public static uint ApiGetNamedSecurityInfo(
            string objectName,
            SecurityDescriptorApi.SE_OBJECT_TYPE object_type,
            out SecurityDescriptorApi.SECURITY_DESCRIPTOR pSECURITY_DESCRIPTOR)
        {
            Logger.Log(string.Format("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo(objectName={0}", objectName), Logger.SecurityDescriptorLogLevel);

            IntPtr pZero               = IntPtr.Zero;
            IntPtr pSidOwner           = pZero;
            IntPtr pSidGroup           = pZero;
            IntPtr pDacl               = pZero;
            IntPtr pSacl               = pZero;
            IntPtr pSecurityDescriptor = pZero;
            uint   errorReturn         = 0;

            pSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();

            try
            {
                errorReturn = SecurityDescriptorApi.GetNamedSecurityInfo(
                    objectName,
                    object_type,
                    SecurityDescriptorApi.SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION |
                    SecurityDescriptorApi.SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION |
                    SecurityDescriptorApi.SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
                    out pSidOwner,
                    out pSidGroup,
                    out pDacl,
                    out pSacl,
                    out pSecurityDescriptor);

                if (errorReturn != 0)
                {
                    Console.WriteLine("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo() errorReturn: {0} ", errorReturn);
                    return(errorReturn);
                }

                if (pSecurityDescriptor != IntPtr.Zero)
                {
                    pSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();
                    pSECURITY_DESCRIPTOR = (SecurityDescriptorApi.SECURITY_DESCRIPTOR)Marshal.PtrToStructure(pSecurityDescriptor, typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));
                }
            }
            catch (Exception ex)
            {
                Logger.LogException(string.Format("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo(objectName={0}", objectName), ex);
            }

            return(errorReturn);
        }
        public static uint ApiGetNamedSecurityInfo(
                                    string objectName,
                                    SecurityDescriptorApi.SE_OBJECT_TYPE object_type,
                                    out SecurityDescriptorApi.SECURITY_DESCRIPTOR pSECURITY_DESCRIPTOR)
        {
            Logger.Log(string.Format("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo(objectName={0}", objectName), Logger.SecurityDescriptorLogLevel);

            IntPtr pZero = IntPtr.Zero;
            IntPtr pSidOwner = pZero;
            IntPtr pSidGroup = pZero;
            IntPtr pDacl = pZero;
            IntPtr pSacl = pZero;
            IntPtr pSecurityDescriptor = pZero;
            uint errorReturn = 0;
            pSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();

            try
            {
                errorReturn = SecurityDescriptorApi.GetNamedSecurityInfo(
                                    objectName,
                                    object_type,
                                    SecurityDescriptorApi.SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION |
                                    SecurityDescriptorApi.SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION |
                                    SecurityDescriptorApi.SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
                                    out pSidOwner,
                                    out pSidGroup,
                                    out pDacl,
                                    out pSacl,
                                    out pSecurityDescriptor);

                if (errorReturn != 0)
                {
                    Console.WriteLine("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo() errorReturn: {0} ", errorReturn);
                    return errorReturn;
                }

                if (pSecurityDescriptor != IntPtr.Zero)
                {
                    pSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();
                    pSECURITY_DESCRIPTOR = (SecurityDescriptorApi.SECURITY_DESCRIPTOR)Marshal.PtrToStructure(pSecurityDescriptor, typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));
                }
            }
            catch (Exception ex)
            {
                Logger.LogException(string.Format("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo(objectName={0}", objectName), ex);
            }

            return errorReturn;
        }
        public static uint ReadSecurityDescriptor(
                                IntPtr pSECURITY_DESCRIPTOR,
                                ref SecurityDescriptor ObjSecurityDescriptor)
        {
            Logger.Log(string.Format("SecurityDescriptorWrapper.ReadSecurityDescriptor()"), Logger.SecurityDescriptorLogLevel);

            Dictionary<string, List<LwAccessControlEntry>> SdDacls = null;
            IntPtr ptrSid;
            uint errorReturn = 0;
            bool bRet = false;
            ObjSecurityDescriptor = new SecurityDescriptor();
            ObjSecurityDescriptor.InitailizeToNull();

            SecurityDescriptorApi.SECURITY_DESCRIPTOR sSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();

            try
            {
                if (pSECURITY_DESCRIPTOR != IntPtr.Zero)
                {
                    SdDacls = new Dictionary<string, List<LwAccessControlEntry>>();
                    IntPtr pDaclOffset;
                    bool lpbDaclPresent = false;
                    bool lpbDaclDefaulted = false;

                    bRet = SecurityDescriptorApi.GetSecurityDescriptorDacl(pSECURITY_DESCRIPTOR, out lpbDaclPresent, out pDaclOffset, out lpbDaclDefaulted);
                    Logger.Log("SecurityDescriptorApi.GetSecurityDescriptorDacl iRet value", Logger.SecurityDescriptorLogLevel);

