protected bool RemoveAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
Contract.EndContractBlock();
WriteLock();
try
{
if (_securityDescriptor == null)
{
return(true);
}
bool modified;
return(ModifyAccess(AccessControlModification.Remove, rule, out modified));
}
finally
{
WriteUnlock();
}
}
/// <summary>Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.</summary>
/// <param name="rule">The access rule to remove.</param>
/// <returns>
/// <see langword="true" /> if the access rule was successfully removed; otherwise, <see langword="false" />.</returns>
// Token: 0x06001FEA RID: 8170 RVA: 0x0006F864 File Offset: 0x0006DA64
protected bool RemoveAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
bool result;
try
{
if (this._securityDescriptor == null)
{
result = true;
}
else
{
bool flag;
result = this.ModifyAccess(AccessControlModification.Remove, rule, out flag);
}
}
finally
{
base.WriteUnlock();
}
return(result);
}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
if (!this.AccessRuleType.GetTypeInfo().IsAssignableFrom(rule.GetType().GetTypeInfo()))
{
throw new ArgumentException(
SR.AccessControl_InvalidAccessRuleType,
nameof(rule));
}
WriteLock();
try
{
return(ModifyAccess(modification, rule, out modified));
}
finally
{
WriteUnlock();
}
}
protected void RemoveAccessRuleAll(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
WriteLock();
try
{
if (_securityDescriptor == null)
{
return;
}
bool modified;
ModifyAccess(AccessControlModification.RemoveAll, rule, out modified);
}
finally
{
WriteUnlock();
}
return;
}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
if (!this.AccessRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException(
Environment.GetResourceString("AccessControl_InvalidAccessRuleType"),
"rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
return(ModifyAccess(modification, rule, out modified));
}
finally
{
WriteUnlock();
}
}
protected void RemoveAccessRuleSpecific(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
if (_securityDescriptor == null)
{
return;
}
bool modified;
ModifyAccess(AccessControlModification.RemoveSpecific, rule, out modified);
}
finally
{
WriteUnlock();
}
}
public virtual new bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
Contract.Requires(this.AccessRuleType != null);
modified = default(bool);
return default(bool);
}
public override bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (!this.DaclRetrieved())
{
throw new InvalidOperationException(Res.GetString("CannotModifyDacl"));
}
return base.ModifyAccessRule(modification, rule, out modified);
}
/// <summary>将指定修改应用于与此 <see cref="T:System.Security.AccessControl.DirectoryObjectSecurity" /> 对象关联的自由访问控制列表 (DACL)。</summary>
/// <returns>如果成功修改了 DACL,则为 true;否则为 false。</returns>
/// <param name="modification">要应用于 DACL 的修改。</param>
/// <param name="rule">要修改的访问规则。</param>
/// <param name="modified">如果成功修改了 DACL,则为 true;否则为 false。</param>
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (!this.AccessRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule");
}
return(this.ModifyAccess(modification, rule as ObjectAccessRule, out modified));
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
////if (this.AccessRuleType.IsAssignableFrom(rule.GetType().GetTypeInfo()))
////if (!TypeExtensions.IsAssignableFrom(this.AccessRuleType, rule.GetType()))
//{
// throw new ArgumentException(
// SR.AccessControl_InvalidAccessRuleType,
// "rule");
//}
return(ModifyAccess(modification, rule as ObjectAccessRule, out modified));
}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
if (!AccessRuleType.IsAssignableFrom(rule.GetType()))
{
throw new ArgumentException("rule");
}
return(ModifyAccess(modification, rule, out modified));
}
internal AuthorizationRuleCollection InternalGetAccessRules(bool includeExplicit,
bool includeInherited,
Type targetType)
{
List <AuthorizationRule> rules = new List <AuthorizationRule> ();
ReadLock();
try {
foreach (GenericAce genericAce in descriptor.DiscretionaryAcl)
{
QualifiedAce ace = genericAce as QualifiedAce;
if (null == ace)
{
continue;
}
if (ace.IsInherited && !includeInherited)
{
continue;
}
if (!ace.IsInherited && !includeExplicit)
{
continue;
}
AccessControlType type;
if (AceQualifier.AccessAllowed == ace.AceQualifier)
{
type = AccessControlType.Allow;
}
else if (AceQualifier.AccessDenied == ace.AceQualifier)
{
type = AccessControlType.Deny;
