Mapping generic access rights to object specific rights.
Firstly, thank you for the AccessControl namespace in .NET 2.0. This new class will make manipulating security in .NET far easier.
I noticed that when you call the GetAccessControl function from an object, no mapping from generic access rights (eg. GENERIC_READ to FILE_GENERIC_READ) is done.
The resultant access control list therefore returns duplicated ACEs everytime (one which represents the specific right, one which represents the generic right which propagates to children).
For example: calling
{ Microsoft.Win32.RegistryHive Hive = (Microsoft.Win32.RegistryHive) (this.regHiveSelect.SelectedValue); /* =="LocalMachine" */ string ComputerName =this.computerEdit.Text.Trim("//\\".ToCharArray'" href="'file://\\".ToCharArray'">\\".ToCharArray()); /* ==System.Environment.MachineName */ Microsoft.Win32.RegistryKey regKey = Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(Hive, ComputerName); regKey = regKey.OpenSubKey(this.regKeyEdit.Text, true); /* =="SOFTWARE\Microsoft" */ regKey.GetAccessControl(); } |
returns D:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;CCDCLCSWRPSDRC;;;PU)(A;CIIOID;SDGWGR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO).
Notice the first two ACEs which are:
Inherited Allow to KEY_READ to Users
Inherited Allow to GENERIC_READ to Users (CI IO OI)
When displayed to the user, I am expected to remap the generic access rights into specific rights for the object. This will allow the 2 access masks to be combined. However, I don't know of any .NET framework classes that can remap these access rights for the object. I'm looking for a class that maintains a GENERIC_MAPPING structure for registry rights, and calls MapGenericMask to remap the generic rights. Does anyone know how to do this without p/invoke?
