private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
{
var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
byte[] securityDescriptorBinary = null;
try
{
// Get the binary form of the descriptor.
PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm();
}
finally
{
PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
}
try
{
PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
// Transfer it to the new file / directory.
// We keep these two code branches so that we can have more
// granular information when we ouput the object type via
// WriteSecurityDescriptorObject.
if (Directory.Exists(path))
{
DirectorySecurity newDescriptor = new DirectorySecurity();
newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
new DirectoryInfo(path).SetAccessControl(newDescriptor);
WriteSecurityDescriptorObject(newDescriptor, path);
}
else
{
FileSecurity newDescriptor = new FileSecurity();
newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
new FileInfo(path).SetAccessControl(newDescriptor);
WriteSecurityDescriptorObject(newDescriptor, path);
}
}
finally
{
PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
}
}
/// <summary>
/// Gets the SecurityDescriptor at the specified path, including only the specified
/// AccessControlSections.
/// </summary>
/// <param name="path">
/// The path of the item to retrieve. It may be a drive or provider-qualified path and may include.
/// glob characters.
/// </param>
/// <param name="sections">
/// The sections of the security descriptor to include.
/// </param>
/// <returns>
/// Nothing. An object that represents the security descriptor for the item
/// specified by path is written to the context's pipeline.
/// </returns>
/// <exception cref="System.ArgumentException">
/// path is null or empty.
/// path doesn't exist
/// sections is not valid.
/// </exception>
public void GetSecurityDescriptor(string path,
AccessControlSections sections)
{
ObjectSecurity sd = null;
path = NormalizePath(path);
if (string.IsNullOrEmpty(path))
{
throw PSTraceSource.NewArgumentNullException("path");
}
if ((sections & ~AccessControlSections.All) != 0)
{
throw PSTraceSource.NewArgumentException("sections");
}
var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
try
{
PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
if (Directory.Exists(path))
{
sd = new DirectorySecurity(path, sections);
}
else
{
sd = new FileSecurity(path, sections);
}
}
catch (System.Security.SecurityException e)
{
WriteError(new ErrorRecord(e, e.GetType().FullName, ErrorCategory.PermissionDenied, path));
}
finally
{
PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
}
WriteSecurityDescriptorObject(sd, path);
}