}
else
{
continue;
}
AccessRule rule = InternalAccessRuleFactory(ace, targetType, type);
rules.Add(rule);
}
} finally {
ReadUnlock();
}
return(new AuthorizationRuleCollection(rules.ToArray()));
}
protected void SetAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
bool flag;
this.ModifyAccess(AccessControlModification.Set, rule, out flag);
}
finally
{
base.WriteUnlock();
}
}
/// <summary>从与此 <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> 对象关联的自由访问控制列表 (DACL) 中移除所有访问规则,然后添加指定的访问规则。</summary>
/// <param name="rule">要重置的访问规则。</param>
protected void ResetAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
this.WriteLock();
try
{
bool modified;
this.ModifyAccess(AccessControlModification.Reset, rule, out modified);
}
finally
{
this.WriteUnlock();
}
}
protected void AddAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
bool flag;
this.ModifyAccess(AccessControlModification.Add, rule, out flag);
}
finally
{
base.WriteUnlock();
}
}
protected void SetAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
WriteLock();
try
{
bool modified;
ModifyAccess(AccessControlModification.Set, rule, out modified);
}
finally
{
WriteUnlock();
}
}
protected void RemoveAccessRuleSpecific(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
if (base._securityDescriptor != null)
{
bool flag;
this.ModifyAccess(AccessControlModification.RemoveSpecific, rule, out flag);
}
}
finally
{
base.WriteUnlock();
}
}
protected void AddAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool modified;
ModifyAccess(AccessControlModification.Add, rule, out modified);
}
finally
{
WriteUnlock();
}
}
/// <summary>从与此 <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> 对象关联的自由访问控制列表 (DACL) 中移除与指定的访问规则具有相同安全性标识符和访问掩码的访问规则。</summary>
/// <returns>如果访问规则已成功移除,则为 true;否则为 false。</returns>
/// <param name="rule">要移除的访问规则。</param>
protected bool RemoveAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
this.WriteLock();
try
{
if (this._securityDescriptor == null)
{
return(true);
}
bool modified;
return(this.ModifyAccess(AccessControlModification.Remove, rule, out modified));
}
finally
{
this.WriteUnlock();
}
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
foreach (AccessRule r in access_rules)
{
if (rule != r)
{
continue;
}
switch (modification)
{
case AccessControlModification.Add:
AddAccessRule(rule);
break;
case AccessControlModification.Set:
SetAccessRule(rule);
break;
case AccessControlModification.Reset:
ResetAccessRule(rule);
break;
case AccessControlModification.Remove:
RemoveAccessRule(rule);
break;
case AccessControlModification.RemoveAll:
RemoveAccessRuleAll(rule);
break;
case AccessControlModification.RemoveSpecific:
RemoveAccessRuleSpecific(rule);
break;
}
modified = true;
return(true);
}
modified = false;
return(false);
}
/// <summary>Applies the specified modification to the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.</summary>
/// <returns>true if the DACL is successfully modified; otherwise, false.</returns>
/// <param name="modification">The modification to apply to the DACL.</param>
/// <param name="rule">The access rule to modify.</param>
/// <param name="modified">true if the DACL is successfully modified; otherwise, false.</param>
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
foreach (AccessRule accessRule in this.access_rules)
{
if (rule == accessRule)
{
switch (modification)
{
case AccessControlModification.Add:
this.AddAccessRule(rule);
break;
case AccessControlModification.Set:
this.SetAccessRule(rule);
break;
case AccessControlModification.Reset:
this.ResetAccessRule(rule);
break;
case AccessControlModification.Remove:
this.RemoveAccessRule(rule);
break;
case AccessControlModification.RemoveAll:
this.RemoveAccessRuleAll(rule);
break;
case AccessControlModification.RemoveSpecific:
this.RemoveAccessRuleSpecific(rule);
break;
}
modified = true;
return(true);
}
}
modified = false;
return(false);
}
protected bool RemoveAccessRule(AccessRule rule)
{
bool flag2;
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
bool flag;
if (base._securityDescriptor == null)
{
return(true);
}
flag2 = this.ModifyAccess(AccessControlModification.Remove, rule, out flag);
}
finally
{
base.WriteUnlock();
}
return(flag2);
}
protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified)
{
if (null == rule)
throw new ArgumentNullException ("rule");
modified = true;
WriteLock ();
