Ejemplo n.º 1
 internal static extern Win32Error TreeResetNamedSecurityInfo(
     string pObjectName,
     SeObjectType ObjectType,
     SecurityInformation SecurityInfo,
     byte[] psidOwner,
     byte[] psidGroup,
     byte[] pDacl,
     byte[] pSacl,
     [MarshalAs(UnmanagedType.Bool)] bool KeepExplicit,
     TreeSetNamedSecurityProgress fnProgress,
     ProgressInvokeSetting ProgressInvokeSetting,
     IntPtr Args
Ejemplo n.º 2
 internal static extern Win32Error TreeSetNamedSecurityInfo(
     string pObjectName,
     SeObjectType ObjectType,
     SecurityInformation SecurityInfo,
     byte[] psidOwner,
     byte[] psidGroup,
     byte[] pDacl,
     byte[] pSacl,
     TreeSecInfo dwAction,
     TreeSetNamedSecurityProgress fnProgress,
     ProgressInvokeSetting ProgressInvokeSetting,
     IntPtr Args
 /// <summary>
 /// Get the source of inherited ACEs.
 /// </summary>
 /// <param name="name">The name of the resource.</param>
 /// <param name="type">The type of the resource.</param>
 /// <param name="container">Whether the resource is a container.</param>
 /// <param name="object_types">Optional list of object types.</param>
 /// <param name="security_descriptor">The security descriptor for the resource.</param>
 /// <param name="sacl">True to check the SACL otherwise checks the DACL.</param>
 /// <param name="generic_mapping">Generic mapping for the resource.</param>
 /// <param name="query_security">Query security descriptors for sources.</param>
 /// <returns>The list of inheritance sources.</returns>
 public static IEnumerable <SecurityDescriptorInheritanceSource> GetInheritanceSource(
     string name,
     SeObjectType type,
     bool container,
     Guid[] object_types,
     SecurityDescriptor security_descriptor,
     bool sacl,
     GenericMapping generic_mapping,
     bool query_security)
     return(GetInheritanceSource(name, type, container, object_types,
                                 security_descriptor, sacl, generic_mapping,
                                 query_security, true).Result);
        /// <summary>
        /// Get the source of inherited ACEs.
        /// </summary>
        /// <param name="name">The name of the resource.</param>
        /// <param name="type">The type of the resource.</param>
        /// <param name="container">Whether the resource is a container.</param>
        /// <param name="object_types">Optional list of object types.</param>
        /// <param name="security_descriptor">The security descriptor for the resource.</param>
        /// <param name="sacl">True to check the SACL otherwise checks the DACL.</param>
        /// <param name="generic_mapping">Generic mapping for the resource.</param>
        /// <param name="query_security">Query security descriptors for sources.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The list of inheritance sources.</returns>
        public static NtResult <IEnumerable <SecurityDescriptorInheritanceSource> > GetInheritanceSource(
            string name,
            SeObjectType type,
            bool container,
            Guid[] object_types,
            SecurityDescriptor security_descriptor,
            bool sacl,
            GenericMapping generic_mapping,
            bool query_security,
            bool throw_on_error)
            Acl acl = sacl ? security_descriptor.Sacl : security_descriptor.Dacl;

            if (acl == null || acl.NullAcl)
                return(NtStatus.STATUS_INVALID_ACL.CreateResultFromError <IEnumerable <SecurityDescriptorInheritanceSource> >(throw_on_error));

            using (var list = new DisposableList())
                SafeGuidArrayBuffer guids = SafeGuidArrayBuffer.Null;
                if (object_types?.Length > 0)
                    guids = list.AddResource(new SafeGuidArrayBuffer(object_types));

                NtType native_type = GetNativeType(type);

                INHERITED_FROM[] inherited_from = new INHERITED_FROM[acl.Count];
                NtStatus         status         = NtStatus.STATUS_INVALID_PARAMETER;
                    status = Win32NativeMethods.GetInheritanceSource(name, type, sacl ? SecurityInformation.Sacl : SecurityInformation.Dacl,
                                                                     container, guids, guids.Count, acl.ToByteArray(), IntPtr.Zero, ref generic_mapping, inherited_from).MapDosErrorToStatus();
                    return(status.CreateResult(throw_on_error, () => (IEnumerable <SecurityDescriptorInheritanceSource>)inherited_from
                                               .Select((s, i) => new SecurityDescriptorInheritanceSource(acl[i], s, type,
                                                                                                         native_type, container, query_security, sacl)).Where(s => s.Depth != -1).ToArray()));
                    if (status.IsSuccess())
                        Win32NativeMethods.FreeInheritedFromArray(inherited_from, (ushort)inherited_from.Length, IntPtr.Zero);
        /// <summary>
        /// Get the security descriptor for a named resource.
        /// </summary>
        /// <param name="name">The name of the resource.</param>
        /// <param name="type">The type of the resource.</param>
        /// <param name="security_information">The security information to get.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The security descriptor.</returns>
        public static NtResult <SecurityDescriptor> GetSecurityInfo(
            string name,
            SeObjectType type,
            SecurityInformation security_information,
            bool throw_on_error)
            using (var result = Win32NativeMethods.GetNamedSecurityInfo(name, type,
                                                                        security_information, null,
                                                                        null, null, null, out SafeLocalAllocBuffer sd).MapDosErrorToStatus().CreateResult(throw_on_error, () => sd))
                if (!result.IsSuccess)
                    return(result.Cast <SecurityDescriptor>());

