protected void AddAccessRule(ObjectAccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
bool flag;
this.ModifyAccess(AccessControlModification.Add, rule, out flag);
}
finally
{
base.WriteUnlock();
}
}
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule)
{
throw new NotImplementedException();
}
protected void AddAccessRule(ObjectAccessRule rule)
{
throw new NotImplementedException();
}
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
if (base._securityDescriptor != null)
{
base.WriteLock();
try
{
bool flag;
this.ModifyAccess(AccessControlModification.RemoveSpecific, rule, out flag);
}
finally
{
base.WriteUnlock();
}
}
}
public bool RemoveAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
{
return RemoveAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
}
protected bool RemoveAccessRule(ObjectAccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
if (_securityDescriptor == null)
{
return true;
}
bool modified;
return ModifyAccess(AccessControlModification.Remove, rule, out modified);
}
finally
{
WriteUnlock();
}
}
protected bool RemoveAccessRule(ObjectAccessRule rule)
{
return(default(bool));
}
public new bool RemoveAccessRule(ObjectAccessRule rule)
{
return(base.RemoveAccessRule(rule));
}
protected void SetAccessRule(ObjectAccessRule rule)
{
}
protected void AddAccessRule(ObjectAccessRule rule)
{
}
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule)
{
}
protected void RemoveAccessRuleAll(ObjectAccessRule rule)
{
}
protected void SetAccessRule (ObjectAccessRule rule)
{
bool modified;
ModifyAccess (AccessControlModification.Set, rule, out modified);
}
public bool RemoveAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
{
return(RemoveAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType));
}
protected void RemoveAccessRuleAll(ObjectAccessRule rule)
{
}
public new void RemoveAccessRuleSpecific(ObjectAccessRule rule)
{
base.RemoveAccessRuleSpecific(rule);
}
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule)
{
}
public new void SetAccessRule(ObjectAccessRule rule)
{
base.SetAccessRule(rule);
}
protected void SetAccessRule(ObjectAccessRule rule)
{
}
//
// Modifies the DACL
//
private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified)
{
bool result = true;
if (_securityDescriptor.DiscretionaryAcl == null)
{
if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return result;
}
//_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1);
//_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
_securityDescriptor.AddDiscretionaryAcl(GenericAcl.AclRevisionDS, 1);
}
else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) &&
(rule.ObjectFlags != ObjectAceFlags.None))
{
//
// This will result in an object ace being added to the dacl, so the dacl revision must be AclRevisionDS
//
if (_securityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS)
{
//
// we need to create a new dacl with the same aces as the existing one but the revision should be AclRevisionDS
//
byte[] binaryForm = new byte[_securityDescriptor.DiscretionaryAcl.BinaryLength];
_securityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form
_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0));
}
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
if (rule.AccessControlType == AccessControlType.Allow)
{
switch (modification)
{
case AccessControlModification.Add:
//_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule);
break;
case AccessControlModification.Set:
//_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule);
break;
case AccessControlModification.Reset:
_securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
//_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule);
break;
case AccessControlModification.Remove:
//result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
Debug.Assert(false, "Invalid operation");
throw new Exception();
}
break;
case AccessControlModification.RemoveSpecific:
//_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule);
break;
default:
throw new ArgumentOutOfRangeException(
"modification",
SR.ArgumentOutOfRange_Enum);
}
}
else if (rule.AccessControlType == AccessControlType.Deny)
{
switch (modification)
{
case AccessControlModification.Add:
//_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule);
break;
case AccessControlModification.Set:
//_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule);
break;
case AccessControlModification.Reset:
_securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
//_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule);
break;
case AccessControlModification.Remove:
//result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule);
break;
case AccessControlModification.RemoveAll:
result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
Debug.Assert(false, "Invalid operation");
throw new Exception();
}
break;
case AccessControlModification.RemoveSpecific:
//_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule);
