mask & ADS_RIGHT_DS_SELF) != 0) permissions.Add("ADS_RIGHT_DS_SELF");
159.             if ((mask & ADS_RIGHT_ACTRL_DS_LIST) != 0) permissions.Add("ADS_RIGHT_ACTRL_DS_LIST");
160.             if ((mask & ADS_RIGHT_DS_DELETE_CHILD) != 0) permissions.Add("ADS_RIGHT_DS_DELETE_CHILD");
161.             if ((mask & ADS_RIGHT_DS_CREATE_CHILD) != 0) permissions.Add("ADS_RIGHT_DS_CREATE_CHILD");
162.             return permissions;
163.         }
164.  
165.         static void Log(string note)
166.         {
167.             Console.WriteLine(note);
168.             using (StreamWriter sw = new StreamWriter("c:\\ACLs.txt",true))
169.             {
170.                 sw.WriteLine(note);
171.             }
172.         }
173.     }
174. }