                return(SecurityDescriptor.Parse(result.Result, GetNativeType(type), throw_on_error));
Ejemplo n.º 6
        /// <summary>
        /// Gets the security descriptor of an object.
        /// </summary>
        /// <param name="handle">A handle to an object.</param>
        /// <param name="objectType">The type of the object.</param>
        /// <param name="securityInformation">The information to retrieve.</param>
        /// <returns>A security descriptor.</returns>
        public static SecurityDescriptor GetSecurity(IntPtr handle, SeObjectType objectType, SecurityInformation securityInformation)
            Win32Error result;
            IntPtr     dummy, securityDescriptor;

            if ((result = Win32.GetSecurityInfo(
                     out dummy, out dummy, out dummy, out dummy,
                     out securityDescriptor
                     )) != 0)

            return(new SecurityDescriptor(new LocalMemoryAlloc(securityDescriptor)));
 /// <summary>
 /// Reset security using a named object.
 /// </summary>
 /// <param name="name">The name of the object.</param>
 /// <param name="type">The type of named object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 /// <param name="invoke_setting">Specify to indicate when to execute progress function.</param>
 /// <param name="keep_explicit">True to keep explicit ACEs.</param>
 /// <param name="progress_function">Progress function.</param>
 /// <param name="throw_on_error">True to throw on error.</param>
 /// <returns>The NT status code.</returns>
 public static NtStatus ResetSecurityInfo(string name, SeObjectType type,
                                          SecurityInformation security_information,
                                          SecurityDescriptor security_descriptor,
                                          TreeProgressFunction progress_function,
                                          ProgressInvokeSetting invoke_setting,
                                          bool keep_explicit,
                                          bool throw_on_error)
                name, type, security_information,
Ejemplo n.º 8
        /// <summary>
        /// Sets the security descriptor of an object.
        /// </summary>
        /// <param name="handle">A handle to an object.</param>
        /// <param name="objectType">The type of the object.</param>
        /// <param name="securityInformation">The information to modify.</param>
        /// <param name="securityDescriptor">The security descriptor.</param>
        public static void SetSecurity(IntPtr handle, SeObjectType objectType, SecurityInformation securityInformation, SecurityDescriptor securityDescriptor)
            Win32Error result;
            IntPtr     dacl  = IntPtr.Zero;
            IntPtr     group = IntPtr.Zero;
            IntPtr     owner = IntPtr.Zero;
            IntPtr     sacl  = IntPtr.Zero;

            if ((securityInformation & SecurityInformation.Dacl) == SecurityInformation.Dacl)
                dacl = securityDescriptor.Dacl ?? IntPtr.Zero;
            if ((securityInformation & SecurityInformation.Group) == SecurityInformation.Group)
                group = securityDescriptor.Group;
            if ((securityInformation & SecurityInformation.Owner) == SecurityInformation.Owner)
                owner = securityDescriptor.Owner;
            if ((securityInformation & SecurityInformation.Sacl) == SecurityInformation.Sacl)
                sacl = securityDescriptor.Sacl ?? IntPtr.Zero;

            if ((result = Win32.SetSecurityInfo(
                     )) != 0)
Ejemplo n.º 9
        /// <summary>
        /// Get the security descriptor for a resource.
        /// </summary>
        /// <param name="handle">The handle to the resource.</param>
        /// <param name="type">The type of the resource.</param>
        /// <param name="security_information">The security information to get.</param>
        /// <param name="throw_on_error">True to throw on error.</param>
        /// <returns>The security descriptor.</returns>
        public static NtResult <SecurityDescriptor> GetSecurityInfo(
            SafeHandle handle,
            SeObjectType type,
            SecurityInformation security_information,
            bool throw_on_error)
            using (var result = SecurityNativeMethods.GetSecurityInfo(handle, type,
                                                                      security_information, null,
                                                                      null, null, null, out SafeLocalAllocBuffer sd).MapDosErrorToStatus().CreateResult(throw_on_error, () => sd)) {
                if (!result.IsSuccess)
                    return(result.Cast <SecurityDescriptor>());

