protected override bool ModifyAccess(AccessControlModification modification,
AccessRule rule, out bool modified)
{
modify_access_called = true;
modify_access_called_count++;
return(base.ModifyAccess(modification, rule, out modified));
}
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
if (!this.AuditRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException(
Environment.GetResourceString("AccessControl_InvalidAuditRuleType"),
"rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
return(ModifyAudit(modification, rule, out modified));
}
finally
{
WriteUnlock();
}
}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
if (!this.AccessRuleType.GetTypeInfo().IsAssignableFrom(rule.GetType().GetTypeInfo()))
{
throw new ArgumentException(
SR.AccessControl_InvalidAccessRuleType,
"rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
return(ModifyAccess(modification, rule, out modified));
}
finally
{
WriteUnlock();
}
}
public override bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (!this.DaclRetrieved())
{
throw new InvalidOperationException(Res.GetString("CannotModifyDacl"));
}
return base.ModifyAccessRule(modification, rule, out modified);
}
public override bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
{
if (!this.SaclRetrieved())
{
throw new InvalidOperationException(Res.GetString("CannotModifySacl"));
}
return(base.ModifyAuditRule(modification, rule, out modified));
}
public virtual new bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
Contract.Requires(this.AccessRuleType != null);
modified = default(bool);
return default(bool);
}
/// <summary>将指定修改应用于与此 <see cref="T:System.Security.AccessControl.DirectoryObjectSecurity" /> 对象关联的系统访问控制列表 (SACL)。</summary>
/// <returns>如果成功修改了 SACL,则为 true;否则为 false。</returns>
/// <param name="modification">要应用于 SACL 的修改。</param>
/// <param name="rule">要修改的审核规则。</param>
/// <param name="modified">如果成功修改了 SACL,则为 true;否则为 false。</param>
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
if (!this.AuditRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAuditRuleType"), "rule");
}
return(this.ModifyAudit(modification, rule as ObjectAuditRule, out modified));
}
public virtual new bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
{
Contract.Requires(this.AuditRuleType != null);
modified = default(bool);
return(default(bool));
}
public static bool SetFolderACL(String FolderPath, String UserName, FileSystemRights Rights, AccessControlType AllowOrDeny, InheritanceFlags Inherits, PropagationFlags PropagateToChildren, AccessControlModification AddResetOrRemove)
{
bool ret;
DirectoryInfo folder = new DirectoryInfo(FolderPath);
DirectorySecurity dSecurity = folder.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule accRule = new FileSystemAccessRule(UserName, Rights, Inherits, PropagateToChildren, AllowOrDeny); dSecurity.ModifyAccessRule(AddResetOrRemove, accRule, out ret);
folder.SetAccessControl(dSecurity);
return ret;
}
public override bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (!DaclRetrieved())
{
throw new InvalidOperationException(SR.CannotModifyDacl);
}
return(base.ModifyAccessRule(modification, rule, out modified));
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (!this.AccessRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException(
Environment.GetResourceString("AccessControl_InvalidAccessRuleType"),
"rule");
}
Contract.EndContractBlock();
return(ModifyAccess(modification, rule as ObjectAccessRule, out modified));
}
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
//if (this.AccessRuleType.IsAssignableFrom(rule.GetType().GetTypeInfo()))
////if (!TypeExtensions.IsAssignableFrom(this.AuditRuleType, rule.GetType()))
//{
// throw new ArgumentException(
// SR.AccessControl_InvalidAuditRuleType,
// "rule");
//}
return(ModifyAudit(modification, rule as ObjectAuditRule, out modified));
}
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
if (!AuditRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException("rule");
}
return(ModifyAudit(modification, rule, out modified));
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
foreach (AccessRule r in access_rules)
{
if (rule != r)
{
continue;
}
switch (modification)
{
case AccessControlModification.Add:
AddAccessRule(rule);
break;
case AccessControlModification.Set:
SetAccessRule(rule);
break;
case AccessControlModification.Reset:
ResetAccessRule(rule);
break;
case AccessControlModification.Remove:
RemoveAccessRule(rule);
break;
case AccessControlModification.RemoveAll:
RemoveAccessRuleAll(rule);
break;
case AccessControlModification.RemoveSpecific:
RemoveAccessRuleSpecific(rule);
break;
}
modified = true;
return(true);
}
modified = false;
return(false);
}
/// <summary>Applies the specified modification to the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.</summary>
/// <returns>true if the DACL is successfully modified; otherwise, false.</returns>
/// <param name="modification">The modification to apply to the DACL.</param>
/// <param name="rule">The access rule to modify.</param>
/// <param name="modified">true if the DACL is successfully modified; otherwise, false.</param>
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
