Added object and inherited columns.

Author: James Forshaw

NtApiDotNet/Acl.cs

@@ -15,6 +15,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Linq;
 using System.Runtime.InteropServices;
 
 namespace NtApiDotNet
@@ -91,7 +92,7 @@ public Acl(IEnumerable<Ace> aces) : this(aces, false)
         public Acl(string sddl)
         {
             SecurityDescriptor sd = new SecurityDescriptor(sddl);
-            Acl acl = sd.Dacl ?? sd.Sacl 
+            Acl acl = sd.Dacl ?? sd.Sacl
                 ?? throw new ArgumentException("Must specify a DACL or a SACL", "sddl");
             Defaulted = acl.Defaulted;
             NullAcl = acl.NullAcl;
@@ -322,20 +323,12 @@ public Acl Canonicalize()
         /// <summary>
         /// Indicates the ACL has at least one conditional ACE.
         /// </summary>
-        public bool HasConditionalAce
-        {
-            get
-            {
-                foreach (var ace in this)
-                {
-                    if (ace.IsConditionalAce)
-                    {
-                        return true;
-                    }
-                }
-                return false;
-            }
-        }
+        public bool HasConditionalAce => this.Any(ace => ace.IsConditionalAce);
+
+        /// <summary>
+        /// Indicates the ACL has at least one object ACE.
+        /// </summary>
+        public bool HasObjectAce => this.Any(ace => ace.IsObjectAce);
         #endregion
 
         #region Private Members

NtApiDotNet/Forms/AclViewerControl.Designer.cs

@@ -75,12 +75,45 @@ public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask
             _valid_access = valid_access;
             _is_container = is_container;
 
-            if (!acl.HasConditionalAce)
+            bool has_conditional_ace = false;
+            bool has_inherited_object_ace = false;
+            bool has_object_ace = false;
+
+            foreach (var ace in acl)
+            {
+                if (ace.IsConditionalAce)
+                {
+                    has_conditional_ace = true;
+                }
+                if (ace.IsObjectAce)
+                {
+                    if (ace.ObjectType.HasValue)
+                    {
+                        has_object_ace = true;
+                    }
+                    if (ace.InheritedObjectType.HasValue)
+                    {
+                        has_inherited_object_ace = true;
+                    }
+                }
+            }
+
+            if (!has_conditional_ace)
             {
                 listViewAcl.Columns.Remove(columnHeaderCondition);
                 copyConditionToolStripMenuItem.Visible = false;
             }
 
+            if (!has_object_ace)
+            {
+                listViewAcl.Columns.Remove(columnHeaderObject);
+            }
+
+            if (!has_inherited_object_ace)
+            {
+                listViewAcl.Columns.Remove(columnHeaderInheritedObject);
+            }
+
             foreach (var ace in acl)
             {
                 var item = listViewAcl.Items.Add(ace.Type.ToString());
@@ -99,11 +132,21 @@ public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask
 
                 item.SubItems.Add(access);
                 item.SubItems.Add(ace.Flags.ToString());
-                if (ace.IsConditionalAce)
+                if (has_conditional_ace)
                 {
                     item.SubItems.Add(ace.Condition);
                 }
 
+                if (has_object_ace)
+                {
+                    item.SubItems.Add(ace.ObjectType?.ToString() ?? string.Empty);
+                }
+
+                if (has_inherited_object_ace)
+                {
+                    item.SubItems.Add(ace.InheritedObjectType?.ToString() ?? string.Empty);
+                }
+
                 item.Tag = ace;
 
                 switch (ace.Type)