                    SecurityDescriptorApi.ACL_SIZE_INFORMATION AclSize = new SecurityDescriptorApi.ACL_SIZE_INFORMATION();
                    SecurityDescriptorApi.GetAclInformation(pDaclOffset, AclSize,
                                    ((uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.ACL_SIZE_INFORMATION))),
                                    SecurityDescriptorApi.ACL_INFORMATION_CLASS.AclSizeInformation);

                    if (pDaclOffset != IntPtr.Zero)
                    {
                        SdDacls = new Dictionary<string, List<LwAccessControlEntry>>();
                        List<LwAccessControlEntry> daclInfo = new List<LwAccessControlEntry>();
                        for (int idx = 0; idx < AclSize.AceCount; idx++)
                        {
                            IntPtr pAce;
                            string sUsername, sDomain;

                            int err = SecurityDescriptorApi.GetAce(pDaclOffset, idx, out pAce);
                            SecurityDescriptorApi.ACCESS_ALLOWED_ACE ace = (SecurityDescriptorApi.ACCESS_ALLOWED_ACE)Marshal.PtrToStructure(pAce, typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE));

                            IntPtr iter = (IntPtr)((int)pAce + (int)Marshal.OffsetOf(typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE), "SidStart"));
                            string strSID = GetObjectStringSid(iter);

                            //Commented this, to use it in feature
                            //IntPtr pTrustee = IntPtr.Zero;
                            //SecurityDescriptorApi.BuildTrusteeWithSid(out pTrustee, ptrSid);
                            //SecurityDescriptorApi.TRUSTEE trustee = new SecurityDescriptorApi.TRUSTEE();
                            //Marshal.PtrToStructure(pTrustee, trustee);

                            GetObjectLookUpName(iter, out sUsername, out sDomain);
                            if (String.IsNullOrEmpty(sUsername))
                                sUsername = strSID;

                            Logger.Log("Trustee = " + sUsername, Logger.SecurityDescriptorLogLevel);
                            Logger.Log(string.Format("SID={0} : AceType={1}/ AceMask={2}/ AceFlags={3}",
                                                strSID,
                                                ace.Header.AceType.ToString(),
                                                ace.Mask.ToString(),
                                                ace.Header.AceFlags.ToString()), Logger.SecurityDescriptorLogLevel);

                            LwAccessControlEntry Ace = new LwAccessControlEntry();
                            Ace.Username = sUsername + "(" + sUsername + "@" + sDomain + ")";
                            Ace.SID = strSID;
                            Ace.AceType = Convert.ToInt32(ace.Header.AceType);
                            Ace.AccessMask = ace.Mask.ToString();
                            Ace.AceFlags = Convert.ToInt32(ace.Header.AceFlags.ToString());
                            Ace.AceSize = Convert.ToInt32(ace.Header.AceSize.ToString());

                            daclInfo.Add(Ace);
                        }
                        if (daclInfo != null && daclInfo.Count != 0)
                        {
                            List<LwAccessControlEntry> objectDacl = new List<LwAccessControlEntry>();
                            foreach (LwAccessControlEntry Ace in daclInfo)
                            {
                                if (!SdDacls.ContainsKey(Ace.Username))
                                {
                                    objectDacl = new List<LwAccessControlEntry>();
                                    objectDacl.Add(Ace);
                                    SdDacls.Add(Ace.Username, objectDacl);
                                }
                                else
                                {
                                    objectDacl = SdDacls[Ace.Username];
                                    objectDacl.Add(Ace);
                                    SdDacls[Ace.Username] = objectDacl;
                                }
                            }
                        }
                        ObjSecurityDescriptor.Descretionary_Access_Control_List = SdDacls;
                    }
                    else
                    {
                        ObjSecurityDescriptor.Descretionary_Access_Control_List = null;
                        ObjSecurityDescriptor.IsAccessDenied = true;
                    }

                    sSECURITY_DESCRIPTOR = (SecurityDescriptorApi.SECURITY_DESCRIPTOR)Marshal.PtrToStructure(pSECURITY_DESCRIPTOR, typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));

                    //Get Security Descriptor Control
                    uint dwRevision;
                    SecurityDescriptorApi.SECURITY_DESCRIPTOR_CONTROL pControl;
                    SecurityDescriptorApi.GetSecurityDescriptorControl(pSECURITY_DESCRIPTOR, out pControl, out dwRevision);
                    ObjSecurityDescriptor.Control = (uint)pControl;
                    ObjSecurityDescriptor.Revision = dwRevision;

                    //Get Security Descriptor Owner
                    bool lpbOwnerDefaulted = false;
                    ptrSid = IntPtr.Zero;
                    bRet = SecurityDescriptorApi.GetSecurityDescriptorOwner(pSECURITY_DESCRIPTOR, out ptrSid, out lpbOwnerDefaulted);
                    Logger.Log("SecurityDescriptorApi.GetSecurityDescriptorOwner iRet value: " + Marshal.GetLastWin32Error());
                    ObjSecurityDescriptor.Owner = GetObjectStringSid(ptrSid);
                    SecurityDescriptorApi.FreeSid(ptrSid);

                    //Get Security Descriptor Group
                    bool lpbGroupDefaulted = false;
                    ptrSid = IntPtr.Zero;
                    bRet = SecurityDescriptorApi.GetSecurityDescriptorGroup(pSECURITY_DESCRIPTOR, out ptrSid, out lpbGroupDefaulted);
                    Logger.Log("SecurityDescriptorApi.GetSecurityDescriptorGroup iRet value: " + Marshal.GetLastWin32Error());
                    ObjSecurityDescriptor.PrimaryGroupID = GetObjectStringSid(ptrSid);
                    SecurityDescriptorApi.FreeSid(ptrSid);

