/// <summary>
/// Calculate the length of the ApplicationData byte array according to the specified ace header.
/// </summary>
/// <param name="header">The specified ace header.</param>
/// <param name="sid">The sid of the specified ace.</param>
/// <returns>The calculated length.</returns>
/// <exception cref="ArgumentOutOfRangeException">Throw when the ace type is invalid.</exception>
internal static int CalculateApplicationDataLength(_ACE_HEADER header, _SID sid)
{
int applicationDataLength = 0;
switch (header.AceType)
{
case ACE_TYPE.ACCESS_ALLOWED_CALLBACK_ACE_TYPE:
case ACE_TYPE.ACCESS_DENIED_CALLBACK_ACE_TYPE:
case ACE_TYPE.SYSTEM_AUDIT_CALLBACK_ACE_TYPE:
//The AceSize contains the following parts:
//_ACE_HEADER Header,(4 bytes)
//uint Mask,(4 bytes)
//_SID Sid;(variable length)
//byte[] ApplicationData,(variable length)
applicationDataLength =
header.AceSize - SHORT_FIXED_ACE_LENGTH - TypeMarshal.ToBytes<_SID>(sid).GetLength(0);
break;
case ACE_TYPE.ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
case ACE_TYPE.ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
case ACE_TYPE.SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
//The AceSize contains the following parts:
//_ACE_HEADER Header,(4 bytes)
//uint Mask,(4 bytes)
//uint Flags,(4 bytes)
//Guid ObjectType,(16 bytes)
//Guid InheritedObjectType,(16 bytes)
//_SID Sid;(variable length)
//byte[] ApplicationData,(variable length)
applicationDataLength =
header.AceSize - LONG_FIXED_ACE_LENGTH - TypeMarshal.ToBytes<_SID>(sid).GetLength(0);
break;
default:
throw new ArgumentOutOfRangeException("header", "The ace type is invalid.");
}
return applicationDataLength > 0 ? applicationDataLength : 0;
}
/// <summary>
/// Create an ACCESS_DENIED_ACE by using specific SID, access mask and optional ace flags.
/// </summary>
/// <param name="sid">The SID of the trustee.</param>
/// <param name="mask">An ACCESS_MASK that specifies the user rights denied by this ACE.</param>
/// <param name="flags">ACE type-specific control flags in the ACE header.</param>
/// <returns>The constructed ACCESS_DENIED_ACE structure</returns>
public static _ACCESS_DENIED_ACE CreateAccessDeniedAce(_SID sid, uint mask, ACE_FLAGS flags = ACE_FLAGS.None)
{
_ACE_HEADER aceHeader = new _ACE_HEADER
{
AceFlags = flags,
AceType = ACE_TYPE.ACCESS_DENIED_ACE_TYPE,
// Header (4 bytes) + Mask (4 bytes) + SID length;
// For details, please refer to MS-DTYP.
AceSize = (ushort)(4 + 4 + DtypUtility.SidLength(sid)),
};
_ACCESS_DENIED_ACE ace = new _ACCESS_DENIED_ACE
{
Header = aceHeader,
Mask = mask,
Sid = sid,
};
return ace;
}
/// <summary>
/// Create a SYSTEM_SCOPED_POLICY_ID_ACE with specified SID and optional ACE_FLAGS.
/// </summary>
/// <param name="sid">A SID that identifies a central access policy.</param>
/// <param name="flags">An unsigned 8-bit integer that specifies a set of ACE type-specific control flags. </param>
/// <returns>Return the ACE.</returns>
public static _SYSTEM_SCOPED_POLICY_ID_ACE CreateSystemScopedPolicyIdAce(_SID sid,
ACE_FLAGS flags = ACE_FLAGS.OBJECT_INHERIT_ACE | ACE_FLAGS.CONTAINER_INHERIT_ACE)
{
_ACE_HEADER aceHeader = new _ACE_HEADER
{
AceFlags = flags,
AceType = ACE_TYPE.SYSTEM_SCOPED_POLICY_ID_ACE_TYPE,
// Header (4 bytes) + Mask (4 bytes) + SID length;
// For details, please refer to MS-DTYP.
AceSize = (ushort)(4 + 4 + DtypUtility.SidLength(sid)),
};
_SYSTEM_SCOPED_POLICY_ID_ACE ace = new _SYSTEM_SCOPED_POLICY_ID_ACE
{
Header = aceHeader,
Mask = 0, // An ACCESS_MASK that MUST be set to zero.
Sid = sid,
};
return ace;
}
private SystemResourceAttributeAce(string attributeName)
{
if (attributeName.Length < 2)
{
throw new ArgumentException("attributeName must be at least 4 bytes in length.");
}
AttributeName = attributeName;
Sid = DtypUtility.GetWellKnownSid(WellKnownSid.EVERYONE, null);
AttributeData.Flags = CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1.FlagEnum.CLAIM_SECURITY_ATTRIBUTE_MANDATORY
| CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1.FlagEnum.FCI_CLAIM_SECURITY_ATTRIBUTE_MANUAL;
Mask = 0;
Header = new _ACE_HEADER
{
AceFlags = ACE_FLAGS.CONTAINER_INHERIT_ACE | ACE_FLAGS.OBJECT_INHERIT_ACE,
AceType = ACE_TYPE.SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE,
// Size would be filled later
};
}