try {
switch (modification) {
case AccessControlModification.Add:
descriptor.DiscretionaryAcl.AddAccess (rule.AccessControlType,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Set:
descriptor.DiscretionaryAcl.SetAccess (rule.AccessControlType,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.Reset:
PurgeAccessRules (rule.IdentityReference);
goto case AccessControlModification.Add;
case AccessControlModification.Remove:
modified = descriptor.DiscretionaryAcl.RemoveAccess (rule.AccessControlType,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
PurgeAccessRules (rule.IdentityReference);
break;
case AccessControlModification.RemoveSpecific:
descriptor.DiscretionaryAcl.RemoveAccessSpecific (rule.AccessControlType,
SidFromIR (rule.IdentityReference),
rule.AccessMask,
rule.InheritanceFlags,
rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException ("modification");
}
if (modified) AccessRulesModified = true;
} finally {
WriteUnlock ();
}
return modified;
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
////if(this.AccessRuleType.IsAssignableFrom(rule.GetType().GetTypeInfo()))
////if (!TypeExtensions.IsAssignableFrom(this.AccessRuleType, rule.GetType()))
//{
// throw new ArgumentException(
// SR.AccessControl_InvalidAccessRuleType,
// "rule");
//}
Contract.EndContractBlock();
return ModifyAccess(modification, rule as ObjectAccessRule, out modified);
}
protected void RemoveAccessRuleSpecific (AccessRule rule)
{
bool modified;
ModifyAccess (AccessControlModification.RemoveSpecific, rule, out modified);
}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if ( rule == null )
{
throw new ArgumentNullException( "rule" );
}
if ( !this.AccessRuleType.IsAssignableFrom(rule.GetType()) )
{
throw new ArgumentException(
Environment.GetResourceString("AccessControl_InvalidAccessRuleType"),
"rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
return ModifyAccess(modification, rule, out modified);
}
finally
{
WriteUnlock();
}
}
protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified)
{
foreach (AccessRule r in access_rules) {
if (rule != r)
continue;
switch (modification) {
case AccessControlModification.Add:
AddAccessRule (rule);
break;
case AccessControlModification.Set:
SetAccessRule (rule);
break;
case AccessControlModification.Reset:
ResetAccessRule (rule);
break;
case AccessControlModification.Remove:
RemoveAccessRule (rule);
break;
case AccessControlModification.RemoveAll:
RemoveAccessRuleAll (rule);
break;
case AccessControlModification.RemoveSpecific:
RemoveAccessRuleSpecific (rule);
break;
}
modified = true;
return true;
}
modified = false;
return false;
}
protected void RemoveAccessRuleSpecific (AccessRule rule)
{
throw new NotImplementedException ();
}
// Access
protected void AddAccessRule (AccessRule rule)
{
access_rules.Add (rule);
AccessRulesModified = true;
}
protected override bool ModifyAccess (AccessControlModification modification,
AccessRule rule, out bool modified)
{
modify_access_called = true;
modified = true; return modified;
}
protected bool RemoveAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
Contract.EndContractBlock();
WriteLock();
try
{
if (_securityDescriptor == null)
{
return true;
}
bool modified;
return ModifyAccess(AccessControlModification.Remove, rule, out modified);
}
finally
{
WriteUnlock();
}
}
protected void AddAccessRule(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
Contract.EndContractBlock();
WriteLock();
try
{
bool modified;
ModifyAccess(AccessControlModification.Add, rule, out modified);
}
finally
{
WriteUnlock();
}
}
protected void SetAccessRule (AccessRule rule)
{
bool modified;
ModifyAccess (AccessControlModification.Set, rule, out modified);
}
protected bool RemoveAccessRule(AccessRule rule)
{
bool flag2;
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
bool flag;
if (base._securityDescriptor == null)
{
return true;
}
flag2 = this.ModifyAccess(AccessControlModification.Remove, rule, out flag);
}
finally
{
base.WriteUnlock();
}
return flag2;
}
protected void RemoveAccessRuleSpecific(AccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
if (base._securityDescriptor != null)
{
bool flag;
this.ModifyAccess(AccessControlModification.RemoveSpecific, rule, out flag);
}
}
finally
{
base.WriteUnlock();
}
}
protected void RemoveAccessRuleSpecific( AccessRule rule )
{
if ( rule == null )
