add WriteAltSecurityIdentities and WritePublicInformation

Author: JonasBK

src/CommonLib/Enums/EdgeNames.cs

@@ -22,6 +22,8 @@ public static class EdgeNames
         public const string SQLAdmin = "SQLAdmin";
         public const string WriteAccountRestrictions = "WriteAccountRestrictions";
         public const string WriteGPLink = "WriteGPLink";
+        public const string WriteAltSecurityIdentities = "WriteAltSecurityIdentities";
+        public const string WritePublicInformation = "WritePublicInformation";
 
         //CertAbuse edges
         public const string WritePKIEnrollmentFlag = "WritePKIEnrollmentFlag";

src/CommonLib/Processors/ACEGuids.cs

@@ -14,7 +14,8 @@ public class ACEGuids
         public const string UserAccountRestrictions = "4c164200-20c0-11d0-a768-00aa006e0529";
         public const string WriteGPLink = "f30e3bbe-9ff0-11d1-b603-0000f80367c1";
         public const string WriteTitle = "bf967a55-0de6-11d0-a285-00aa003049e2"; // Not an edge, just used for testing
-
+        public const string WriteAltSecurityIdentities = "00fbf30c-91fe-11d1-aebc-0000f80367c1";
+        public const string WritePublicInformation = "e48d0154-bcf8-11d1-8702-00c04fb96050";
 
         //Cert abuse ACEs
         public const string PKINameFlag = "ea1dddc4-60ff-416e-8cc0-17cee534bce7";

src/CommonLib/Processors/ACLProcessor.cs

@@ -806,9 +806,32 @@ or Label.NTAuthStore
                             IsPermissionForOwnerRightsSid = isPermissionForOwnerRightsSid,
                             IsInheritedPermissionForOwnerRightsSid = isInheritedPermissionForOwnerRightsSid,
                         };
-                    else if (objectType is Label.CertTemplate) {
-                        if (aceType == ACEGuids.PKIEnrollmentFlag)
+                        else if (objectType is Label.User or Label.Computer && aceType == ACEGuids.WriteAltSecurityIdentities)
                             yield return new ACE {
+                                PrincipalType = resolvedPrincipal.ObjectType,
+                                PrincipalSID = resolvedPrincipal.ObjectIdentifier,
+                                IsInherited = inherited,
+                                RightName = EdgeNames.WriteAltSecurityIdentities,
+                                InheritanceHash = aceInheritanceHash,
+                                IsPermissionForOwnerRightsSid = isPermissionForOwnerRightsSid,
+                                IsInheritedPermissionForOwnerRightsSid = isInheritedPermissionForOwnerRightsSid,
+                            };
+                        else if (objectType is Label.User or Label.Computer && aceType == ACEGuids.WritePublicInformation)
+                        yield return new ACE
+                        {
+                            PrincipalType = resolvedPrincipal.ObjectType,
+                            PrincipalSID = resolvedPrincipal.ObjectIdentifier,
+                            IsInherited = inherited,
+                            RightName = EdgeNames.WritePublicInformation,
+                            InheritanceHash = aceInheritanceHash,
+                            IsPermissionForOwnerRightsSid = isPermissionForOwnerRightsSid,
+                            IsInheritedPermissionForOwnerRightsSid = isInheritedPermissionForOwnerRightsSid,
+                        };
+                    else if (objectType is Label.CertTemplate)
+                    {
+                        if (aceType == ACEGuids.PKIEnrollmentFlag)
+                            yield return new ACE
+                            {
                                 PrincipalType = resolvedPrincipal.ObjectType,
                                 PrincipalSID = resolvedPrincipal.ObjectIdentifier,
                                 IsInherited = inherited,
@@ -818,7 +841,8 @@ or Label.NTAuthStore
                                 IsInheritedPermissionForOwnerRightsSid = isInheritedPermissionForOwnerRightsSid,
                             };
                         else if (aceType == ACEGuids.PKINameFlag)
-                            yield return new ACE {
+                            yield return new ACE
+                            {
                                 PrincipalType = resolvedPrincipal.ObjectType,
                                 PrincipalSID = resolvedPrincipal.ObjectIdentifier,
                                 IsInherited = inherited,