                NtType sd_type = null;
                if (handle is SafeKernelObjectHandle kernel_handle)
                    sd_type = NtType.GetTypeByName(kernel_handle.NtTypeName, false);

                return(SecurityDescriptor.Parse(result.Result, sd_type ?? GetNativeType(type), throw_on_error));
 internal SecurityDescriptorInheritanceSource(
     Ace ace, INHERITED_FROM inherited_from, SeObjectType type,
     NtType native_type,
     bool container,
     bool query_security, bool sacl)
     InheritedAce = ace;
     Sid          = ace.Sid;
     if (native_type != null)
         Access = NtSecurity.AccessMaskToString(ace.Mask, container
             ? native_type.ContainerAccessRightsType
             : native_type.AccessRightsType,
                                                native_type.GenericMapping, false);
         GenericAccess = NtSecurity.AccessMaskToString(ace.Mask, container
             ? native_type.ContainerAccessRightsType
             : native_type.AccessRightsType,
                                                       native_type.GenericMapping, true);
         Access        = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess());
         GenericAccess = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess());
     Depth = inherited_from.GenerationGap;
     Name  = Marshal.PtrToStringUni(inherited_from.AncestorName);
     if (query_security && Name != null)
         SecurityInformation sec_info = sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl;
         var sd = Win32Security.GetSecurityInfo(Name, type, sec_info, false);
         if (sd.IsSuccess)
             SecurityDescriptor = sd.Result;
        /// <summary>
        /// Get the NT type for a SE Object Type.
        /// </summary>
        /// <param name="type">The type of the resource.</param>
        /// <returns>The NT type if known, otherwise null.</returns>
        public static NtType GetNativeType(SeObjectType type)
            switch (type)
            case SeObjectType.File:
                return(NtType.GetTypeByType <NtFile>());

            case SeObjectType.RegistryKey:
            case SeObjectType.RegistryWow6432Key:
            case SeObjectType.RegistryWow6464Key:
                return(NtType.GetTypeByType <NtKey>());

            case SeObjectType.Service:

            case SeObjectType.WmiGuid:
                return(NtType.GetTypeByType <NtEtwRegistration>());

            case SeObjectType.Ds:
            case SeObjectType.DsAll:
 /// <summary>
 /// Constructor.
 /// </summary>
 public GetWin32GrantedAccessCmdlet()
     Type = SeObjectType.File;
Ejemplo n.º 13
 internal static int SetNamedSecurityInfo(string pObjectName, SeObjectType ObjectType, SecurityInformation SecurityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl)
Ejemplo n.º 14
 public static ISecurable GetSecurableWrapper(SeObjectType objectType, IntPtr handle)
     return(GetSecurableWrapper(objectType, (access) => new NativeHandle <StandardRights>(handle, access)));
Ejemplo n.º 15
 public static ISecurable GetSecurableWrapper(SeObjectType objectType, Func <StandardRights, NativeHandle> openMethod)
     return(new SeSecurableObjectWrapper(objectType, openMethod));
Ejemplo n.º 16
 private static extern uint SetSecurityInfo(IntPtr handle, SeObjectType ObjectType,
                                            SecurityInformation SecurityInfo, IntPtr psidOwner,
                                            IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);
        /// <summary>
        /// Sets the security descriptor of an object.
        /// </summary>
        /// <param name="handle">A handle to an object.</param>
        /// <param name="objectType">The type of the object.</param>
        /// <param name="securityInformation">The information to modify.</param>
        /// <param name="securityDescriptor">The security descriptor.</param>
        public static void SetSecurity(IntPtr handle, SeObjectType objectType, SecurityInformation securityInformation, SecurityDescriptor securityDescriptor)
            Win32Error result;
            IntPtr dacl = IntPtr.Zero;
            IntPtr group = IntPtr.Zero;
            IntPtr owner = IntPtr.Zero;
            IntPtr sacl = IntPtr.Zero;

            if (securityInformation.HasFlag(SecurityInformation.Dacl))
                dacl = securityDescriptor.Dacl ?? IntPtr.Zero;
            if (securityInformation.HasFlag(SecurityInformation.Group))
                group = securityDescriptor.Group;
            if (securityInformation.HasFlag(SecurityInformation.Owner))
                owner = securityDescriptor.Owner;
            if (securityInformation.HasFlag(SecurityInformation.Sacl))
                sacl = securityDescriptor.Sacl ?? IntPtr.Zero;