                    ObjSecurityDescriptor.Size = SecurityDescriptorApi.GetSecurityDescriptorLength(pSECURITY_DESCRIPTOR);

                    ObjSecurityDescriptor.pSecurityDescriptor = pSECURITY_DESCRIPTOR;
                }
            }
            catch (Exception ex)
            {
                Logger.LogException("SecurityDescriptorWrapper.ReadSecurityDescriptor()", ex);
            }

            return errorReturn;
        }
        public static uint ApiSetSecurityDescriptorDacl(
                    object editedObjects,
                    object addedObjects,
                    object deletedObjects,
                    IntPtr pSecurityDesriptorIn,
                    out IntPtr pSecurityDescriptorOut)
        {
            uint errorReturn = 0;
            Dictionary<string, object> editAces = editedObjects as Dictionary<string, object>;
            Dictionary<string, object> newAces = addedObjects as Dictionary<string, object>;
            Dictionary<string, object> deleteAces = deletedObjects as Dictionary<string, object>;
            pSecurityDescriptorOut = IntPtr.Zero;

            try
            {
                Logger.Log("SecurityDescriptorWrapper.ApiSetSecurityDescriptorDacl", Logger.SecurityDescriptorLogLevel);

                IntPtr pNewSd; IntPtr pDaclOffset; IntPtr pNewDacl; IntPtr ptrSid;
                bool lpbDaclPresent = false;
                bool lpbDaclDefaulted = false;
                SecurityDescriptorApi.LwACL acl = new SecurityDescriptorApi.LwACL();

                pDaclOffset = Marshal.AllocHGlobal(Marshal.SizeOf(acl));
                bool bRet = SecurityDescriptorApi.GetSecurityDescriptorDacl(pSecurityDesriptorIn, out lpbDaclPresent, out pDaclOffset, out lpbDaclDefaulted);
                Logger.Log("SecurityDescriptorApi.ApiSetSecurityDescriptorDacl iRet value", Logger.SecurityDescriptorLogLevel);

                if (pDaclOffset != IntPtr.Zero)
                {
                    acl = (SecurityDescriptorApi.LwACL)Marshal.PtrToStructure(pDaclOffset, typeof(SecurityDescriptorApi.LwACL));
                }

                SecurityDescriptorApi.ACL_SIZE_INFORMATION AclSize = new SecurityDescriptorApi.ACL_SIZE_INFORMATION();
                SecurityDescriptorApi.GetAclInformation(pDaclOffset, AclSize,
                                ((uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.ACL_SIZE_INFORMATION))),
                                SecurityDescriptorApi.ACL_INFORMATION_CLASS.AclSizeInformation);

                SecurityDescriptorApi.SECURITY_DESCRIPTOR sSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();
                sSECURITY_DESCRIPTOR = (SecurityDescriptorApi.SECURITY_DESCRIPTOR)Marshal.PtrToStructure(pSecurityDesriptorIn, typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));

                uint totalCount = (uint)(newAces.Count - deleteAces.Count);
                int cbNewACL = (int)AclSize.AclBytesInUse + (int)((Marshal.SizeOf(typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE)) - IntPtr.Size) * totalCount);

                // Create new ACL
                pNewDacl = Marshal.AllocHGlobal(cbNewACL);
                bRet = SecurityDescriptorApi.InitializeAcl(pNewDacl, cbNewACL, acl.AclRevision);
                Console.WriteLine(Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidAcl(pNewDacl);
                Console.WriteLine(Marshal.GetLastWin32Error());

                SecurityDescriptorApi.ACL_REVISION_INFORMATION aclRevision = new SecurityDescriptorApi.ACL_REVISION_INFORMATION();
                aclRevision.AclRevision = acl.AclRevision;
                IntPtr pAclRevision = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityDescriptorApi.ACL_REVISION_INFORMATION)));
                Marshal.StructureToPtr(aclRevision, pAclRevision, true);

                bRet = SecurityDescriptorApi.SetAclInformation(
                                      pNewDacl,
                                      pAclRevision,
                                      ((uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.ACL_REVISION_INFORMATION))),
                                      SecurityDescriptorApi.ACL_INFORMATION_CLASS.AclRevisionInformation);
                Console.WriteLine(Marshal.GetLastWin32Error());

                //Delete/Editing the Ace entry from the ACl
                for (int idx = 0; idx < AclSize.AceCount; idx++)
                {
                    IntPtr pAce; ptrSid = IntPtr.Zero;
                    string sUsername, sDomain;

                    int err = SecurityDescriptorApi.GetAce(pDaclOffset, idx, out pAce);
                    SecurityDescriptorApi.ACCESS_ALLOWED_ACE ace = (SecurityDescriptorApi.ACCESS_ALLOWED_ACE)Marshal.PtrToStructure(pAce, typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE));

