/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { if (SecurityDescriptor == null) { SecurityDescriptor = new SecurityDescriptor(); if (SecurityInformation.HasFlag(SecurityInformation.Dacl)) { SecurityDescriptor.Dacl = new Acl(); } if (SecurityInformation.HasFlag(SecurityInformation.Sacl)) { SecurityDescriptor.Sacl = new Acl(); } } bool do_callback = ShowProgress || PassThru; TreeProgressFunction fn = ProgressFunction; NtStatus status = Win32Security.ResetSecurityInfo(Name, Type, SecurityInformation, SecurityDescriptor, do_callback ? fn : null, ShowProgress ? ProgressInvokeSetting.PrePostError : ProgressInvokeSetting.EveryObject, KeepExplicit, !PassThru); if (!PassThru) { status.ToNtException(); } }
internal SecurityDescriptorInheritanceSource( Ace ace, INHERITED_FROM inherited_from, SeObjectType type, NtType native_type, bool container, bool query_security, bool sacl) { InheritedAce = ace; if (native_type != null) { Access = NtSecurity.AccessMaskToString(ace.Mask, container ? native_type.ContainerAccessRightsType : native_type.AccessRightsType, native_type.GenericMapping, false); GenericAccess = NtSecurity.AccessMaskToString(ace.Mask, container ? native_type.ContainerAccessRightsType : native_type.AccessRightsType, native_type.GenericMapping, true); } else { Access = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess()); GenericAccess = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess()); } Depth = inherited_from.GenerationGap; Name = Marshal.PtrToStringUni(inherited_from.AncestorName); if (query_security && Name != null) { SecurityInformation sec_info = sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl; var sd = Win32Security.GetSecurityInfo(Name, type, sec_info, false); if (sd.IsSuccess) { SecurityDescriptor = sd.Result; } } }
/// <summary> /// Checks to see if a path can become an iFolder. /// </summary> /// <param name="path">The path that is tested.</param> /// <returns>The method returns <b>true</b> if the specified path can become an ifolder; otherwise, <b>false</b>.</returns> public bool CanBeiFolder([MarshalAs(UnmanagedType.LPWStr)] string path) { try { // Make sure the user has read/write access to the directory. if (Win32Security.AccessAllowed(path)) { connectToWebService(); if (ifWebService != null) { return(ifWebService.CanBeiFolder(path)); } } } catch (WebException e) { ifWebService = null; if (e.Status == WebExceptionStatus.ProtocolError) { LocalService.ClearCredentials(); } } catch (Exception e) { System.Diagnostics.Debug.WriteLine("Caught exception - " + e.Message); } return(false); }
private static void AllowFileAccess(AppContainerProfile container, string folder, FileAccessRights accessRights) { var securityInfo = Win32Security.GetSecurityInfo( folder, SeObjectType.File, SecurityInformation.Dacl); var existingAce = securityInfo.Dacl.FirstOrDefault(d => d.Sid == container.Sid); if (existingAce is not null && existingAce.Type == AceType.Allowed && existingAce.Mask == accessRights && existingAce.Flags == (AceFlags.ContainerInherit | AceFlags.ObjectInherit)) { // Ace already exists. return; } var ace = new Ace( AceType.Allowed, AceFlags.ContainerInherit | AceFlags.ObjectInherit, accessRights, container.Sid); securityInfo.AddAce(ace); Win32Security.SetSecurityInfo( folder, SeObjectType.File, SecurityInformation.Dacl, securityInfo, true); }
private void SetNamedSecurityInfo() { bool do_callback = ShowProgress || PassThru; if (Type == SeObjectType.Service) { SecurityInformation &= SecurityInformation.Owner | SecurityInformation.Group | SecurityInformation.Dacl | SecurityInformation.Label | SecurityInformation.Sacl; } string path = Name; if (Type == SeObjectType.File) { path = PSUtils.ResolveWin32Path(SessionState, path, false); } if (do_callback || Action != TreeSecInfo.Set) { TreeProgressFunction fn = ProgressFunction; NtStatus status = Win32Security.SetSecurityInfo(path, Type, SecurityInformation, SecurityDescriptor, Action, do_callback ? fn : null, ShowProgress ? ProgressInvokeSetting.PrePostError : ProgressInvokeSetting.EveryObject, !PassThru); if (!PassThru) { status.ToNtException(); } } else { Win32Security.SetSecurityInfo(path, Type, SecurityInformation, SecurityDescriptor); } }
