/// <summary>
/// Gets the effective permissions for the provided Sid within the Security Descriptor.
/// </summary>
/// <param name="pUserSid">A pointer to the Sid of the identity to check.</param>
/// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
/// <returns>An array of access masks.</returns>
public virtual uint[] GetEffectivePermission(PSID pUserSid, string serverName, IntPtr pSecurityDescriptor)
{
var sd = new SafeSecurityDescriptor(pSecurityDescriptor, false);
var mask = pUserSid.GetEffectiveRights(sd);
return(new[] { mask });
}
public static extern Win32Error GetNamedSecurityInfo(
string pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
out IntPtr ppsidOwner,
out IntPtr ppsidGroup,
out IntPtr ppDacl,
out IntPtr ppSacl,
out SafeSecurityDescriptor ppSecurityDescriptor);
public static uint GetEffectiveRights(this PSID pSid, SafeSecurityDescriptor pSD)
{
var t = new TRUSTEE(pSid);
GetSecurityDescriptorDacl(pSD, out bool daclPresent, out IntPtr pDacl, out bool daclDefaulted);
uint access = 0;
GetEffectiveRightsFromAcl(pDacl, t, ref access);
return(access);
}
public static SafeSecurityDescriptor GetPrivateObjectSecurity(this PSECURITY_DESCRIPTOR pSD, SECURITY_INFORMATION si)
{
var pResSD = SafeSecurityDescriptor.Null;
AdvApi32.GetPrivateObjectSecurity(pSD, si, pResSD, 0, out var ret);
if (ret > 0)
{
pResSD = new SafeSecurityDescriptor((int)ret);
if (!pResSD.IsInvalid && !AdvApi32.GetPrivateObjectSecurity(pSD, si, pResSD, ret, out ret))
{
Win32Error.GetLastError().ThrowIfFailed();
}
}
return(pResSD);
}
public static NamedPipeServerStream CreatePipe(string name)
{
var sa = new SecurityAttributes();
sa.Length = Marshal.SizeOf(typeof(SecurityAttributes));
sa.Inheritable = true;
Debugger.Debug(LogLevel.Info, $"Created SA: {sa}");
// Create a YOLO security descriptor to get around Access Denied problems
// This is a pipe for a game; nothing of value to steal
SafeSecurityDescriptor securityDescriptor = SafeSecurityDescriptor.FromSDDL("D:(A;OICI;GA;;;WD)");
Debugger.Debug(LogLevel.Info, $"Got security descriptor: {securityDescriptor}");
sa.SecurityDescriptor = securityDescriptor.DangerousGetHandle();
IntPtr pipeHandle = CreateNamedPipe($@"\\.\pipe\{name}", PIPE_ACCESS_DUPLEX, PIPE_TYPE_BYTE, 1, 64 * 1024, 64 * 1024, 0, sa);
Debugger.Debug(LogLevel.Info, $"Created pipe: {pipeHandle.ToString("X")}");
securityDescriptor.Dispose();
return(new NamedPipeServerStream(PipeDirection.InOut, false, false, new SafePipeHandle(pipeHandle, true)));
}
public SecurityEventArg(SafeSecurityDescriptor sd, SECURITY_INFORMATION parts)
{
Parts = parts;
SecurityDesciptor = sd;
}
public static string ToSddl(this SafeSecurityDescriptor pSD, SECURITY_INFORMATION si) => ConvertSecurityDescriptorToStringSecurityDescriptor(pSD, si);
public static SafeSecurityDescriptor GetPrivateObjectSecurity(this SafeSecurityDescriptor pSD, SECURITY_INFORMATION si) => GetPrivateObjectSecurity((PSECURITY_DESCRIPTOR)pSD, si);
public static string ToSddl(this SafeSecurityDescriptor pSD, SECURITY_INFORMATION si) => ConvertSecurityDescriptorToStringSecurityDescriptor(pSD, SDDL_REVISION.SDDL_REVISION_1, si, out var ssd, out var _) ? ssd : null;
public static extern bool ConvertSecurityDescriptorToStringSecurityDescriptor(SafeSecurityDescriptor SecurityDescriptor, SDDL_REVISION RequestedStringSDRevision,
SECURITY_INFORMATION SecurityInformation, [MarshalAs(UnmanagedType.CustomMarshaler, MarshalTypeRef = typeof(LocalStringMarshaler), MarshalCookie = "Auto")] out string StringSecurityDescriptor, out uint StringSecurityDescriptorLen);
public static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(string StringSecurityDescriptor, SDDL_REVISION StringSDRevision,
out SafeSecurityDescriptor SecurityDescriptor, out uint SecurityDescriptorSize);
private static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(
string stringSecurityDescriptor,
int stringSdRevision,
out SafeSecurityDescriptor pSecurityDescriptor,
IntPtr securityDescriptorSize);