                    IntPtr iter = (IntPtr)((int)pAce + (int)Marshal.OffsetOf(typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE), "SidStart"));

                    int size = (int)SecurityDescriptorApi.GetLengthSid(iter);
                    byte[] bSID = new byte[size];
                    Marshal.Copy(iter, bSID, 0, size);
                    SecurityDescriptorApi.ConvertSidToStringSid(bSID, out ptrSid);
                    GetObjectLookUpName(iter, out sUsername, out sDomain);

                    if (deleteAces != null && deleteAces.Count != 0 && deleteAces.ContainsKey(sUsername))
                        continue;

                    if (editAces != null && editAces.Count != 0 && editAces.ContainsKey(sUsername))
                    {
                        List<LwAccessControlEntry> attributes = editAces[sUsername] as List<LwAccessControlEntry>;
                        if (attributes != null)
                        {
                            foreach (LwAccessControlEntry lwAce in attributes)
                            {
                                if ((int)ace.Header.AceType == lwAce.AceType)
                                {
                                    SecurityDescriptorApi.ConvertStringSidToSid(lwAce.SID, out ptrSid);
                                    bRet = SecurityDescriptorApi.AddAccessAllowedAceEx(
                                         pNewDacl,
                                         0,
                                         Convert.ToByte(ace.Header.AceFlags),
                                         Convert.ToInt32(lwAce.AccessMask),
                                         ptrSid);

                                    Console.WriteLine(Marshal.GetLastWin32Error());
                                    Logger.Log("SecurityDescriptorWrapper.ApiSetSecurityDescriptorDacl() : SecurityDescriptorApi.AddAccessAllowedAceEx return code :" + Marshal.GetLastWin32Error());
                                }
                            }
                        }
                    }
                    else
                    {
                        Logger.Log("Adding new Ace from existing one: " + sUsername, Logger.SecurityDescriptorLogLevel);
                        bRet = SecurityDescriptorApi.AddAccessAllowedAceEx(
                                       pNewDacl,
                                       0,
                                       ace.Header.AceFlags,
                                       ace.Mask,
                                       iter);
                        Console.WriteLine(Marshal.GetLastWin32Error());
                    }
                    SecurityDescriptorApi.FreeSid(ptrSid);
                }

                //Adding new Aces to the Security Descriptor
                foreach (string key in newAces.Keys)
                {
                    List<LwAccessControlEntry> attributes = newAces[key] as List<LwAccessControlEntry>;
                    foreach (LwAccessControlEntry lwAce in attributes)
                    {
                        SecurityDescriptorApi.ConvertStringSidToSid(lwAce.SID, out ptrSid);
                        bRet = SecurityDescriptorApi.AddAccessAllowedAceEx(
                             pNewDacl,
                             0,
                             Convert.ToByte(lwAce.AceFlags),
                             Convert.ToInt32(lwAce.AccessMask),
                             ptrSid);

                        Console.WriteLine(Marshal.GetLastWin32Error());
                        Logger.Log("Adding new Ace : " + lwAce.Username, Logger.SecurityDescriptorLogLevel);
                        Logger.Log("SecurityDescriptorWrapper.ApiSetSecurityDescriptorDacl() : SecurityDescriptorApi.AddAccessAllowedAceEx return code :" + Marshal.GetLastWin32Error());
                    }
                }

                pNewSd = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR)));
                int iSdRevision = (int)SecurityDescriptorApi.SECURITY_DESCRIPTOR_REVISION;
                bRet = SecurityDescriptorApi.InitializeSecurityDescriptor(pNewSd, (uint)iSdRevision);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.InitializeSecurityDescriptor returns errorcode: " + errorReturn);

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.SetSecurityDescriptorDacl(
                                pNewSd,
                                lpbDaclPresent,
                                pNewDacl,
                                lpbDaclDefaulted);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorDacl returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                pSecurityDescriptorOut = IntPtr.Zero;
                uint lpdwBufferLength = (uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));

                bRet = SecurityDescriptorApi.MakeSelfRelativeSD(pNewSd, out pSecurityDescriptorOut, ref lpdwBufferLength);
                Console.WriteLine(Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.MakeSelfRelativeSD(pNewSd, out pSecurityDescriptorOut, ref lpdwBufferLength);
                Console.WriteLine(Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                /*bRet = SecurityDescriptorApi.SetSecurityDescriptorGroup(
                               pNewSd,
                               sSECURITY_DESCRIPTOR.group,
                               false);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorGroup returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.SetSecurityDescriptorOwner(
                              pNewSd,
                              sSECURITY_DESCRIPTOR.owner,
                              false);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorOwner returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                uint pControl; uint lpdwRevision;
                bRet = SecurityDescriptorApi.GetSecurityDescriptorControl(
                             pSecurityDesriptorIn,
                             out pControl,
                             out lpdwRevision);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorControl returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.SetSecurityDescriptorControl(
                             pNewSd,
                             pControl,
                             pControl);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorControl returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                if (pNewDacl != IntPtr.Zero)
                {
                    SecurityDescriptorApi.LocalFree(pNewDacl);
                }

                uint lpdwAbsoluteSDSize = 0, lpdwDaclSize = 0, lpdwSaclSize = 0, lpdwOwnerSize = 0, lpdwPrimaryGroupSize = 0;
                IntPtr pAbsoluteSD, pDacl, pSacl, pOwner, pPrimaryGroup;
                lpdwAbsoluteSDSize = (uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));
                bRet = SecurityDescriptorApi.MakeAbsoluteSD(pNewSd, out pAbsoluteSD,
                                                ref lpdwAbsoluteSDSize, out pDacl, ref lpdwDaclSize,
                                                out pSacl, ref lpdwSaclSize,
                                                out pOwner, ref lpdwOwnerSize,
                                                out pPrimaryGroup, ref lpdwPrimaryGroupSize);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.MakeAbsoluteSD returns errorcode: " + Marshal.GetLastWin32Error()); */