break;
default:
throw new ArgumentOutOfRangeException(
"modification",
SR.ArgumentOutOfRange_Enum);
}
}
else
{
Debug.Assert(false, "rule.AccessControlType unrecognized");
throw new Exception();
}
modified = result;
AccessRulesModified |= modified;
return result;
}
protected void AddAccessRule(ObjectAccessRule rule)
{
}
protected void RemoveAccessRuleSpecific (ObjectAccessRule rule)
{
bool modified;
ModifyAccess (AccessControlModification.RemoveSpecific, rule, out modified);
}
protected bool RemoveAccessRule(ObjectAccessRule rule)
{
return default(bool);
}
protected bool RemoveAccessRule(ObjectAccessRule rule)
{
bool flag2;
if (rule == null)
{
throw new ArgumentNullException("rule");
}
base.WriteLock();
try
{
bool flag;
if (base._securityDescriptor == null)
{
return true;
}
flag2 = this.ModifyAccess(AccessControlModification.Remove, rule, out flag);
}
finally
{
base.WriteUnlock();
}
return flag2;
}
/// <summary>从当前 <see cref="T:System.Security.AccessControl.DiscretionaryAcl" /> 对象移除指定的访问控制项 (ACE)。</summary>
/// <param name="accessType">要移除的访问控制类型(允许或拒绝)。</param>
/// <param name="sid">要为其移除 ACE 的 <see cref="T:System.Security.Principal.SecurityIdentifier" />。</param>
/// <param name="rule">
/// <see cref="T:System.Security.AccessControl.ObjectAccessRule" />为其删除的访问权限。</param>
public void RemoveAccessSpecific(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
{
this.RemoveAccessSpecific(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
}
//
// Modifies the DACL
//
private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified)
{
bool result = true;
if (SecurityDescriptor.DiscretionaryAcl == null)
{
if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return(result);
}
//_securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1);
//_securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
SecurityDescriptor.AddDiscretionaryAcl(GenericAcl.AclRevisionDS, 1);
}
else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) &&
(rule.ObjectFlags != ObjectAceFlags.None))
{
//
// This will result in an object ace being added to the dacl, so the dacl revision must be AclRevisionDS
//
if (SecurityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS)
{
//
// we need to create a new dacl with the same aces as the existing one but the revision should be AclRevisionDS
//
byte[] binaryForm = new byte[SecurityDescriptor.DiscretionaryAcl.BinaryLength];
SecurityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form
SecurityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0));
}
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
if (rule.AccessControlType == AccessControlType.Allow)
{
switch (modification)
{
case AccessControlModification.Add:
//_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule);
break;
case AccessControlModification.Set:
//_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule);
break;
case AccessControlModification.Reset:
SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
//_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule);
break;
case AccessControlModification.Remove:
//result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
result = SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule);
break;
case AccessControlModification.RemoveAll:
result = SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
throw new InvalidOperationException(SR.InvalidOperation_RemoveFail);
}
break;
case AccessControlModification.RemoveSpecific:
//_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule);
break;
default:
throw new ArgumentOutOfRangeException(
nameof(modification),
SR.ArgumentOutOfRange_Enum);
}
}
else if (rule.AccessControlType == AccessControlType.Deny)
{
switch (modification)
{
case AccessControlModification.Add:
//_securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule);
break;
case AccessControlModification.Set:
//_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule);
break;
case AccessControlModification.Reset:
SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
//_securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule);
break;
case AccessControlModification.Remove:
//result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
result = SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule);
break;
case AccessControlModification.RemoveAll:
result = SecurityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (result == false)
{
throw new InvalidOperationException(SR.InvalidOperation_RemoveFail);
}
break;
case AccessControlModification.RemoveSpecific:
//_securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
SecurityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule);
break;
default:
throw new ArgumentOutOfRangeException(
nameof(modification),
SR.ArgumentOutOfRange_Enum);
}
}
else
{
throw new ArgumentException(SR.Format(SR.TypeUnrecognized_AccessControl, rule.AccessControlType));
}
modified = result;
AccessRulesModified |= modified;
return(result);
}