/// <summary> /// Abstract method to get the NT type for the access check. /// </summary> /// <returns>The NT type.</returns> protected override NtType GetNtType() { if (Type == SeObjectType.Printer) { return(PrintSpoolerUtils.GetTypeForPath(Name)); } return(Win32Security.GetNativeType(Type)); }
internal AccountRight(string system_name, string name, List <Sid> cached_sids) { Name = name; _display_name = new Lazy <string>(() => Win32Security.LookupPrivilegeDisplayName(system_name, name)); _cached_sids = cached_sids; _sids = new Lazy <List <Sid> >(() => GetSids(system_name, name, false).GetResultOrDefault(new List <Sid>())); _system_name = system_name; }
private GenericMapping GetGenericMapping() { if (GenericMapping.HasValue) { return(GenericMapping.Value); } return(Win32Security.GetNativeType(Type)?.GenericMapping ?? throw new ArgumentException("Must specify a Generic Mapping for the type")); }
/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { if (SecurityDescriptor == null) { SecurityDescriptor = Win32Security.GetSecurityInfo(Name, Type, Sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl); } WriteObject(Win32Security.GetInheritanceSource(Name, Type, IsContainer(), ObjectType, SecurityDescriptor, Sacl, GetGenericMapping(), QuerySecurity), true); }
/// <summary> /// Abstract method to get the security descriptor for access checking. /// </summary> /// <returns>The security descriptor.</returns> protected override SecurityDescriptor GetSecurityDescriptor() { SecurityInformation security_info = SecurityInformation.AllBasic; if (Type == SeObjectType.Service) { security_info = SecurityInformation.Owner | SecurityInformation.Group | SecurityInformation.Dacl | SecurityInformation.Label | SecurityInformation.Sacl; } return(Win32Security.GetSecurityInfo(GetPath(), Type, security_info)); }
private void GetServiceToken(string name) { try { IEnumerable <UserGroup> groups = GetServiceSids(); TokenForm.OpenForm(Win32Security.LsaLogonUser(name, "NT AUTHORITY", null, SecurityLogonType.Service, Logon32Provider.Default, groups), "Service", false); } catch (Exception ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
private void btnTestS4U_Click(object sender, EventArgs e) { try { SecurityLogonType logon_type = (SecurityLogonType)comboBoxS4ULogonType.SelectedItem; if (radioLUNormal.Checked) { SecureString str = new SecureString(); foreach (var ch in txtLUPassword.Text) { str.AppendChar(ch); } switch (logon_type) { case SecurityLogonType.Batch: case SecurityLogonType.Interactive: case SecurityLogonType.Network: case SecurityLogonType.NetworkCleartext: case SecurityLogonType.NewCredentials: case SecurityLogonType.Service: break; default: throw new ArgumentException("Invalid logon type for Logon"); } using (NtToken token = Win32Security.LsaLogonUser(txtS4UUserName.Text, txtS4URealm.Text, str, logon_type, Logon32Provider.Default)) { TokenForm.OpenForm(token, "LogonUser", true); } } else { using (NtToken token = TokenUtils.GetLogonS4UToken(txtS4UUserName.Text, txtS4URealm.Text, logon_type)) { TokenForm.OpenForm(token, "S4U", true); } } } catch (Exception ex) { MessageBox.Show(this, ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { switch (ParameterSetName) { case "FromName": SetNamedSecurityInfo(); break; case "FromObject": Win32Security.SetSecurityInfo(Object, Type, SecurityInformation, SecurityDescriptor); break; case "FromHandle": Win32Security.SetSecurityInfo(Handle, Type, SecurityInformation, SecurityDescriptor); break; } }
private NtToken GetLogonToken(TokenAccessRights desired_access, string user, string domain, SecureString password, SecurityLogonType logon_type) { IEnumerable <UserGroup> groups = null; if (AdditionalGroup != null && AdditionalGroup.Length > 0) { groups = AdditionalGroup.Select(s => new UserGroup(s, GetAttributes(s))); } using (NtToken token = Win32Security.LsaLogonUser(user, domain, password, logon_type, LogonProvider, groups)) { if (desired_access == TokenAccessRights.MaximumAllowed) { return(token.Duplicate()); } return(token.Duplicate(desired_access)); } }
