public static extern BOOL GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor, out PSID pOwner, out BOOL lpbOwnerDefaulted );
public static extern BOOL GetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR pSecurityDescriptor, out PSID pGroup, out BOOL lpbGroupDefaulted );
public static extern DWORD GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pSecurityDescriptor );
public static extern BOOL InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision);
public static extern BOOL GetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor, out SECURITY_DESCRIPTOR_CONTROL pControl, out DWORD lpdwRevision );
/// <summary>
/// Gets the effective permissions for the provided Sid within the Security Descriptor.
/// </summary>
/// <param name="pUserSid">A pointer to the Sid of the identity to check.</param>
/// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
/// <returns>An array of access masks.</returns>
public virtual uint[] GetEffectivePermission(PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
var mask = pUserSid.GetEffectiveRights(pSecurityDescriptor);
return(new[] { mask });
}
/// <summary>
/// Gets the effective permissions for the provided Sid within the Security Descriptor.
/// Called only when an object type identifier is specified.
/// </summary>
/// <param name="objTypeId">The object type identifier.</param>
/// <param name="pUserSid">A pointer to the Sid of the identity to check.</param>
/// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
/// <param name="objectTypeList">The object type list.</param>
/// <param name="grantedAccessList">An array of access masks.</param>
/// <returns></returns>
/// <exception cref="System.NotImplementedException"></exception>
public virtual HRESULT GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList, out uint[] grantedAccessList)
{
objectTypeList = null;
grantedAccessList = null;
return(HRESULT.E_NOTIMPL);
}
public static string ConvertSecurityDescriptorToStringSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, SECURITY_INFORMATION SecurityInformation) => ConvertSecurityDescriptorToStringSecurityDescriptor(SecurityDescriptor, SDDL_REVISION.SDDL_REVISION_1, SecurityInformation, out var sd, out var sz) ? sd.ToString(-1) : throw new Win32Exception();
public static extern bool ConvertSecurityDescriptorToStringSecurityDescriptor(PSECURITY_DESCRIPTOR SecurityDescriptor, SDDL_REVISION RequestedStringSDRevision,
SECURITY_INFORMATION SecurityInformation, out SafeLocalHandle StringSecurityDescriptor, out uint StringSecurityDescriptorLen);
internal static extern DWORD GetSecurityInfo(
SafeFileHandle handle,
ObjectType objectType,
SecurityInformationClass infoClass,
PSID owner,
PSID group,
PACL dacl,
PACL sacl,
out PSECURITY_DESCRIPTOR securityDescriptor);
/// <summary>Converts a PSECURITY_DESCRIPTOR to a managed RawSecurityDescriptor.</summary> /// <param name="securityDescriptor">The security descriptor.</param> /// <returns>The RawSecurityDescriptor.</returns> public static RawSecurityDescriptor ToManaged(this PSECURITY_DESCRIPTOR securityDescriptor) => new RawSecurityDescriptor(securityDescriptor.ToByteArray(), 0);
internal static extern bool AuthzAccessCheck(
AuthzACFlags flags,
AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
ref AUTHZ_ACCESS_REQUEST pRequest,
AUTHZ_AUDIT_EVENT_HANDLE AuditEvent,
byte[] rawSecurityDescriptor,
PSECURITY_DESCRIPTOR[] OptionalSecurityDescriptorArray,
DWORD OptionalSecurityDescriptorCount,
ref AUTHZ_ACCESS_REPLY pReply,
AUTHZ_ACCESS_CHECK_RESULTS_HANDLE cachedResults);
public static extern BOOL SetUserObjectSecurity(
HANDLE hObj,
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR SecurityDescriptor
);
public static byte[] ConvertSecurityDescriptorToByteArray(PSECURITY_DESCRIPTOR securityDescriptor)
{
DWORD sdLength = NativeMethods.GetSecurityDescriptorLength(securityDescriptor);
byte[] buffer = new byte[sdLength];
Marshal.Copy(securityDescriptor, buffer, 0, (int)sdLength);
return buffer;
}
public static extern BOOL GetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR pSecurityDescriptor, out BOOL lpbSaclPresent, ref PACL pSacl, // By ref, because if "present" == false, value is unchanged out BOOL lpbSaclDefaulted );
