Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.DirectoryServices;
- using System.IO;
- using ActiveDs;
- namespace AD_Security
- {
- class Program
- {
- #region AccessMask Constants
- static uint ADS_RIGHT_GENERIC_READ = 0x80000000;
- const int ADS_RIGHT_GENERIC_WRITE = 0x40000000;
- const int ADS_RIGHT_GENERIC_EXECUTE = 0x20000000;
- const int ADS_RIGHT_GENERIC_ALL = 0x10000000;
- const int ADS_RIGHT_SYSTEM_SECURITY = 0x1000000;
- const int ADS_RIGHT_SYNCHRONIZE = 0x100000;
- const int ADS_RIGHT_WRITE_OWNER = 0x80000;
- const int ADS_RIGHT_WRITE_DAC = 0x40000;
- const int ADS_RIGHT_READ_CONTROL = 0x20000;
- const int ADS_RIGHT_DELETE = 0x10000;
- const int ADS_RIGHT_DS_CONTROL_ACCESS = 0x100;
- const int ADS_RIGHT_DS_LIST_OBJECT = 0x80;
- const int ADS_RIGHT_DS_DELETE_TREE = 0x40;
- const int ADS_RIGHT_DS_WRITE_PROP = 0x20;
- const int ADS_RIGHT_DS_READ_PROP = 0x10;
- const int ADS_RIGHT_DS_SELF = 0x8;
- const int ADS_RIGHT_ACTRL_DS_LIST = 0x4;
- const int ADS_RIGHT_DS_DELETE_CHILD = 0x2;
- const int ADS_RIGHT_DS_CREATE_CHILD = 0x1;
- #endregion
- #region AceType Constants
- const int ADS_ACETYPE_SYSTEM_ALARM_OBJECT = 0x8;
- const int ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = 0x7;
- const int ADS_ACETYPE_ACCESS_DENIED_OBJECT = 0x6;
- const int ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = 0x5;
- const int ADS_ACETYPE_SYSTEM_AUDIT = 0x2;
- const int ADS_ACETYPE_ACCESS_DENIED = 0x1;
- const int ADS_ACETYPE_ACCESS_ALLOWED = 0x0;
- #endregion
- #region AceFlags Constants
- const int ADS_ACEFLAG_FAILED_ACCESS = 0x80;
- const int ADS_ACEFLAG_SUCCESSFUL_ACCESS = 0x40;
- const int ADS_ACEFLAG_VALID_INHERIT_FLAGS = 0x1F;
- const int ADS_ACEFLAG_INHERITED_ACE = 0x10;
- const int ADS_ACEFLAG_INHERIT_ONLY_ACE = 0x8;
- const int ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = 0x4;
- const int ADS_ACEFLAG_INHERIT_ACE = 0x2;
- #endregion
- #region Security Descriptor Constants
- const int ADS_SD_CONTROL_SE_OWNER_DEFAULTED = 0x1;
- const int ADS_SD_CONTROL_SE_GROUP_DEFAULTED = 0x2;
- const int ADS_SD_CONTROL_SE_DACL_PRESENT = 0x4;
- const int ADS_SD_CONTROL_SE_DACL_DEFAULTED = 0x8;
- const int ADS_SD_CONTROL_SE_SACL_PRESENT = 0x10;
- const int ADS_SD_CONTROL_SE_SACL_DEFAULTED = 0x20;
- const int ADS_SD_CONTROL_SE_DACL_AUTO_INHERIT_REQ = 0x100;
- const int ADS_SD_CONTROL_SE_SACL_AUTO_INHERIT_REQ = 0x200;
- const int ADS_SD_CONTROL_SE_DACL_AUTO_INHERITED = 0x400;
- const int ADS_SD_CONTROL_SE_SACL_AUTO_INHERITED = 0x800;
- const int ADS_SD_CONTROL_SE_DACL_PROTECTED = 0x1000;
- const int ADS_SD_CONTROL_SE_SACL_PROTECTED = 0x2000;
- #endregion
- #region Flags Constants
- const int ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = 0x2;
- const int ADS_FLAG_OBJECT_TYPE_PRESENT = 0x1;
- #endregion
- static void Main(string[] args)
- {
- DirectoryEntry root = new DirectoryEntry();
- IADsSecurityDescriptor sd = (ActiveDs.IADsSecurityDescriptor)root.Properties["ntSecurityDescriptor"].Value;
- IADsAccessControlList acl = (ActiveDs.IADsAccessControlList)sd.DiscretionaryAcl;
- foreach (IADsAccessControlEntry ace in acl)
- {
- Log("------------------------------------------------------------");
- Log("------------------------------------------------------------");
- Log("Trustee: " + ace.Trustee);
- Log("Type: " + TranslateAceType(ace.AceType));
- Log("------------------------------------------------------------");
- foreach (string flag in TranslateAceFlags(ace.AceFlags))
- {
- Log(flag);
- }
- Log("------------------------------------------------------------");
- foreach (string permission in TranslateMask(ace.AccessMask))
- {
- Log(permission);
- }
- Log("------------------------------------------------------------");