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
if ( _securityDescriptor == null )
{
return;
}
bool modified;
ModifyAccess( AccessControlModification.RemoveSpecific, rule, out modified );
}
finally
{
WriteUnlock();
}
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if ( !this.AccessRuleType.IsAssignableFrom(rule.GetType()) )
{
throw new ArgumentException(
Environment.GetResourceString("AccessControl_InvalidAccessRuleType"),
"rule");
}
Contract.EndContractBlock();
return ModifyAccess(modification, rule as ObjectAccessRule, out modified);
}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, ref bool modified)
{
throw new NotImplementedException();
}
protected bool RemoveAccessRule (AccessRule rule)
{
throw new NotImplementedException ();
}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified)
{
if ( rule == null )
{
throw new ArgumentNullException( nameof(rule));
}
if ( !this.AccessRuleType.GetTypeInfo().IsAssignableFrom(rule.GetType().GetTypeInfo()) )
{
throw new ArgumentException(
SR.AccessControl_InvalidAccessRuleType,
nameof(rule));
}
Contract.EndContractBlock();
WriteLock();
try
{
return ModifyAccess(modification, rule, out modified);
}
finally
{
WriteUnlock();
}
}
protected void SetAccessRule (AccessRule rule)
{
throw new NotImplementedException ();
}
public virtual void SetAccessRule(AccessRule <T> rule)
{
base.SetAccessRule(rule);
}
/// <summary>Removes all access rules that exactly match the specified access rule from the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.</summary><param name="rule">The access rule to remove.</param>
protected void RemoveAccessRuleSpecific(AccessRule rule)
{
throw new NotImplementedException();
}
public virtual bool RemoveAccessRule(AccessRule <T> rule)
{
return(base.RemoveAccessRule(rule));
}
//
// Modifies the DACL
//
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool result = true;
if (_securityDescriptor.DiscretionaryAcl == null)
{
if (modification == AccessControlModification.Remove ||
modification == AccessControlModification.RemoveAll ||
modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return(result);
}
_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevision, 1);
_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
if (rule.AccessControlType == AccessControlType.Allow)
{
switch (modification)
{
case AccessControlModification.Add:
_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Set:
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Reset:
_securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Remove:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
if (result == false)
{
Contract.Assert(false, "Invalid operation");
throw new InvalidOperationException();
}
break;
case AccessControlModification.RemoveSpecific:
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException(
"modification",
SR.ArgumentOutOfRange_Enum);
}
}
else if (rule.AccessControlType == AccessControlType.Deny)
{
switch (modification)
{
case AccessControlModification.Add:
_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Set:
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Reset:
_securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.Remove:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0);
if (result == false)
{
Contract.Assert(false, "Invalid operation");
throw new InvalidOperationException();
}
break;
case AccessControlModification.RemoveSpecific:
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags);
break;
default:
throw new ArgumentOutOfRangeException(
"modification",
SR.ArgumentOutOfRange_Enum);
}
}
else
{
Contract.Assert(false, "rule.AccessControlType unrecognized");
throw new ArgumentException(SR.Format(SR.Arg_EnumIllegalVal, (int)rule.AccessControlType), "rule.AccessControlType");
}
modified = result;
AccessRulesModified |= modified;
return(result);
}
finally
{
WriteUnlock();
}
}
public virtual void RemoveAccessRuleSpecific(AccessRule <T> rule)
{
base.RemoveAccessRuleSpecific(rule);
}
protected bool RemoveAccessRule (AccessRule rule)
{
bool modified;
return ModifyAccess (AccessControlModification.Remove, rule, out modified);
}
protected void ResetAccessRule( AccessRule rule )
{
if ( rule == null )
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool modified;
ModifyAccess( AccessControlModification.Reset, rule, out modified );
}
finally
{
WriteUnlock();
}
return;
}