foreach (AccessRule accessRule in this.access_rules)
{
if (rule == accessRule)
{
switch (modification)
{
case AccessControlModification.Add:
this.AddAccessRule(rule);
break;
case AccessControlModification.Set:
this.SetAccessRule(rule);
break;
case AccessControlModification.Reset:
this.ResetAccessRule(rule);
break;
case AccessControlModification.Remove:
this.RemoveAccessRule(rule);
break;
case AccessControlModification.RemoveAll:
this.RemoveAccessRuleAll(rule);
break;
case AccessControlModification.RemoveSpecific:
this.RemoveAccessRuleSpecific(rule);
break;
}
modified = true;
return(true);
}
}
modified = false;
return(false);
}
/// <summary>Applies the specified modification to the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.</summary>
/// <param name="modification">The modification to apply to the DACL.</param>
/// <param name="rule">The access rule to modify.</param>
/// <param name="modified">
/// <see langword="true" /> if the DACL is successfully modified; otherwise, <see langword="false" />.</param>
/// <returns>
/// <see langword="true" /> if the DACL is successfully modified; otherwise, <see langword="false" />.</returns>
// Token: 0x06001FB8 RID: 8120 RVA: 0x0006EBB0 File Offset: 0x0006CDB0
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
if (!this.AccessRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule");
}
this.WriteLock();
bool result;
try
{
result = this.ModifyAccess(modification, rule, out modified);
}
finally
{
this.WriteUnlock();
}
return(result);
}
public override bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
{
if (this.SaclRetrieved())
{
return base.ModifyAuditRule(modification, rule, out modified);
}
else
{
throw new InvalidOperationException("CannotModifySacl");
}
}
public override bool ModifyAccessRule (AccessControlModification modification, AccessRule rule, out bool modified)
{
throw new NotImplementedException ();
}
protected override bool ModifyAudit(AccessControlModification modification,
AuditRule rule, out bool modified)
{
modified = false; return(modified);
}
//
// Modifies the DACL
//
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool result = true;
if ( _securityDescriptor.DiscretionaryAcl == null )
{
if ( modification == AccessControlModification.Remove ||
modification == AccessControlModification.RemoveAll ||
modification == AccessControlModification.RemoveSpecific )
{
modified = false;
return result;
}
_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl( IsContainer, IsDS, GenericAcl.AclRevision, 1 );
_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
}
SecurityIdentifier sid = rule.IdentityReference.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier;
if ( rule.AccessControlType == AccessControlType.Allow )
{
switch ( modification )
{
case AccessControlModification.Add:
_securityDescriptor.DiscretionaryAcl.AddAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Set:
_securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Reset:
_securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
_securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Remove:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
if ( result == false )
{
Contract.Assert( false, "Invalid operation" );
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific:
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
default :
throw new ArgumentOutOfRangeException(
"modification",
Environment.GetResourceString( "ArgumentOutOfRange_Enum" ));
}
}
else if ( rule.AccessControlType == AccessControlType.Deny )
{
switch ( modification )
{
case AccessControlModification.Add :
_securityDescriptor.DiscretionaryAcl.AddAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Set :
_securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Reset :
_securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
_securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Remove :
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.RemoveAll :
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
if ( result == false )
{
Contract.Assert( false, "Invalid operation" );
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific :
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
default :
throw new ArgumentOutOfRangeException(
"modification",
Environment.GetResourceString( "ArgumentOutOfRange_Enum" ));
}
}
else
{
Contract.Assert( false, "rule.AccessControlType unrecognized" );
throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)rule.AccessControlType), "rule.AccessControlType" );
}
modified = result;
AccessRulesModified |= modified;
return result;
}
finally
{
WriteUnlock();
}
}
//
// Modifies the DACL
//
private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified)
{
bool result = true;
if (_securityDescriptor.DiscretionaryAcl == null)
{
if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return result;
}
_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1);
_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
}
else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset ) &&
( rule.ObjectFlags != ObjectAceFlags.None ))
{
//
// This will result in an object ace being added to the dacl, so the dacl revision must be AclRevisionDS
//
if ( _securityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS )
{
//
// we need to create a new dacl with the same aces as the existing one but the revision should be AclRevisionDS
//
byte[] binaryForm = new byte[_securityDescriptor.DiscretionaryAcl.BinaryLength];
_securityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form
_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0));
}
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier )) as SecurityIdentifier;
if (rule.AccessControlType == AccessControlType.Allow)
{
switch (modification)
{
case AccessControlModification.Add :
_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Set :
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Reset :
_securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Remove :
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.RemoveAll :
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
Contract.Assert(false, "Invalid operation");
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific :
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
default :
throw new ArgumentOutOfRangeException(
"modification",
Environment.GetResourceString( "ArgumentOutOfRange_Enum" ));
}
}
else if (rule.AccessControlType == AccessControlType.Deny)
{
switch (modification)
{
case AccessControlModification.Add :
_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Set :
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Reset :
_securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Remove :
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.RemoveAll :
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
Contract.Assert(false, "Invalid operation");
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific :
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
default :
throw new ArgumentOutOfRangeException(
"modification",
Environment.GetResourceString( "ArgumentOutOfRange_Enum" ));
}
}
else
{
Contract.Assert(false, "rule.AccessControlType unrecognized");
throw new SystemException();
}
modified = result;
AccessRulesModified |= modified;
return result;
}
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule ruleout, System.Boolean& modified)
{
}
/// <summary>
/// This member is not implemented.
/// </summary>
/// <param name="modification">
/// The modification to apply to the SACL.
/// </param>
/// <param name="rule">
/// The audit rule to modify.
/// </param>
/// <param name="modified">
/// <strong>True</strong> if the SACL is successfully modified; otherwise, <strong>False</strong>.
/// </param>
/// <exception cref="NotSupportedException">The exception is thrown when the method is invoked.</exception>
/// <returns>This method always throws exception.</returns>
/// <remarks>This member is not implemented.</remarks>
public override bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out Boolean modified)
{
throw new NotSupportedException("Audit rules are not supported for this object");
}
//
// Modifies the SACL
//
private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified)
{
bool result = true;
if (SecurityDescriptor.SystemAcl == null)
{
if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return(result);
}
//_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1);
//_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent);
SecurityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1);
}
else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) &&
(rule.ObjectFlags != ObjectAceFlags.None))
{
//
// This will result in an object ace being added to the sacl, so the sacl revision must be AclRevisionDS
//
if (SecurityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS)
{
//
// we need to create a new sacl with the same aces as the existing one but the revision should be AclRevisionDS
//
byte[] binaryForm = new byte[SecurityDescriptor.SystemAcl.BinaryLength];
SecurityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form
SecurityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0));
}
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
switch (modification)
{
case AccessControlModification.Add:
//_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.SystemAcl.AddAudit(sid, rule);
break;
case AccessControlModification.Set:
//_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.SystemAcl.SetAudit(sid, rule);
break;
case AccessControlModification.Reset:
SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
//_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.SystemAcl.SetAudit(sid, rule);
break;
case AccessControlModification.Remove:
//result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
result = SecurityDescriptor.SystemAcl.RemoveAudit(sid, rule);
break;
case AccessControlModification.RemoveAll:
result = SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
throw new InvalidOperationException(SR.InvalidOperation_RemoveFail);
}
break;
case AccessControlModification.RemoveSpecific:
//_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule);
break;
default:
throw new ArgumentOutOfRangeException(
nameof(modification),
SR.ArgumentOutOfRange_Enum);
}
modified = result;
AuditRulesModified |= modified;
return(result);
}
protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified)
{
foreach (AccessRule r in access_rules) {