                if (!bRet)
                    pSecurityDescriptorOut = IntPtr.Zero;
            }
            catch (Exception ex)
            {
                pSecurityDescriptorOut = IntPtr.Zero;
                errorReturn = (uint)Marshal.GetLastWin32Error();
                Logger.LogException("SecurityDescriptorWrapper.ApiGetLogOnUserHandle()", ex);
            }

            return errorReturn;
        }
        public static uint ReadSecurityDescriptor(
            IntPtr pSECURITY_DESCRIPTOR,
            ref SecurityDescriptor ObjSecurityDescriptor)
        {
            Logger.Log(string.Format("SecurityDescriptorWrapper.ReadSecurityDescriptor()"), Logger.SecurityDescriptorLogLevel);

            Dictionary <string, List <LwAccessControlEntry> > SdDacls = null;
            IntPtr ptrSid;
            uint   errorReturn = 0;
            bool   bRet        = false;

            ObjSecurityDescriptor = new SecurityDescriptor();
            ObjSecurityDescriptor.InitailizeToNull();

            SecurityDescriptorApi.SECURITY_DESCRIPTOR sSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();

            try
            {
                if (pSECURITY_DESCRIPTOR != IntPtr.Zero)
                {
                    SdDacls = new Dictionary <string, List <LwAccessControlEntry> >();
                    IntPtr pDaclOffset;
                    bool   lpbDaclPresent   = false;
                    bool   lpbDaclDefaulted = false;

                    bRet = SecurityDescriptorApi.GetSecurityDescriptorDacl(pSECURITY_DESCRIPTOR, out lpbDaclPresent, out pDaclOffset, out lpbDaclDefaulted);
                    Logger.Log("SecurityDescriptorApi.GetSecurityDescriptorDacl iRet value", Logger.SecurityDescriptorLogLevel);

                    SecurityDescriptorApi.ACL_SIZE_INFORMATION AclSize = new SecurityDescriptorApi.ACL_SIZE_INFORMATION();
                    SecurityDescriptorApi.GetAclInformation(pDaclOffset, AclSize,
                                                            ((uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.ACL_SIZE_INFORMATION))),
                                                            SecurityDescriptorApi.ACL_INFORMATION_CLASS.AclSizeInformation);

                    if (pDaclOffset != IntPtr.Zero)
                    {
                        SdDacls = new Dictionary <string, List <LwAccessControlEntry> >();
                        List <LwAccessControlEntry> daclInfo = new List <LwAccessControlEntry>();
                        for (int idx = 0; idx < AclSize.AceCount; idx++)
                        {
                            IntPtr pAce;
                            string sUsername, sDomain;

                            int err = SecurityDescriptorApi.GetAce(pDaclOffset, idx, out pAce);
                            SecurityDescriptorApi.ACCESS_ALLOWED_ACE ace = (SecurityDescriptorApi.ACCESS_ALLOWED_ACE)Marshal.PtrToStructure(pAce, typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE));

                            IntPtr iter   = (IntPtr)((int)pAce + (int)Marshal.OffsetOf(typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE), "SidStart"));
                            string strSID = GetObjectStringSid(iter);

                            //Commented this, to use it in feature
                            //IntPtr pTrustee = IntPtr.Zero;
                            //SecurityDescriptorApi.BuildTrusteeWithSid(out pTrustee, ptrSid);
                            //SecurityDescriptorApi.TRUSTEE trustee = new SecurityDescriptorApi.TRUSTEE();
                            //Marshal.PtrToStructure(pTrustee, trustee);

                            GetObjectLookUpName(iter, out sUsername, out sDomain);
                            if (String.IsNullOrEmpty(sUsername))
                            {
                                sUsername = strSID;
                            }

                            Logger.Log("Trustee = " + sUsername, Logger.SecurityDescriptorLogLevel);
                            Logger.Log(string.Format("SID={0} : AceType={1}/ AceMask={2}/ AceFlags={3}",
                                                     strSID,
                                                     ace.Header.AceType.ToString(),
                                                     ace.Mask.ToString(),
                                                     ace.Header.AceFlags.ToString()), Logger.SecurityDescriptorLogLevel);

                            LwAccessControlEntry Ace = new LwAccessControlEntry();
                            Ace.Username   = sUsername + "(" + sUsername + "@" + sDomain + ")";
                            Ace.SID        = strSID;
                            Ace.AceType    = Convert.ToInt32(ace.Header.AceType);
                            Ace.AccessMask = ace.Mask.ToString();
                            Ace.AceFlags   = Convert.ToInt32(ace.Header.AceFlags.ToString());
                            Ace.AceSize    = Convert.ToInt32(ace.Header.AceSize.ToString());