public static extern BOOL GetFileSecurity( LPCTSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, out DWORD lpnLengthNeeded );
public static extern BOOL SetSecurityDescriptorDacl(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
BOOL bDaclPresent,
PACL pDacl,
BOOL bDaclDefaulted
);
public static extern DWORD GetSecurityDescriptorLength(
PSECURITY_DESCRIPTOR pSecurityDescriptor
);
public static extern BOOL GetSecurityDescriptorSacl(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
out BOOL lpbSaclPresent,
ref PACL pSacl, // By ref, because if "present" == false, value is unchanged
out BOOL lpbSaclDefaulted
);
public static extern BOOL SetKernelObjectSecurity(
HANDLE Handle,
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR SecurityDescriptor
);
public static extern BOOL GetSecurityDescriptorControl(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
out SECURITY_DESCRIPTOR_CONTROL pControl,
out DWORD lpdwRevision
);
public static extern BOOL SetSecurityDescriptorOwner(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID pOwner,
BOOL bOwnerDefaulted
);
public static extern LONG RegGetKeySecurity(
HKEY hKey, // handle to key
SECURITY_INFORMATION SecurityInformation, // request
PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD
ref DWORD lpcbSecurityDescriptor // buffer size
);
public static extern DWORD GetNamedSecurityInfo( LPCTSTR pObjectName, //REVIEW: Why is it documented as LPTSTR SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, ref PSID ppsidOwner, ref PSID ppsidGroup, ref PACL ppDacl, ref PACL ppSacl, ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
/// <summary>Converts a security descriptor to its SDDL string format.</summary> /// <param name="pSD">The security descriptor.</param> /// <param name="si">The elements of the security descriptor to return.</param> /// <returns>The SDDL string representation of the security descriptor.</returns> public static string ToSddl(this PSECURITY_DESCRIPTOR pSD, SECURITY_INFORMATION si) => ConvertSecurityDescriptorToStringSecurityDescriptor(pSD, si);
public static extern BOOL SetSecurityDescriptorSacl( PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bSaclPresent, PACL pSacl, BOOL bSaclDefaulted );
public static extern DWORD GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, ref PSID ppsidOwner, ref PSID ppsidGroup, ref PACL ppDacl, ref PACL ppSacl, ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
public static extern BOOL SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, BOOL bOwnerDefaulted );
public static extern BOOL SetSecurityDescriptorGroup( PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup, BOOL bGroupDefaulted );
public static extern BOOL SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor, SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet );
public static extern BOOL SetSecurityDescriptorControl(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet
);
/// <summary>
/// Gets the effective permissions for the provided Sid within the Security Descriptor.
/// </summary>
/// <param name="pUserSid">A pointer to the Sid of the identity to check.</param>
/// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
/// <returns>An array of access masks.</returns>
public virtual ACCESS_MASK[] GetEffectivePermission(PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
ACCESS_MASK mask = pSecurityDescriptor.GetEffectiveRights(pUserSid);
return(new[] { mask });
}
public static extern BOOL MakeSelfRelativeSD( PSECURITY_DESCRIPTOR pAbsoluteSD, PSECURITY_DESCRIPTOR pSelfRelativeSD, ref DWORD lpdwBufferLength );
public static extern BOOL SetFileSecurity(
LPCTSTR lpFileName, // file name
SECURITY_INFORMATION SecurityInformation, // contents
PSECURITY_DESCRIPTOR pSecurityDescriptor // SD
);
public static extern BOOL SetSecurityDescriptorGroup(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
PSID pGroup,
BOOL bGroupDefaulted
);
public static extern LONG RegGetKeySecurity(
HKEY hKey, // handle to key
SECURITY_INFORMATION SecurityInformation, // request
PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD
ref DWORD lpcbSecurityDescriptor // buffer size
);
public static extern BOOL SetFileSecurity(
LPCTSTR lpFileName, // file name
SECURITY_INFORMATION SecurityInformation, // contents
PSECURITY_DESCRIPTOR pSecurityDescriptor // SD
);
public static extern LONG RegSetKeySecurity(
HKEY hKey,
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR pSecurityDescriptor
);
public static extern LONG RegSetKeySecurity(
HKEY hKey,
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR pSecurityDescriptor
);
public static extern BOOL GetKernelObjectSecurity( HANDLE Handle, // handle to object SECURITY_INFORMATION RequestedInformation, // request PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD DWORD nLength, // size of SD out DWORD lpnLengthNeeded // required size of buffer );
public static extern BOOL InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision);
public static extern BOOL SetKernelObjectSecurity( HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor );
public static extern BOOL GetSecurityDescriptorGroup(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
out PSID pGroup,
out BOOL lpbGroupDefaulted
);
/// <summary>Determines whether the security descriptor is self-relative.</summary> /// <param name="pSD">The pointer to the SECURITY_DESCRIPTOR structure to query.</param> /// <returns><c>true</c> if it is self-relative; otherwise, <c>false</c>.</returns> public static bool IsSelfRelative(this PSECURITY_DESCRIPTOR pSD) => GetSecurityDescriptorControl(pSD, out var ctrl, out _) ? ctrl.IsFlagSet(SECURITY_DESCRIPTOR_CONTROL.SE_SELF_RELATIVE) : throw Win32Error.GetLastError().GetException();
public static extern BOOL GetSecurityDescriptorOwner(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
out PSID pOwner,
out BOOL lpbOwnerDefaulted
);
/// <summary>Determines whether the components of a security descriptor are valid.</summary> /// <param name="pSD">The pointer to the SECURITY_DESCRIPTOR structure to query.</param> /// <returns> /// <c>true</c> if the components of the security descriptor are valid. If any of the components of the security descriptor are not /// valid, the return value is <c>false</c>. /// </returns> public static bool IsValidSecurityDescriptor(this PSECURITY_DESCRIPTOR pSD) => AdvApi32.IsValidSecurityDescriptor(pSD);
public static extern BOOL MakeSelfRelativeSD(
PSECURITY_DESCRIPTOR pAbsoluteSD,
PSECURITY_DESCRIPTOR pSelfRelativeSD,
ref DWORD lpdwBufferLength
);
/// <summary>Gets the size, in bytes, of a security descriptor. If it is not valid, 0 is returned.</summary> /// <param name="pSD">The pointer to the SECURITY_DESCRIPTOR structure to query.</param> /// <returns>The size, in bytes, of a security descriptor. If it is not valid, 0 is returned.</returns> public static uint Length(this PSECURITY_DESCRIPTOR pSD) => IsValidSecurityDescriptor(pSD) ? GetSecurityDescriptorLength(pSD) : 0U;
/// <summary>
/// Gets the effective permissions for the provided Sid within the Security Descriptor.
/// Called only when an object type identifier is specified.
/// </summary>
/// <param name="objTypeId">The object type identifier.</param>
/// <param name="pUserSid">A pointer to the Sid of the identity to check.</param>
/// <param name="serverName">Name of the server. This can be <c>null</c>.</param>
/// <param name="pSecurityDescriptor">A pointer to the security descriptor.</param>
/// <param name="objectTypeList">The object type list.</param>
/// <returns>An array of access masks.</returns>
/// <exception cref="System.NotImplementedException"></exception>
public virtual uint[] GetEffectivePermission(Guid objTypeId, PSID pUserSid, string serverName, PSECURITY_DESCRIPTOR pSecurityDescriptor, out OBJECT_TYPE_LIST[] objectTypeList)
{
throw new NotImplementedException();
}
public static extern BOOL MakeAbsoluteSD( PSECURITY_DESCRIPTOR pSelfRelativeSD, PSECURITY_DESCRIPTOR pAbsoluteSD, ref DWORD lpdwAbsoluteSDSize, PACL pDacl, ref DWORD lpdwDaclSize, PACL pSacl, ref DWORD lpdwSaclSize, PSID pOwner, ref DWORD lpdwOwnerSize, PSID pPrimaryGroup, ref DWORD lpdwPrimaryGroupSize );