private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified)
{
bool flag = true;
if (this._securityDescriptor.DiscretionaryAcl == null)
{
if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific)
{
modified = false;
return(flag);
}
this._securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(this.IsContainer, this.IsDS, GenericAcl.AclRevisionDS, 1);
this._securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
}
else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None && (int)this._securityDescriptor.DiscretionaryAcl.Revision < (int)GenericAcl.AclRevisionDS))
{
byte[] binaryForm = new byte[this._securityDescriptor.DiscretionaryAcl.BinaryLength];
this._securityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS;
this._securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(this.IsContainer, this.IsDS, new RawAcl(binaryForm, 0));
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
if (rule.AccessControlType == AccessControlType.Allow)
{
switch (modification)
{
case AccessControlModification.Add:
this._securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Set:
this._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Reset:
this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
this._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Remove:
flag = this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.RemoveAll:
flag = this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (!flag)
{
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific:
this._securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
default:
throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum"));
}
}
else
{
if (rule.AccessControlType != AccessControlType.Deny)
{
throw new SystemException();
}
switch (modification)
{
case AccessControlModification.Add:
this._securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Set:
this._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Reset:
this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
this._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Remove:
flag = this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.RemoveAll:
flag = this._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (!flag)
{
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific:
this._securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
default:
throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum"));
}
}
modified = flag;
this.AccessRulesModified = this.AccessRulesModified | modified;
return(flag);
}
protected bool RemoveAccessRule(ObjectAccessRule rule)
{
throw new NotImplementedException();
}
protected void AddAccessRule (ObjectAccessRule rule)
{
throw new NotImplementedException ();
}
protected void AddAccessRule(ObjectAccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException(nameof(rule));
}
Contract.EndContractBlock();
WriteLock();
try
{
bool modified;
ModifyAccess(AccessControlModification.Add, rule, out modified);
}
finally
{
WriteUnlock();
}
return;
}
protected bool RemoveAccessRule (ObjectAccessRule rule)
{
throw new NotImplementedException ();
}
public void AddAccess(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
{
AddAccess(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
}
protected void RemoveAccessRuleSpecific (ObjectAccessRule rule)
{
throw new NotImplementedException ();
}
public new void RemoveAccessRuleAll(ObjectAccessRule rule)
{
base.RemoveAccessRuleAll(rule);
}
protected bool RemoveAccessRule(ObjectAccessRule rule)
{
bool modified;
return(ModifyAccess(AccessControlModification.Remove, rule, out modified));
}
public new void ResetAccessRule(ObjectAccessRule rule)
{
base.ResetAccessRule(rule);
}
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule)
{
bool modified;
ModifyAccess(AccessControlModification.RemoveSpecific, rule, out modified);
}
public new void AddAccessRule(ObjectAccessRule rule)
{
base.AddAccessRule(rule);
}
protected void SetAccessRule(ObjectAccessRule rule)
{
bool modified;
ModifyAccess(AccessControlModification.Set, rule, out modified);
}
public void RemoveAccessSpecific(AccessControlType accessType, SecurityIdentifier sid, ObjectAccessRule rule)
{
RemoveAccessSpecific(accessType, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
}
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified)
{
if (null == rule)
{
throw new ArgumentNullException("rule");
}
ObjectAccessRule orule = rule as ObjectAccessRule;
if (null == orule)
{
throw new ArgumentException("rule");
}
modified = true;
WriteLock();
try {
switch (modification)
{
case AccessControlModification.Add:
descriptor.DiscretionaryAcl.AddAccess(orule.AccessControlType,
SidFromIR(orule.IdentityReference),
orule.AccessMask,
orule.InheritanceFlags,
orule.PropagationFlags,
orule.ObjectFlags,
orule.ObjectType,
orule.InheritedObjectType);
break;
case AccessControlModification.Set:
descriptor.DiscretionaryAcl.SetAccess(orule.AccessControlType,
SidFromIR(orule.IdentityReference),