if (rule != r)
continue;
switch (modification) {
case AccessControlModification.Add:
AddAccessRule (rule);
break;
case AccessControlModification.Set:
SetAccessRule (rule);
break;
case AccessControlModification.Reset:
ResetAccessRule (rule);
break;
case AccessControlModification.Remove:
RemoveAccessRule (rule);
break;
case AccessControlModification.RemoveAll:
RemoveAccessRuleAll (rule);
break;
case AccessControlModification.RemoveSpecific:
RemoveAccessRuleSpecific (rule);
break;
}
modified = true;
return true;
}
modified = false;
return false;
}
protected override bool ModifyAccess (AccessControlModification modification,
AccessRule rule, out bool modified)
{
modify_access_called = true;
modified = true; return modified;
}
protected override bool ModifyAudit (AccessControlModification modification,
AuditRule rule, out bool modified)
{
modified = false; return modified;
}
private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified)
{
bool flag = true;
if (base._securityDescriptor.SystemAcl == null)
{
if (((modification == AccessControlModification.Remove) || (modification == AccessControlModification.RemoveAll)) || (modification == AccessControlModification.RemoveSpecific))
{
modified = false;
return flag;
}
base._securityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, GenericAcl.AclRevisionDS, 1);
base._securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent);
}
else if ((((modification == AccessControlModification.Add) || (modification == AccessControlModification.Set)) || (modification == AccessControlModification.Reset)) && ((rule.ObjectFlags != ObjectAceFlags.None) && (base._securityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS)))
{
byte[] binaryForm = new byte[base._securityDescriptor.SystemAcl.BinaryLength];
base._securityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS;
base._securityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, new RawAcl(binaryForm, 0));
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
switch (modification)
{
case AccessControlModification.Add:
base._securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Set:
base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Reset:
base._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Remove:
flag = base._securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.RemoveAll:
flag = base._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (!flag)
{
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific:
base._securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
default:
throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum"));
}
modified = flag;
base.AuditRulesModified |= modified;
return flag;
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (!this.AccessRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule");
}
return this.ModifyAccess(modification, rule as ObjectAccessRule, out modified);
}
protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified)
{
if (null == rule)
throw new ArgumentNullException ("rule");
modified = true;
WriteLock ();
try {
switch (modification) {
case AccessControlModification.Add:
descriptor.DiscretionaryAcl.AddAccess (rule.AccessControlType,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Set:
descriptor.DiscretionaryAcl.SetAccess (rule.AccessControlType,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Reset:
PurgeAccessRules (rule.IdentityReference);
goto case AccessControlModification.Add;
case AccessControlModification.Remove:
modified = descriptor.DiscretionaryAcl.RemoveAccess (rule.AccessControlType,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
PurgeAccessRules (rule.IdentityReference);
break;
case AccessControlModification.RemoveSpecific:
descriptor.DiscretionaryAcl.RemoveAccessSpecific (rule.AccessControlType,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException ("modification");
}
if (modified) AccessRulesModified = true;
} finally {
WriteUnlock ();
}
return modified;
}
public virtual bool ModifyAuditRule (AccessControlModification modification, AuditRule rule, out bool modified)
{
if (rule == null)
throw new ArgumentNullException ("rule");
if (!AuditRuleType.IsAssignableFrom (rule.GetType()))
throw new ArgumentException ("rule");
return ModifyAudit (modification, rule, out modified);
}
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified);
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
modified = default(bool);
return default(bool);
}
//
// Modifies the DACL
//
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool result = true;
if (_securityDescriptor.DiscretionaryAcl == null)
{
if (modification == AccessControlModification.Remove ||
modification == AccessControlModification.RemoveAll ||
modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return(result);
}
_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevision, 1);
_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
if (rule.AccessControlType == AccessControlType.Allow)
{
switch (modification)
{
case AccessControlModification.Add:
_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Set:
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Reset:
_securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Remove:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