                            daclInfo.Add(Ace);
                        }
                        if (daclInfo != null && daclInfo.Count != 0)
                        {
                            List <LwAccessControlEntry> objectDacl = new List <LwAccessControlEntry>();
                            foreach (LwAccessControlEntry Ace in daclInfo)
                            {
                                if (!SdDacls.ContainsKey(Ace.Username))
                                {
                                    objectDacl = new List <LwAccessControlEntry>();
                                    objectDacl.Add(Ace);
                                    SdDacls.Add(Ace.Username, objectDacl);
                                }
                                else
                                {
                                    objectDacl = SdDacls[Ace.Username];
                                    objectDacl.Add(Ace);
                                    SdDacls[Ace.Username] = objectDacl;
                                }
                            }
                        }
                        ObjSecurityDescriptor.Descretionary_Access_Control_List = SdDacls;
                    }
                    else
                    {
                        ObjSecurityDescriptor.Descretionary_Access_Control_List = null;
                        ObjSecurityDescriptor.IsAccessDenied = true;
                    }

                    sSECURITY_DESCRIPTOR = (SecurityDescriptorApi.SECURITY_DESCRIPTOR)Marshal.PtrToStructure(pSECURITY_DESCRIPTOR, typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));

                    //Get Security Descriptor Control
                    uint dwRevision;
                    SecurityDescriptorApi.SECURITY_DESCRIPTOR_CONTROL pControl;
                    SecurityDescriptorApi.GetSecurityDescriptorControl(pSECURITY_DESCRIPTOR, out pControl, out dwRevision);
                    ObjSecurityDescriptor.Control  = (uint)pControl;
                    ObjSecurityDescriptor.Revision = dwRevision;

                    //Get Security Descriptor Owner
                    bool lpbOwnerDefaulted = false;
                    ptrSid = IntPtr.Zero;
                    bRet   = SecurityDescriptorApi.GetSecurityDescriptorOwner(pSECURITY_DESCRIPTOR, out ptrSid, out lpbOwnerDefaulted);
                    Logger.Log("SecurityDescriptorApi.GetSecurityDescriptorOwner iRet value: " + Marshal.GetLastWin32Error());
                    ObjSecurityDescriptor.Owner = GetObjectStringSid(ptrSid);
                    SecurityDescriptorApi.FreeSid(ptrSid);

                    //Get Security Descriptor Group
                    bool lpbGroupDefaulted = false;
                    ptrSid = IntPtr.Zero;
                    bRet   = SecurityDescriptorApi.GetSecurityDescriptorGroup(pSECURITY_DESCRIPTOR, out ptrSid, out lpbGroupDefaulted);
                    Logger.Log("SecurityDescriptorApi.GetSecurityDescriptorGroup iRet value: " + Marshal.GetLastWin32Error());
                    ObjSecurityDescriptor.PrimaryGroupID = GetObjectStringSid(ptrSid);
                    SecurityDescriptorApi.FreeSid(ptrSid);

                    ObjSecurityDescriptor.Size = SecurityDescriptorApi.GetSecurityDescriptorLength(pSECURITY_DESCRIPTOR);

                    ObjSecurityDescriptor.pSecurityDescriptor = pSECURITY_DESCRIPTOR;
                }
            }
            catch (Exception ex)
            {
                Logger.LogException("SecurityDescriptorWrapper.ReadSecurityDescriptor()", ex);
            }

            return(errorReturn);
        }
        public static uint ApiSetSecurityDescriptorDacl(
            object editedObjects,
            object addedObjects,
            object deletedObjects,
            IntPtr pSecurityDesriptorIn,
            out IntPtr pSecurityDescriptorOut)
        {
            uint errorReturn = 0;
            Dictionary <string, object> editAces   = editedObjects as Dictionary <string, object>;
            Dictionary <string, object> newAces    = addedObjects as Dictionary <string, object>;
            Dictionary <string, object> deleteAces = deletedObjects as Dictionary <string, object>;

            pSecurityDescriptorOut = IntPtr.Zero;

            try
            {
                Logger.Log("SecurityDescriptorWrapper.ApiSetSecurityDescriptorDacl", Logger.SecurityDescriptorLogLevel);

                IntPtr pNewSd; IntPtr pDaclOffset; IntPtr pNewDacl; IntPtr ptrSid;
                bool   lpbDaclPresent           = false;
                bool   lpbDaclDefaulted         = false;
                SecurityDescriptorApi.LwACL acl = new SecurityDescriptorApi.LwACL();

                pDaclOffset = Marshal.AllocHGlobal(Marshal.SizeOf(acl));
                bool bRet = SecurityDescriptorApi.GetSecurityDescriptorDacl(pSecurityDesriptorIn, out lpbDaclPresent, out pDaclOffset, out lpbDaclDefaulted);
                Logger.Log("SecurityDescriptorApi.ApiSetSecurityDescriptorDacl iRet value", Logger.SecurityDescriptorLogLevel);

                if (pDaclOffset != IntPtr.Zero)
                {
                    acl = (SecurityDescriptorApi.LwACL)Marshal.PtrToStructure(pDaclOffset, typeof(SecurityDescriptorApi.LwACL));
                }

                SecurityDescriptorApi.ACL_SIZE_INFORMATION AclSize = new SecurityDescriptorApi.ACL_SIZE_INFORMATION();
                SecurityDescriptorApi.GetAclInformation(pDaclOffset, AclSize,
                                                        ((uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.ACL_SIZE_INFORMATION))),
                                                        SecurityDescriptorApi.ACL_INFORMATION_CLASS.AclSizeInformation);

                SecurityDescriptorApi.SECURITY_DESCRIPTOR sSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();
                sSECURITY_DESCRIPTOR = (SecurityDescriptorApi.SECURITY_DESCRIPTOR)Marshal.PtrToStructure(pSecurityDesriptorIn, typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));

                uint totalCount = (uint)(newAces.Count - deleteAces.Count);
                int  cbNewACL   = (int)AclSize.AclBytesInUse + (int)((Marshal.SizeOf(typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE)) - IntPtr.Size) * totalCount);

                // Create new ACL
                pNewDacl = Marshal.AllocHGlobal(cbNewACL);
                bRet     = SecurityDescriptorApi.InitializeAcl(pNewDacl, cbNewACL, acl.AclRevision);
                Console.WriteLine(Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidAcl(pNewDacl);
                Console.WriteLine(Marshal.GetLastWin32Error());

                SecurityDescriptorApi.ACL_REVISION_INFORMATION aclRevision = new SecurityDescriptorApi.ACL_REVISION_INFORMATION();
                aclRevision.AclRevision = acl.AclRevision;
                IntPtr pAclRevision = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityDescriptorApi.ACL_REVISION_INFORMATION)));
                Marshal.StructureToPtr(aclRevision, pAclRevision, true);

                bRet = SecurityDescriptorApi.SetAclInformation(
                    pNewDacl,
                    pAclRevision,
                    ((uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.ACL_REVISION_INFORMATION))),
                    SecurityDescriptorApi.ACL_INFORMATION_CLASS.AclRevisionInformation);
                Console.WriteLine(Marshal.GetLastWin32Error());

                //Delete/Editing the Ace entry from the ACl
                for (int idx = 0; idx < AclSize.AceCount; idx++)
                {
                    IntPtr pAce; ptrSid = IntPtr.Zero;
                    string sUsername, sDomain;

                    int err = SecurityDescriptorApi.GetAce(pDaclOffset, idx, out pAce);
                    SecurityDescriptorApi.ACCESS_ALLOWED_ACE ace = (SecurityDescriptorApi.ACCESS_ALLOWED_ACE)Marshal.PtrToStructure(pAce, typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE));

                    IntPtr iter = (IntPtr)((int)pAce + (int)Marshal.OffsetOf(typeof(SecurityDescriptorApi.ACCESS_ALLOWED_ACE), "SidStart"));

                    int    size = (int)SecurityDescriptorApi.GetLengthSid(iter);
                    byte[] bSID = new byte[size];
                    Marshal.Copy(iter, bSID, 0, size);
                    SecurityDescriptorApi.ConvertSidToStringSid(bSID, out ptrSid);
                    GetObjectLookUpName(iter, out sUsername, out sDomain);

                    if (deleteAces != null && deleteAces.Count != 0 && deleteAces.ContainsKey(sUsername))
                    {
                        continue;
                    }

                    if (editAces != null && editAces.Count != 0 && editAces.ContainsKey(sUsername))
                    {
                        List <LwAccessControlEntry> attributes = editAces[sUsername] as List <LwAccessControlEntry>;
                        if (attributes != null)
                        {
                            foreach (LwAccessControlEntry lwAce in attributes)
                            {
                                if ((int)ace.Header.AceType == lwAce.AceType)
                                {
                                    SecurityDescriptorApi.ConvertStringSidToSid(lwAce.SID, out ptrSid);
                                    bRet = SecurityDescriptorApi.AddAccessAllowedAceEx(
                                        pNewDacl,
                                        0,
                                        Convert.ToByte(ace.Header.AceFlags),
                                        Convert.ToInt32(lwAce.AccessMask),
                                        ptrSid);

                                    Console.WriteLine(Marshal.GetLastWin32Error());
                                    Logger.Log("SecurityDescriptorWrapper.ApiSetSecurityDescriptorDacl() : SecurityDescriptorApi.AddAccessAllowedAceEx return code :" + Marshal.GetLastWin32Error());
                                }
                            }
                        }
                    }
                    else
                    {
                        Logger.Log("Adding new Ace from existing one: " + sUsername, Logger.SecurityDescriptorLogLevel);
                        bRet = SecurityDescriptorApi.AddAccessAllowedAceEx(
                            pNewDacl,
                            0,
                            ace.Header.AceFlags,
                            ace.Mask,
                            iter);
                        Console.WriteLine(Marshal.GetLastWin32Error());
                    }
                    SecurityDescriptorApi.FreeSid(ptrSid);
                }

                //Adding new Aces to the Security Descriptor
                foreach (string key in newAces.Keys)
                {
                    List <LwAccessControlEntry> attributes = newAces[key] as List <LwAccessControlEntry>;
                    foreach (LwAccessControlEntry lwAce in attributes)
                    {
                        SecurityDescriptorApi.ConvertStringSidToSid(lwAce.SID, out ptrSid);
                        bRet = SecurityDescriptorApi.AddAccessAllowedAceEx(
                            pNewDacl,
                            0,
                            Convert.ToByte(lwAce.AceFlags),
                            Convert.ToInt32(lwAce.AccessMask),
                            ptrSid);

                        Console.WriteLine(Marshal.GetLastWin32Error());
                        Logger.Log("Adding new Ace : " + lwAce.Username, Logger.SecurityDescriptorLogLevel);
                        Logger.Log("SecurityDescriptorWrapper.ApiSetSecurityDescriptorDacl() : SecurityDescriptorApi.AddAccessAllowedAceEx return code :" + Marshal.GetLastWin32Error());
                    }
                }

                pNewSd = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR)));
                int iSdRevision = (int)SecurityDescriptorApi.SECURITY_DESCRIPTOR_REVISION;
                bRet = SecurityDescriptorApi.InitializeSecurityDescriptor(pNewSd, (uint)iSdRevision);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.InitializeSecurityDescriptor returns errorcode: " + errorReturn);

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.SetSecurityDescriptorDacl(
                    pNewSd,
                    lpbDaclPresent,
                    pNewDacl,
                    lpbDaclDefaulted);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorDacl returns errorcode: " + Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                pSecurityDescriptorOut = IntPtr.Zero;
                uint lpdwBufferLength = (uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));

                bRet = SecurityDescriptorApi.MakeSelfRelativeSD(pNewSd, out pSecurityDescriptorOut, ref lpdwBufferLength);
                Console.WriteLine(Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.MakeSelfRelativeSD(pNewSd, out pSecurityDescriptorOut, ref lpdwBufferLength);
                Console.WriteLine(Marshal.GetLastWin32Error());

                bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                Console.WriteLine(Marshal.GetLastWin32Error());
                Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());

                /*bRet = SecurityDescriptorApi.SetSecurityDescriptorGroup(
                 *             pNewSd,
                 *             sSECURITY_DESCRIPTOR.group,
                 *             false);
                 * Console.WriteLine(Marshal.GetLastWin32Error());
                 * Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorGroup returns errorcode: " + Marshal.GetLastWin32Error());
                 *
                 * bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                 * Console.WriteLine(Marshal.GetLastWin32Error());
                 * Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());
                 *
                 * bRet = SecurityDescriptorApi.SetSecurityDescriptorOwner(
                 *            pNewSd,
                 *            sSECURITY_DESCRIPTOR.owner,
                 *            false);
                 * Console.WriteLine(Marshal.GetLastWin32Error());
                 * Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorOwner returns errorcode: " + Marshal.GetLastWin32Error());
                 *
                 * bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                 * Console.WriteLine(Marshal.GetLastWin32Error());
                 * Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());
                 *
                 * uint pControl; uint lpdwRevision;
                 * bRet = SecurityDescriptorApi.GetSecurityDescriptorControl(
                 *           pSecurityDesriptorIn,
                 *           out pControl,
                 *           out lpdwRevision);
                 * Console.WriteLine(Marshal.GetLastWin32Error());
                 * Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorControl returns errorcode: " + Marshal.GetLastWin32Error());
                 *
                 * bRet = SecurityDescriptorApi.SetSecurityDescriptorControl(
                 *           pNewSd,
                 *           pControl,
                 *           pControl);
                 * Console.WriteLine(Marshal.GetLastWin32Error());
                 * Logger.Log("SecurityDescriptorApi.SetSecurityDescriptorControl returns errorcode: " + Marshal.GetLastWin32Error());
                 *
                 * bRet = SecurityDescriptorApi.IsValidSecurityDescriptor(pNewSd);
                 * Console.WriteLine(Marshal.GetLastWin32Error());
                 * Logger.Log("SecurityDescriptorApi.IsValidSecurityDescriptor returns errorcode: " + Marshal.GetLastWin32Error());
                 *
                 * if (pNewDacl != IntPtr.Zero)
                 * {
                 *  SecurityDescriptorApi.LocalFree(pNewDacl);
                 * }
                 *
                 * uint lpdwAbsoluteSDSize = 0, lpdwDaclSize = 0, lpdwSaclSize = 0, lpdwOwnerSize = 0, lpdwPrimaryGroupSize = 0;
                 * IntPtr pAbsoluteSD, pDacl, pSacl, pOwner, pPrimaryGroup;
                 * lpdwAbsoluteSDSize = (uint)Marshal.SizeOf(typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));
                 * bRet = SecurityDescriptorApi.MakeAbsoluteSD(pNewSd, out pAbsoluteSD,
                 *                              ref lpdwAbsoluteSDSize, out pDacl, ref lpdwDaclSize,
                 *                              out pSacl, ref lpdwSaclSize,
                 *                              out pOwner, ref lpdwOwnerSize,
                 *                              out pPrimaryGroup, ref lpdwPrimaryGroupSize);
                 * Console.WriteLine(Marshal.GetLastWin32Error());
                 * Logger.Log("SecurityDescriptorApi.MakeAbsoluteSD returns errorcode: " + Marshal.GetLastWin32Error()); */

                if (!bRet)
                {
                    pSecurityDescriptorOut = IntPtr.Zero;
                }
            }
            catch (Exception ex)
            {
                pSecurityDescriptorOut = IntPtr.Zero;
                errorReturn            = (uint)Marshal.GetLastWin32Error();
                Logger.LogException("SecurityDescriptorWrapper.ApiGetLogOnUserHandle()", ex);
            }

            return(errorReturn);
        }