            if ((result = Win32.SetSecurityInfo(
                )) != 0)
Ejemplo n.º 18
 /// <summary>
 /// Sets the security descriptor of the object.
 /// </summary>
 /// <param name="objectType">The type of the object.</param>
 /// <param name="securityInformation">The information to modify.</param>
 /// <param name="securityDescriptor">The security descriptor.</param>
 protected void SetSecurity(SeObjectType objectType, SecurityInformation securityInformation, SecurityDescriptor securityDescriptor)
     SecurityDescriptor.SetSecurity(this, objectType, securityInformation, securityDescriptor);
Ejemplo n.º 19
		internal static int GetNamedSecurityInfo(string pObjectName, SeObjectType ObjectType, SecurityInformation SecurityInfo, out IntPtr ppsidOwner, out IntPtr ppsidGroup, out IntPtr ppDacl, out IntPtr ppSacl, out IntPtr ppSecurityDescriptor)
			ppsidOwner = IntPtr.Zero;
			ppsidGroup = IntPtr.Zero;
			ppDacl = IntPtr.Zero;
			ppSacl = IntPtr.Zero;
			ppSecurityDescriptor = IntPtr.Zero;
			return 0;
Ejemplo n.º 20
 public SeSecurableObjectWrapper(SeObjectType objectType, Func <StandardRights, NativeHandle> openMethod)
     _objectType = objectType;
     _openMethod = openMethod;
Ejemplo n.º 21
		internal static int SetNamedSecurityInfo(string pObjectName, SeObjectType ObjectType, SecurityInformation SecurityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl) {
			return 0;
 /// <summary>
 /// Set security using a named object.
 /// </summary>
 /// <param name="name">The name of the object.</param>
 /// <param name="type">The type of named object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 /// <returns>The Win32 Error Code.</returns>
 public static void SetSecurityInfo(string name, SeObjectType type,
                                    SecurityInformation security_information,
                                    SecurityDescriptor security_descriptor)
     SetSecurityInfo(name, type, security_information, security_descriptor, true);
Ejemplo n.º 23
 /// <summary>
 /// Gets the security descriptor of the object.
 /// </summary>
 /// <param name="objectType">The type of the object.</param>
 /// <param name="securityInformation">The information to retrieve.</param>
 /// <returns>A security descriptor.</returns>
 protected SecurityDescriptor GetSecurity(SeObjectType objectType, SecurityInformation securityInformation)
     return(SecurityDescriptor.GetSecurity(this, objectType, securityInformation));
 /// <summary>
 /// Set security using an object handle.
 /// </summary>
 /// <param name="handle">The handle of the object.</param>
 /// <param name="type">The type of object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 public static void SetSecurityInfo(SafeHandle handle, SeObjectType type,
                                    SecurityInformation security_information,
                                    SecurityDescriptor security_descriptor)
     SetSecurityInfo(handle, type, security_information, security_descriptor, true);
 /// <summary>
 /// Constructor.
 /// </summary>
 public GetWin32SecurityDescriptorCmdlet()
     Type = SeObjectType.File;
     SecurityInformation = SecurityInformation.AllBasic;
 /// <summary>
 /// Set security using an object handle.
 /// </summary>
 /// <param name="obj">The handle of the object.</param>
 /// <param name="type">The type of object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 /// <param name="throw_on_error">True to throw on error.</param>
 /// <returns>The NT status code.</returns>
 public static NtStatus SetSecurityInfo(NtObject obj, SeObjectType type,
                                        SecurityInformation security_information,
                                        SecurityDescriptor security_descriptor, bool throw_on_error)
     return(SetSecurityInfo(obj.Handle, type, security_information, security_descriptor, throw_on_error));
 /// <summary>
 /// Set security using an object handle.
 /// </summary>
 /// <param name="obj">The handle of the object.</param>
 /// <param name="type">The type of object.</param>
 /// <param name="security_information">The security information to set.</param>
 /// <param name="security_descriptor">The security descriptor to set.</param>
 public static void SetSecurityInfo(NtObject obj, SeObjectType type,
                                    SecurityInformation security_information,
                                    SecurityDescriptor security_descriptor)
     SetSecurityInfo(obj, type, security_information, security_descriptor, true);
Ejemplo n.º 28
        /// <summary>
        /// Gets the security descriptor of an object.
        /// </summary>
        /// <param name="handle">A handle to an object.</param>
        /// <param name="objectType">The type of the object.</param>
        /// <param name="securityInformation">The information to retrieve.</param>
        /// <returns>A security descriptor.</returns>
        public static SecurityDescriptor GetSecurity(IntPtr handle, SeObjectType objectType, SecurityInformation securityInformation)
            Win32Error result;
            IntPtr dummy, securityDescriptor;

            if ((result = Win32.GetSecurityInfo(
                out dummy, out dummy, out dummy, out dummy,
                out securityDescriptor
                )) != 0)

            return new SecurityDescriptor(new LocalMemoryAlloc(securityDescriptor));