if (result == false)
{
Contract.Assert(false, "Invalid operation");
throw new InvalidOperationException();
}
break;
case AccessControlModification.RemoveSpecific:
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException(
"modification",
SR.ArgumentOutOfRange_Enum);
}
}
else if (rule.AccessControlType == AccessControlType.Deny)
{
switch (modification)
{
case AccessControlModification.Add:
_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Set:
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Reset:
_securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Remove:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
if (result == false)
{
Contract.Assert(false, "Invalid operation");
throw new InvalidOperationException();
}
break;
case AccessControlModification.RemoveSpecific:
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException(
"modification",
SR.ArgumentOutOfRange_Enum);
}
}
else
{
Contract.Assert(false, "rule.AccessControlType unrecognized");
throw new ArgumentException(SR.Format(SR.Arg_EnumIllegalVal, (int)rule.AccessControlType), "rule.AccessControlType");
}
modified = result;
AccessRulesModified |= modified;
return(result);
}
finally
{
WriteUnlock();
}
}
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified);
//
// Modifies the SACL
//
private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified)
{
bool result = true;
if (_securityDescriptor.SystemAcl == null)
{
if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return result;
}
//_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1);
//_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent);
_securityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1);
}
else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) &&
(rule.ObjectFlags != ObjectAceFlags.None))
{
//
// This will result in an object ace being added to the sacl, so the sacl revision must be AclRevisionDS
//
if (_securityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS)
{
//
// we need to create a new sacl with the same aces as the existing one but the revision should be AclRevisionDS
//
byte[] binaryForm = new byte[_securityDescriptor.SystemAcl.BinaryLength];
_securityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form
_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0));
}
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
switch (modification)
{
case AccessControlModification.Add:
//_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.SystemAcl.AddAudit(sid, rule);
break;
case AccessControlModification.Set:
//_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.SystemAcl.SetAudit(sid, rule);
break;
case AccessControlModification.Reset:
_securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
//_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.SystemAcl.SetAudit(sid, rule);
break;
case AccessControlModification.Remove:
//result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
result = _securityDescriptor.SystemAcl.RemoveAudit(sid, rule);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
Debug.Assert(false, "Invalid operation");
throw new Exception();
}
break;
case AccessControlModification.RemoveSpecific:
//_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule);
break;
default:
throw new ArgumentOutOfRangeException(
"modification",
SR.ArgumentOutOfRange_Enum);
}
modified = result;
AuditRulesModified |= modified;
return result;
}
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule ruleout , System.Boolean& modified) {}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
bool flag;
if (rule == null)
{
throw new ArgumentNullException("rule");
}
if (!this.AccessRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule");
}
this.WriteLock();
try
{
flag = this.ModifyAccess(modification, rule, out modified);
}
finally
{
this.WriteUnlock();
}
return flag;
}
//
// Modifies the SACL
//
protected override bool ModifyAudit( AccessControlModification modification, AuditRule rule, out bool modified )
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool result = true;
if ( _securityDescriptor.SystemAcl == null )
{
if ( modification == AccessControlModification.Remove ||
modification == AccessControlModification.RemoveAll ||
modification == AccessControlModification.RemoveSpecific )
{
modified = false;
return result;
}
_securityDescriptor.SystemAcl = new SystemAcl( IsContainer, IsDS, GenericAcl.AclRevision, 1 );
_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent);
}
SecurityIdentifier sid = rule.IdentityReference.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier;
switch ( modification )
{
case AccessControlModification.Add :
_securityDescriptor.SystemAcl.AddAudit( rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Set :
_securityDescriptor.SystemAcl.SetAudit( rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Reset :
_securityDescriptor.SystemAcl.SetAudit( rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Remove :
result = _securityDescriptor.SystemAcl.RemoveAudit( rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.RemoveAll :
result = _securityDescriptor.SystemAcl.RemoveAudit( AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
if ( result == false )
{
throw new InvalidProgramException();
}
break;
case AccessControlModification.RemoveSpecific :
_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
default :
throw new ArgumentOutOfRangeException(
"modification",
Environment.GetResourceString( "ArgumentOutOfRange_Enum" ));
}
modified = result;
AuditRulesModified |= modified;
return result;
}
finally
{
WriteUnlock();
}
}
protected abstract bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified);
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
if ( !this.AuditRuleType.IsAssignableFrom(rule.GetType()) )
{
throw new ArgumentException(
Environment.GetResourceString("AccessControl_InvalidAuditRuleType"),
"rule");
}
Contract.EndContractBlock();
return ModifyAudit(modification, rule as ObjectAuditRule, out modified);
}
protected override bool ModifyAudit (AccessControlModification modification, AuditRule rule, out bool modified)
{
if (null == rule)
throw new ArgumentNullException ("rule");
modified = true;
WriteLock ();
try {
switch (modification) {
case AccessControlModification.Add:
if (null == descriptor.SystemAcl)
descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
descriptor.SystemAcl.AddAudit (rule.AuditFlags,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Set:
if (null == descriptor.SystemAcl)
descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1);
descriptor.SystemAcl.SetAudit (rule.AuditFlags,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Reset:
break;
case AccessControlModification.Remove:
if (null == descriptor.SystemAcl)
modified = false;
else
modified = descriptor.SystemAcl.RemoveAudit (rule.AuditFlags,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
PurgeAuditRules (rule.IdentityReference);
break;
case AccessControlModification.RemoveSpecific:
if (null != descriptor.SystemAcl)
descriptor.SystemAcl.RemoveAuditSpecific (rule.AuditFlags,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException ("modification");
}
if (modified) AuditRulesModified = true;
} finally {
WriteUnlock ();
}
return modified;
}
public virtual bool ModifyAuditRule (AccessControlModification modification, AuditRule rule, out bool modified)
{
throw new NotImplementedException ();
}
protected override bool ModifyAccess(AccessControlModification modification,
AccessRule rule, out bool modified)
{
modify_access_called = true;
modified = true; return(modified);
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, ref bool modified)
{
throw new NotImplementedException();
}
protected abstract bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified);
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
{
if ( rule == null )
{
throw new ArgumentNullException( "rule" );
}
if ( !this.AuditRuleType.IsAssignableFrom(rule.GetType()) )
{
throw new ArgumentException(
Environment.GetResourceString("AccessControl_InvalidAuditRuleType"),
"rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
return ModifyAudit(modification, rule, out modified);
}
finally
{
WriteUnlock();
}
}
protected abstract bool ModifyAudit(AccessControlModification modification, AuditRule rule, ref bool modified);
//
// Modifies the SACL
//
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool result = true;
if (_securityDescriptor.SystemAcl == null)
{
if (modification == AccessControlModification.Remove ||
modification == AccessControlModification.RemoveAll ||
modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return(result);
}
_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevision, 1);
_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent);
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
switch (modification)
{
case AccessControlModification.Add:
_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Set:
_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Reset:
_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Remove:
result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
if (result == false)
{
throw new InvalidOperationException();
}
break;
case AccessControlModification.RemoveSpecific:
_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException(
"modification",
SR.ArgumentOutOfRange_Enum);
}
modified = result;
AuditRulesModified |= modified;
return(result);
}
finally
{
WriteUnlock();
}
}
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
throw new NotImplementedException();
}
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
//if (this.AccessRuleType.IsAssignableFrom(rule.GetType().GetTypeInfo()))
////if (!TypeExtensions.IsAssignableFrom(this.AuditRuleType, rule.GetType()))
//{
// throw new ArgumentException(
// SR.AccessControl_InvalidAuditRuleType,
// "rule");
//}
Contract.EndContractBlock();
return ModifyAudit(modification, rule as ObjectAuditRule, out modified);
}
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
bool flag2;
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
bool flag = true;
if (base._securityDescriptor.SystemAcl == null)
{
if (((modification == AccessControlModification.Remove) || (modification == AccessControlModification.RemoveAll)) || (modification == AccessControlModification.RemoveSpecific))
{
modified = false;
return flag;
}
base._securityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, GenericAcl.AclRevision, 1);
base._securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent);
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
switch (modification)
{
case AccessControlModification.Add:
base._securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Set:
base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Reset:
base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Remove:
flag = base._securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
flag = base._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None);
if (!flag)
{
throw new InvalidProgramException();
}
break;
case AccessControlModification.RemoveSpecific:
base._securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum"));
}
modified = flag;
base.AuditRulesModified |= modified;
flag2 = flag;
}
finally
{
base.WriteUnlock();
}
return flag2;
}
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified)
{
if ( rule == null )
{
throw new ArgumentNullException( nameof(rule));
}
if ( !this.AuditRuleType.GetTypeInfo().IsAssignableFrom(rule.GetType().GetTypeInfo()) )
{
throw new ArgumentException(
SR.AccessControl_InvalidAuditRuleType,
nameof(rule));
}
Contract.EndContractBlock();
WriteLock();
try
{
return ModifyAudit(modification, rule, out modified);
}
finally
{
WriteUnlock();
}
}
/// <summary>
/// 设置文件夹访问权限
/// </summary>
/// <param name="folderPath">文件夹路径</param>
/// <param name="userName">需要设置权限的用户名</param>
/// <param name="rights">访问权限</param>
/// <param name="allowOrDeny">允许拒绝访问</param>
/// <param name="inherits">继承标志指定访问控制项 (ACE) 的继承语义</param>
/// <param name="propagateToChildren">指定如何将访问面控制项 (ACE) 传播到子对象。仅当存在继承标志时,这些标志才有意义</param>
/// <param name="addResetOrRemove">指定要执行的访问控制修改的类型。此枚举由 System.Security.AccessControl.ObjectSecurity 类及其子类的方法使用</param>
private bool SetFolderACL(string folderPath, string userName, FileSystemRights rights, AccessControlType allowOrDeny, InheritanceFlags inherits, PropagationFlags propagateToChildren, AccessControlModification addResetOrRemove)
{
DirectoryInfo folder = new DirectoryInfo(folderPath);
DirectorySecurity dSecurity = folder.GetAccessControl(AccessControlSections.All);
FileSystemAccessRule accRule = new FileSystemAccessRule(userName, rights, inherits, propagateToChildren, allowOrDeny);
bool modified;
dSecurity.ModifyAccessRule(addResetOrRemove, accRule, out modified);
folder.SetAccessControl(dSecurity);
return(modified);
}
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, ref bool modified)
{
throw new NotImplementedException();
}
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
throw new NotImplementedException();
}
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified);
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
{
if (null == rule)
{
throw new ArgumentNullException("rule");
}
modified = true;
WriteLock();
try {
switch (modification)
{
case AccessControlModification.Add:
if (null == descriptor.SystemAcl)
{
descriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, 1);
}
descriptor.SystemAcl.AddAudit(rule.AuditFlags,
SidFromIR(rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Set:
if (null == descriptor.SystemAcl)
{
descriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, 1);
}
descriptor.SystemAcl.SetAudit(rule.AuditFlags,
SidFromIR(rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Reset:
break;
case AccessControlModification.Remove:
if (null == descriptor.SystemAcl)
{
modified = false;
}
else
{
modified = descriptor.SystemAcl.RemoveAudit(rule.AuditFlags,
SidFromIR(rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
}
break;
case AccessControlModification.RemoveAll:
PurgeAuditRules(rule.IdentityReference);
break;
case AccessControlModification.RemoveSpecific:
if (null != descriptor.SystemAcl)
{
descriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags,
SidFromIR(rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
}
break;
default:
throw new ArgumentOutOfRangeException("modification");
}
if (modified)
{
AuditRulesModified = true;
}
} finally {
WriteUnlock();
}
return(modified);
}
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified);
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (null == rule)
{
throw new ArgumentNullException("rule");
}
modified = true;
WriteLock();
try {
switch (modification)
{
case AccessControlModification.Add:
descriptor.DiscretionaryAcl.AddAccess(rule.AccessControlType,
SidFromIR(rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Set:
descriptor.DiscretionaryAcl.SetAccess(rule.AccessControlType,
SidFromIR(rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Reset:
PurgeAccessRules(rule.IdentityReference);
goto case AccessControlModification.Add;
case AccessControlModification.Remove:
modified = descriptor.DiscretionaryAcl.RemoveAccess(rule.AccessControlType,
SidFromIR(rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
PurgeAccessRules(rule.IdentityReference);
break;
case AccessControlModification.RemoveSpecific:
descriptor.DiscretionaryAcl.RemoveAccessSpecific(rule.AccessControlType,
SidFromIR(rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException("modification");
}
if (modified)
{
AccessRulesModified = true;
}
} finally {
WriteUnlock();
}
return(modified);
}