protected abstract bool ModifyAccess( AccessControlModification modification, AccessRule rule, out bool modified);
public static MemoryMappedFileSecurity MapSecurity(bool create)
{
SecurityIdentifier user = GetEveryoneSID();
MemoryMappedFileSecurity result = new MemoryMappedFileSecurity();
MemoryMappedFileRights rights = MemoryMappedFileRights.ReadWrite;
if (create)
rights |= MemoryMappedFileRights.Delete;
AccessRule<MemoryMappedFileRights> rule = new AccessRule<MemoryMappedFileRights>(user, rights, AccessControlType.Allow);
result.AddAccessRule(rule);
return result;
}
// Override these if you need to do some custom bit remapping to hide any
// complexity from the user.
public virtual void AddAccessRule(AccessRule <T> rule)
{
base.AddAccessRule(rule);
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
throw new NotImplementedException();
}
public virtual void ResetAccessRule(AccessRule <T> rule)
{
base.ResetAccessRule(rule);
}
public virtual bool ModifyAccessRule (AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
throw new ArgumentNullException ("rule");
if (!AccessRuleType.IsAssignableFrom (rule.GetType()))
throw new ArgumentException ("rule");
return ModifyAccess (modification, rule, out modified);
}
public virtual void RemoveAccessRuleAll(AccessRule <T> rule)
{
base.RemoveAccessRuleAll(rule);
}
//
// Modifies the DACL
//
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool result = true;
if ( _securityDescriptor.DiscretionaryAcl == null )
{
if ( modification == AccessControlModification.Remove ||
modification == AccessControlModification.RemoveAll ||
modification == AccessControlModification.RemoveSpecific )
{
modified = false;
return result;
}
_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl( IsContainer, IsDS, GenericAcl.AclRevision, 1 );
_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
}
SecurityIdentifier sid = rule.IdentityReference.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier;
if ( rule.AccessControlType == AccessControlType.Allow )
{
switch ( modification )
{
case AccessControlModification.Add:
_securityDescriptor.DiscretionaryAcl.AddAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Set:
_securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Reset:
_securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
_securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Remove:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
if ( result == false )
{
Contract.Assert( false, "Invalid operation" );
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific:
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
default :
throw new ArgumentOutOfRangeException(
"modification",
Environment.GetResourceString( "ArgumentOutOfRange_Enum" ));
}
}
else if ( rule.AccessControlType == AccessControlType.Deny )
{
switch ( modification )
{
case AccessControlModification.Add :
_securityDescriptor.DiscretionaryAcl.AddAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Set :
_securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Reset :
_securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
_securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.Remove :
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
case AccessControlModification.RemoveAll :
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 );
if ( result == false )
{
Contract.Assert( false, "Invalid operation" );
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific :
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags );
break;
default :
throw new ArgumentOutOfRangeException(
"modification",
Environment.GetResourceString( "ArgumentOutOfRange_Enum" ));
}
}
else
{
Contract.Assert( false, "rule.AccessControlType unrecognized" );
throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)rule.AccessControlType), "rule.AccessControlType" );
}
modified = result;
AccessRulesModified |= modified;
return result;
}
finally
{
WriteUnlock();
}
}
protected abstract bool ModifyAccess(AccessControlModification modification, AccessRule rule, ref bool modified);
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
modified = default(bool);
return default(bool);
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
throw new NotImplementedException();
}
public virtual bool ModifyAccessRule (AccessControlModification modification, AccessRule rule, out bool modified)
{
throw new NotImplementedException ();
}