- Log("------------------------------------------------------------");
- }
- Console.Read();
- }
- static string TranslateAceType(int type)
- {
- switch (type)
- {
- case ADS_ACETYPE_SYSTEM_ALARM_OBJECT:
- return "ADS_ACETYPE_SYSTEM_ALARM_OBJECT";
- case ADS_ACETYPE_SYSTEM_AUDIT_OBJECT:
- return "ADS_ACETYPE_SYSTEM_AUDIT_OBJECT";
- case ADS_ACETYPE_ACCESS_DENIED_OBJECT:
- return "ADS_ACETYPE_ACCESS_DENIED_OBJECT";
- case ADS_ACETYPE_ACCESS_ALLOWED_OBJECT:
- return "ADS_ACETYPE_ACCESS_ALLOWED_OBJECT";
- case ADS_ACETYPE_SYSTEM_AUDIT:
- return "ADS_ACETYPE_SYSTEM_AUDIT";
- case ADS_ACETYPE_ACCESS_DENIED:
- return "ADS_ACETYPE_ACCESS_DENIED";
- case ADS_ACETYPE_ACCESS_ALLOWED:
- return "ADS_ACETYPE_ACCESS_ALLOWED";
- default:
- return "Unknown Type: " + type.ToString();
- }
- }
- static List<string> TranslateAceFlags(int flags)
- {
- List<string> permissions = new List<string>();
- if ((flags & ADS_ACEFLAG_FAILED_ACCESS) != 0) permissions.Add("ADS_ACEFLAG_FAILED_ACCESS");
- if ((flags & ADS_ACEFLAG_SUCCESSFUL_ACCESS) != 0) permissions.Add("ADS_ACEFLAG_SUCCESSFUL_ACCESS");
- if ((flags & ADS_ACEFLAG_VALID_INHERIT_FLAGS) != 0) permissions.Add("ADS_ACEFLAG_VALID_INHERIT_FLAGS");
- if ((flags & ADS_ACEFLAG_INHERITED_ACE) != 0) permissions.Add("ADS_ACEFLAG_INHERITED_ACE");
- if ((flags & ADS_ACEFLAG_INHERIT_ONLY_ACE) != 0) permissions.Add("ADS_ACEFLAG_INHERIT_ONLY_ACE");
- if ((flags & ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE) != 0) permissions.Add("ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE");
- if ((flags & ADS_ACEFLAG_INHERIT_ACE) != 0) permissions.Add("ADS_ACEFLAG_INHERIT_ACE");
- return permissions;
- }
- static List<string> TranslateMask(int mask)
- {
- List<string> permissions = new List<string>();
- if ((mask & ADS_RIGHT_GENERIC_READ) != 0) permissions.Add("ADS_RIGHT_GENERIC_READ");
- if ((mask & ADS_RIGHT_GENERIC_WRITE) != 0) permissions.Add("ADS_RIGHT_GENERIC_WRITE");
- if ((mask & ADS_RIGHT_GENERIC_EXECUTE) != 0) permissions.Add("ADS_RIGHT_GENERIC_EXECUTE");
- if ((mask & ADS_RIGHT_GENERIC_ALL) != 0) permissions.Add("ADS_RIGHT_GENERIC_ALL");
- if ((mask & ADS_RIGHT_SYSTEM_SECURITY) != 0) permissions.Add("ADS_RIGHT_SYSTEM_SECURITY");
- if ((mask & ADS_RIGHT_SYNCHRONIZE) != 0) permissions.Add("ADS_RIGHT_SYNCHRONIZE");
- if ((mask & ADS_RIGHT_WRITE_OWNER) != 0) permissions.Add("ADS_RIGHT_WRITE_OWNER");
- if ((mask & ADS_RIGHT_WRITE_DAC) != 0) permissions.Add("ADS_RIGHT_WRITE_DAC");
- if ((mask & ADS_RIGHT_READ_CONTROL) != 0) permissions.Add("ADS_RIGHT_READ_CONTROL");
- if ((mask & ADS_RIGHT_DELETE) != 0) permissions.Add("ADS_RIGHT_DELETE");
- if ((mask & ADS_RIGHT_DS_CONTROL_ACCESS) != 0) permissions.Add("ADS_RIGHT_DS_CONTROL_ACCESS");
- if ((mask & ADS_RIGHT_DS_LIST_OBJECT) != 0) permissions.Add("ADS_RIGHT_DS_LIST_OBJECT");
- if ((mask & ADS_RIGHT_DS_DELETE_TREE) != 0) permissions.Add("ADS_RIGHT_DS_DELETE_TREE");
- if ((mask & ADS_RIGHT_DS_WRITE_PROP) != 0) permissions.Add("ADS_RIGHT_DS_WRITE_PROP");
- if ((mask & ADS_RIGHT_DS_READ_PROP) != 0) permissions.Add("ADS_RIGHT_DS_READ_PROP");
- if ((mask & ADS_RIGHT_DS_SELF) != 0) permissions.Add("ADS_RIGHT_DS_SELF");
- if ((mask & ADS_RIGHT_ACTRL_DS_LIST) != 0) permissions.Add("ADS_RIGHT_ACTRL_DS_LIST");
- if ((mask & ADS_RIGHT_DS_DELETE_CHILD) != 0) permissions.Add("ADS_RIGHT_DS_DELETE_CHILD");
- if ((mask & ADS_RIGHT_DS_CREATE_CHILD) != 0) permissions.Add("ADS_RIGHT_DS_CREATE_CHILD");
- return permissions;
- }
- static void Log(string note)
- {
- Console.WriteLine(note);
- using (StreamWriter sw = new StreamWriter("c:\\ACLs.txt",true))
- {
- sw.WriteLine(note);
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement