public static IEnumerable <INHERITED_FROM> GetInheritanceSource(string objectName, System.Security.AccessControl.ResourceType objectType,
SECURITY_INFORMATION securityInfo, bool container, IntPtr pAcl, ref GENERIC_MAPPING pGenericMapping)
{
var objSize = Marshal.SizeOf(typeof(INHERITED_FROM));
var aceCount = GetAceCount(pAcl);
using (var pInherit = new SafeInheritedFromArray((ushort)aceCount))
{
AdvApi32.GetInheritanceSource(objectName, (SE_OBJECT_TYPE)objectType, securityInfo, container, null, 0, pAcl, IntPtr.Zero, ref pGenericMapping, pInherit).ThrowIfFailed();
return(pInherit.Results);
}
}
public void GetAceTest(bool validUser, bool validCred, string urn, string dn, string dc, string domain, string username, string password, string notes)
{
var fun = $"{domain}\\{username}";
var pSD = GetSD(fn);
var b = GetSecurityDescriptorDacl(pSD, out var daclPresent, out var pAcl, out var defaulted);
Assert.That(b, Is.True);
Assert.That(daclPresent, Is.True);
Assert.That(pAcl, Is.Not.EqualTo(IntPtr.Zero));
var hardAcl = ((IntPtr)pAcl).ToStructure <ACL>();
var ari = new ACL_REVISION_INFORMATION();
b = GetAclInformation(pAcl, ref ari, (uint)Marshal.SizeOf(typeof(ACL_REVISION_INFORMATION)), ACL_INFORMATION_CLASS.AclRevisionInformation);
Assert.That(b, Is.True);
Assert.That(ari.AclRevision, Is.EqualTo(hardAcl.AclRevision));
var asi = new ACL_SIZE_INFORMATION();
b = GetAclInformation(pAcl, ref asi, (uint)Marshal.SizeOf(typeof(ACL_SIZE_INFORMATION)), ACL_INFORMATION_CLASS.AclSizeInformation);
Assert.That(b, Is.True);
Assert.That(asi.AceCount, Is.EqualTo(hardAcl.AceCount));
for (var i = 0U; i < asi.AceCount; i++)
{
b = GetAce(pAcl, i, out var pAce);
Assert.That(b, Is.True);
var accountSize = 1024;
var domainSize = 1024;
var outuser = new StringBuilder(accountSize, accountSize);
var outdomain = new StringBuilder(domainSize, domainSize);
b = LookupAccountSid(null, pAce.GetSid(), outuser, ref accountSize, outdomain, ref domainSize, out _);
Assert.That(b, Is.True);
TestContext.WriteLine($"Ace{i}: {pAce.GetHeader().AceType}={outdomain}\\{outuser}; {pAce.GetMask()}");
}
BuildTrusteeWithName(out var pTrustee, fun);
Assert.That(GetEffectiveRightsFromAcl(pAcl, pTrustee, out var accessRights), Is.EqualTo(Win32Error.ERROR_NONE_MAPPED).Or.Zero);
var map = new GENERIC_MAPPING((uint)Kernel32.FileAccess.FILE_GENERIC_READ, (uint)Kernel32.FileAccess.FILE_GENERIC_WRITE, (uint)Kernel32.FileAccess.FILE_GENERIC_EXECUTE, (uint)Kernel32.FileAccess.FILE_ALL_ACCESS);
var ifArray = new SafeInheritedFromArray(hardAcl.AceCount);
var err = GetInheritanceSource(fn, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, false, null,
0, pAcl, IntPtr.Zero, map, ifArray);
Assert.That(err, Is.EqualTo(0));
TestContext.WriteLine($"{hardAcl.AceCount}: {string.Join("; ", ifArray.Results.Select(i => i.ToString()))}");
Assert.That(() => ifArray.Dispose(), Throws.Nothing);
}
public void GetAceTest(bool validUser, bool validCred, string urn, string dn, string dc, string domain, string username, string password, string notes)
{
var fun = $"{domain}\\{username}";
var pSD = GetSD(fn);
var b = GetSecurityDescriptorDacl(pSD, out bool daclPresent, out IntPtr pAcl, out bool defaulted);
Assert.That(b, Is.True);
Assert.That(daclPresent, Is.True);
Assert.That(pAcl, Is.Not.EqualTo(IntPtr.Zero));
var hardAcl = pAcl.ToStructure <ACL>();
var ari = new ACL_REVISION_INFORMATION();
b = GetAclInformation(pAcl, ref ari, (uint)Marshal.SizeOf(typeof(ACL_REVISION_INFORMATION)), ACL_INFORMATION_CLASS.AclRevisionInformation);
Assert.That(b, Is.True);
Assert.That(ari.AclRevision, Is.EqualTo(hardAcl.AclRevision));
var asi = new ACL_SIZE_INFORMATION();
b = GetAclInformation(pAcl, ref asi, (uint)Marshal.SizeOf(typeof(ACL_SIZE_INFORMATION)), ACL_INFORMATION_CLASS.AclSizeInformation);
Assert.That(b, Is.True);
Assert.That(asi.AceCount, Is.GreaterThan(0));
Assert.That(asi.AceCount, Is.EqualTo(hardAcl.AceCount));
b = GetAce(pAcl, 0, out IntPtr pAce);
Assert.That(b, Is.True);
var accessRights = 0U;
var pTrustee = new TRUSTEE(fun);
Assert.That(GetEffectiveRightsFromAcl(pAcl, pTrustee, ref accessRights), Is.EqualTo(Win32Error.ERROR_NONE_MAPPED).Or.Zero);
var map = new GENERIC_MAPPING((uint)Kernel32.FileAccess.FILE_GENERIC_READ, (uint)Kernel32.FileAccess.FILE_GENERIC_WRITE, (uint)Kernel32.FileAccess.FILE_GENERIC_EXECUTE, (uint)Kernel32.FileAccess.FILE_ALL_ACCESS);
var ifArray = new SafeInheritedFromArray(hardAcl.AceCount);
var err = GetInheritanceSource(fn, SE_OBJECT_TYPE.SE_FILE_OBJECT, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION, false, null,
0, pAcl, IntPtr.Zero, ref map, ifArray);
Assert.That(err, Is.EqualTo(0));
TestContext.WriteLine($"{hardAcl.AceCount}: {string.Join("; ", ifArray.Results.Select(i => i.ToString()))}");
Assert.That(() => ifArray.Dispose(), Throws.Nothing);
}
public static extern Win32Error GetInheritanceSource([MarshalAs(UnmanagedType.LPTStr)] string pObjectName, SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo, [MarshalAs(UnmanagedType.Bool)] bool Container,
[In, MarshalAs(UnmanagedType.LPArray, SizeParamIndex = 5, ArraySubType = UnmanagedType.LPStruct), Optional] Guid[] pObjectClassGuids,
uint GuidCount, [In] IntPtr pAcl, [In] IntPtr pfnArray, [In] ref GENERIC_MAPPING pGenericMapping, SafeInheritedFromArray pInheritArray);