//
// Modifies the SACL
//
private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified)
{
bool result = true;
if (SecurityDescriptor.SystemAcl == null)
{
if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return(result);
}
//_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1);
//_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent);
SecurityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1);
}
else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) &&
(rule.ObjectFlags != ObjectAceFlags.None))
{
//
// This will result in an object ace being added to the sacl, so the sacl revision must be AclRevisionDS
//
if (SecurityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS)
{
//
// we need to create a new sacl with the same aces as the existing one but the revision should be AclRevisionDS
//
byte[] binaryForm = new byte[SecurityDescriptor.SystemAcl.BinaryLength];
SecurityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form
SecurityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0));
}
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
switch (modification)
{
case AccessControlModification.Add:
//_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.SystemAcl.AddAudit(sid, rule);
break;
case AccessControlModification.Set:
//_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.SystemAcl.SetAudit(sid, rule);
break;
case AccessControlModification.Reset:
SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
//_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.SystemAcl.SetAudit(sid, rule);
break;
case AccessControlModification.Remove:
//result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
result = SecurityDescriptor.SystemAcl.RemoveAudit(sid, rule);
break;
case AccessControlModification.RemoveAll:
result = SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
throw new InvalidOperationException(SR.InvalidOperation_RemoveFail);
}
break;
case AccessControlModification.RemoveSpecific:
//_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule);
break;
default:
throw new ArgumentOutOfRangeException(
nameof(modification),
SR.ArgumentOutOfRange_Enum);
}
modified = result;
AuditRulesModified |= modified;
return(result);
}