private void SetNamedSecurityInfo() { bool do_callback = ShowProgress || PassThru; if (do_callback || Action != TreeSecInfo.Set) { TreeProgressFunction fn = ProgressFunction; NtStatus status = Win32Security.SetSecurityInfo(Name, Type, SecurityInformation, SecurityDescriptor, Action, do_callback ? fn : null, ShowProgress ? ProgressInvokeSetting.PrePostError : ProgressInvokeSetting.EveryObject, !PassThru); if (!PassThru) { status.ToNtException(); } } else { Win32Security.SetSecurityInfo(Name, Type, SecurityInformation, SecurityDescriptor); } }
/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { SecurityDescriptor sd = null; switch (ParameterSetName) { case "FromName": string path = Name; if (Type == SeObjectType.File) { path = PSUtils.ResolveWin32Path(SessionState, Name, false); } if (Type == SeObjectType.Service) { SecurityInformation &= SecurityInformation.Owner | SecurityInformation.Group | SecurityInformation.Dacl | SecurityInformation.Label; if (Name == ".") { sd = ServiceUtils.GetScmSecurityDescriptor(SecurityInformation); break; } } sd = Win32Security.GetSecurityInfo(path, Type, SecurityInformation); break; case "FromObject": sd = Win32Security.GetSecurityInfo(Object.Handle, Type, SecurityInformation); break; case "FromHandle": sd = Win32Security.GetSecurityInfo(Handle, Type, SecurityInformation); break; } if (sd != null) { WriteObject(sd); } }
/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { SecurityDescriptor sd = null; switch (ParameterSetName) { case "FromName": sd = Win32Security.GetSecurityInfo(Name, Type, SecurityInformation); break; case "FromObject": sd = Win32Security.GetSecurityInfo(Object.Handle, Type, SecurityInformation); break; case "FromHandle": sd = Win32Security.GetSecurityInfo(Handle, Type, SecurityInformation); break; } if (sd != null) { WriteObject(sd); } }
private static NtToken GetSystemToken() { NtToken.EnableDebugPrivilege(); using (var ps = NtProcess.GetProcesses(ProcessAccessRights.QueryLimitedInformation).ToDisposableList()) { Sid local_system = KnownSids.LocalSystem; foreach (var p in ps) { using (var result = NtToken.OpenProcessToken(p, TokenAccessRights.Query | TokenAccessRights.Duplicate, false)) { if (!result.IsSuccess) { continue; } var token = result.Result; if (token.User.Sid == local_system && !token.Filtered && token.GetPrivilege(TokenPrivilegeValue.SeTcbPrivilege) != null && token.IntegrityLevel == TokenIntegrityLevel.System) { using (var imp_token = token.DuplicateToken(SecurityImpersonationLevel.Impersonation)) { if (imp_token.SetPrivilege(TokenPrivilegeValue.SeTcbPrivilege, PrivilegeAttributes.Enabled)) { using (imp_token.Impersonate()) { return(Win32Security.LsaLogonUser("SYSTEM", "NT AUTHORITY", null, SecurityLogonType.Service, Logon32Provider.Default, false).GetResultOrDefault()); } } } } } } } return(null); }
public static NtResult <NtToken> Logon(string user, string domain, string password, SecurityLogonType type, Logon32Provider provider, IEnumerable <UserGroup> groups, bool throw_on_error) { return(Win32Security.LsaLogonUser(user, domain, password.ToSecureString(), type, provider, groups, throw_on_error)); }
/// <summary> /// Function to resolve the conflict /// </summary> /// <param name="localCopy"></param> private void enhancedConflictResolve(bool localCopy) { string path = null; foreach (ListViewItem lvi in conflictsView.SelectedItems) { Conflicts conflicts = (Conflicts)lvi.Tag; if (!conflicts.ServerConflict.IsNameConflict) { try { // Display a warning and return if the user has not specified the conflict bin path if (conflictBinEnable.Checked) { if (pathTxtBox.Text == "") { MyMessageBox mmb = new MyMessageBox(resources.GetString("emptyConflictBinMsg"), resources.GetString("emptyConflictBinTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); return; } path = pathTxtBox.Text; if (!path.EndsWith(resources.GetString("pathSeparator"))) { path = path + resources.GetString("pathSeparator"); } if (!Directory.Exists(path)) { try { Directory.CreateDirectory(path); } catch { MyMessageBox mmb = new MyMessageBox(resources.GetString("invalidConflictBinMsg"), resources.GetString("invalidConflictBinTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); return; } } // Check to make sure the user has rights to this directory. if (!Win32Security.AccessAllowed(path)) { MyMessageBox mmb = new MyMessageBox(resources.GetString("accessDenied"), resources.GetString("accessDeniedTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); return; } else { ifWebService.ResolveEnhancedFileConflict(ifolder.ID, conflicts.ServerConflict.ConflictID, localCopy, path); } //ifWebService.ResolveEnhancedFileConflict(ifolder.ID, conflicts.ServerConflict.ConflictID, localCopy, path); } else { ifWebService.ResolveEnhancedFileConflict(ifolder.ID, conflicts.ServerConflict.ConflictID, localCopy, string.Empty); } lvi.Remove(); } catch (Exception ex) { MyMessageBox mmb = new MyMessageBox(conflictErrorMsg, conflictErrorTitle, ex.Message, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); } } } if (conflictsView.Items.Count == 0) { // If all the conflicts have been resolved, fire the ConflictsResolved event. InvokeConflictResolvedEvent(this, new EventArgs()); } }
/// <summary> /// Event Handler for OK button click /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void ok_Click(object sender, System.EventArgs e) { successful = true; if (GetDriveType(Path.GetPathRoot(iFolderLocation.Text)) == DRIVE_FIXED) { if (!Directory.Exists(iFolderLocation.Text)) { // If a leaf node is specified, the directory will be created // under the current working directory ... display this path. bool parentExists = false; string parent = Path.GetDirectoryName(iFolderLocation.Text); while ((parent != null) && !parent.Equals(string.Empty)) { if (Directory.Exists(parent)) { iFolderLocation.Text = iFolderLocation.Text.Replace(parent, CreateiFolder.FixPath(parent)); parentExists = true; break; } parent = Path.GetDirectoryName(parent); } if (!parentExists) { iFolderLocation.Text = Path.Combine(Environment.CurrentDirectory, iFolderLocation.Text); } // The directory doesn't exist ... if (MessageBox.Show(resourceManager.GetString("createDirectoryMessage"), resourceManager.GetString("createDirectoryTitle"), MessageBoxButtons.YesNo, MessageBoxIcon.Question, MessageBoxDefaultButton.Button1) == DialogResult.Yes) { // Create the directory. try { Directory.CreateDirectory(iFolderLocation.Text); } catch (Exception ex) { MyMessageBox mmb = new MyMessageBox(resourceManager.GetString("createDirectoryError"), string.Empty, ex.Message, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); iFolderLocation.Focus(); successful = false; } } else { iFolderLocation.Focus(); successful = false; } } if (successful) { // Check to make sure the user has rights to this directory. if (Win32Security.AccessAllowed(iFolderLocation.Text)) { try { // Display wait cursor. Cursor = Cursors.WaitCursor; // Accept the invitation. ifWebService.AcceptiFolderInvitation(ifolder.DomainID, ifolder.ID, iFolderLocation.Text); Cursor = Cursors.Default; } catch (Exception ex) { Cursor = Cursors.Default; MyMessageBox mmb; if (ex.Message.IndexOf("PathExists") != -1) { mmb = new MyMessageBox(resourceManager.GetString("pathExistsError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); iFolderLocation.Focus(); } else if (ex.Message.IndexOf("AtOrInsideStorePath") != -1) { mmb = new MyMessageBox(resourceManager.GetString("pathInStoreError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); iFolderLocation.Focus(); } else if (ex.Message.IndexOf("AtOrInsideCollectionPath") != -1) { mmb = new MyMessageBox(resourceManager.GetString("pathIniFolderError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); iFolderLocation.Focus(); } else if (ex.Message.IndexOf("IncludesWinDirPath") != -1) { mmb = new MyMessageBox(resourceManager.GetString("pathIncludesWinDirError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); iFolderLocation.Focus(); } else if (ex.Message.IndexOf("IncludesProgFilesPath") != -1) { mmb = new MyMessageBox(resourceManager.GetString("pathIncludesProgFilesDirError"), resourceManager.GetString("pathInvalidErrorTitle"), string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); iFolderLocation.Focus(); } else { mmb = new MyMessageBox(resourceManager.GetString("acceptError"), string.Empty, ex.Message, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); } successful = false; } } else { successful = false; MyMessageBox mmb = new MyMessageBox(resourceManager.GetString("accessDenied"), string.Empty, string.Empty, MyMessageBoxButtons.OK, MyMessageBoxIcon.Error); mmb.ShowDialog(); } } } else { MessageBox.Show(resourceManager.GetString("networkPath"), resourceManager.GetString("pathInvalidErrorTitle")); iFolderLocation.Focus(); successful = false; } }