orule.AccessMask,
orule.InheritanceFlags,
orule.PropagationFlags,
orule.ObjectFlags,
orule.ObjectType,
orule.InheritedObjectType);
break;
case AccessControlModification.Reset:
PurgeAccessRules(orule.IdentityReference);
goto case AccessControlModification.Add;
case AccessControlModification.Remove:
modified = descriptor.DiscretionaryAcl.RemoveAccess(orule.AccessControlType,
SidFromIR(orule.IdentityReference),
rule.AccessMask,
orule.InheritanceFlags,
orule.PropagationFlags,
orule.ObjectFlags,
orule.ObjectType,
orule.InheritedObjectType);
break;
case AccessControlModification.RemoveAll:
PurgeAccessRules(orule.IdentityReference);
break;
case AccessControlModification.RemoveSpecific:
descriptor.DiscretionaryAcl.RemoveAccessSpecific(orule.AccessControlType,
SidFromIR(orule.IdentityReference),
orule.AccessMask,
orule.InheritanceFlags,
orule.PropagationFlags,
orule.ObjectFlags,
orule.ObjectType,
orule.InheritedObjectType);
break;
default:
throw new ArgumentOutOfRangeException("modification");
}
if (modified)
{
AccessRulesModified = true;
}
} finally {
WriteUnlock();
}
return(modified);
}
protected void ResetAccessRule(ObjectAccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
WriteLock();
try
{
bool modified;
ModifyAccess(AccessControlModification.Reset, rule, out modified);
}
finally
{
WriteUnlock();
}
}
private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified)
{
bool flag = true;
if (base._securityDescriptor.DiscretionaryAcl == null)
{
if (((modification == AccessControlModification.Remove) || (modification == AccessControlModification.RemoveAll)) || (modification == AccessControlModification.RemoveSpecific))
{
modified = false;
return flag;
}
base._securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(base.IsContainer, base.IsDS, GenericAcl.AclRevisionDS, 1);
base._securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent);
}
else if ((((modification == AccessControlModification.Add) || (modification == AccessControlModification.Set)) || (modification == AccessControlModification.Reset)) && ((rule.ObjectFlags != ObjectAceFlags.None) && (base._securityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS)))
{
byte[] binaryForm = new byte[base._securityDescriptor.DiscretionaryAcl.BinaryLength];
base._securityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0);
binaryForm[0] = GenericAcl.AclRevisionDS;
base._securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(base.IsContainer, base.IsDS, new RawAcl(binaryForm, 0));
}
SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
if (rule.AccessControlType == AccessControlType.Allow)
{
switch (modification)
{
case AccessControlModification.Add:
base._securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
goto Label_045E;
case AccessControlModification.Set:
base._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
goto Label_045E;
case AccessControlModification.Reset:
base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
base._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
goto Label_045E;
case AccessControlModification.Remove:
flag = base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
goto Label_045E;
case AccessControlModification.RemoveAll:
flag = base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (!flag)
{
throw new SystemException();
}
goto Label_045E;
case AccessControlModification.RemoveSpecific:
base._securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
goto Label_045E;
}
throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum"));
}
if (rule.AccessControlType != AccessControlType.Deny)
{
throw new SystemException();
}
switch (modification)
{
case AccessControlModification.Add:
base._securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Set:
base._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Reset:
base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
base._securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.Remove:
flag = base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
case AccessControlModification.RemoveAll:
flag = base._securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty);
if (!flag)
{
throw new SystemException();
}
break;
case AccessControlModification.RemoveSpecific:
base._securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType);
break;
default:
throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum"));
}
Label_045E:
modified = flag;
base.AccessRulesModified |= modified;
return flag;
}
protected void RemoveAccessRuleSpecific(ObjectAccessRule rule)
{
if (rule == null)
{
throw new ArgumentNullException("rule");
}
Contract.EndContractBlock();
if (_securityDescriptor == null)
{
return;
}
WriteLock();
try
{
bool modified;
ModifyAccess(AccessControlModification.RemoveSpecific, rule, out modified);
}
finally
{
WriteUnlock();
}
}
protected bool RemoveAccessRule (ObjectAccessRule rule)
{
bool modified;
return ModifyAccess (AccessControlModification.Remove, rule, out modified);
}
