private static void AllowFileAccess(AppContainerProfile container, string folder, FileAccessRights accessRights) { var securityInfo = Win32Security.GetSecurityInfo( folder, SeObjectType.File, SecurityInformation.Dacl); var existingAce = securityInfo.Dacl.FirstOrDefault(d => d.Sid == container.Sid); if (existingAce is not null && existingAce.Type == AceType.Allowed && existingAce.Mask == accessRights && existingAce.Flags == (AceFlags.ContainerInherit | AceFlags.ObjectInherit)) { // Ace already exists. return; } var ace = new Ace( AceType.Allowed, AceFlags.ContainerInherit | AceFlags.ObjectInherit, accessRights, container.Sid); securityInfo.AddAce(ace); Win32Security.SetSecurityInfo( folder, SeObjectType.File, SecurityInformation.Dacl, securityInfo, true); }
internal SecurityDescriptorInheritanceSource( Ace ace, INHERITED_FROM inherited_from, SeObjectType type, NtType native_type, bool container, bool query_security, bool sacl) { InheritedAce = ace; if (native_type != null) { Access = NtSecurity.AccessMaskToString(ace.Mask, container ? native_type.ContainerAccessRightsType : native_type.AccessRightsType, native_type.GenericMapping, false); GenericAccess = NtSecurity.AccessMaskToString(ace.Mask, container ? native_type.ContainerAccessRightsType : native_type.AccessRightsType, native_type.GenericMapping, true); } else { Access = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess()); GenericAccess = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess()); } Depth = inherited_from.GenerationGap; Name = Marshal.PtrToStringUni(inherited_from.AncestorName); if (query_security && Name != null) { SecurityInformation sec_info = sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl; var sd = Win32Security.GetSecurityInfo(Name, type, sec_info, false); if (sd.IsSuccess) { SecurityDescriptor = sd.Result; } } }
/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { if (SecurityDescriptor == null) { SecurityDescriptor = Win32Security.GetSecurityInfo(Name, Type, Sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl); } WriteObject(Win32Security.GetInheritanceSource(Name, Type, IsContainer(), ObjectType, SecurityDescriptor, Sacl, GetGenericMapping(), QuerySecurity), true); }
/// <summary> /// Abstract method to get the security descriptor for access checking. /// </summary> /// <returns>The security descriptor.</returns> protected override SecurityDescriptor GetSecurityDescriptor() { SecurityInformation security_info = SecurityInformation.AllBasic; if (Type == SeObjectType.Service) { security_info = SecurityInformation.Owner | SecurityInformation.Group | SecurityInformation.Dacl | SecurityInformation.Label | SecurityInformation.Sacl; } return(Win32Security.GetSecurityInfo(GetPath(), Type, security_info)); }
/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { SecurityDescriptor sd = null; switch (ParameterSetName) { case "FromName": string path = Name; if (Type == SeObjectType.File) { path = PSUtils.ResolveWin32Path(SessionState, Name, false); } if (Type == SeObjectType.Service) { SecurityInformation &= SecurityInformation.Owner | SecurityInformation.Group | SecurityInformation.Dacl | SecurityInformation.Label; if (Name == ".") { sd = ServiceUtils.GetScmSecurityDescriptor(SecurityInformation); break; } } sd = Win32Security.GetSecurityInfo(path, Type, SecurityInformation); break; case "FromObject": sd = Win32Security.GetSecurityInfo(Object.Handle, Type, SecurityInformation); break; case "FromHandle": sd = Win32Security.GetSecurityInfo(Handle, Type, SecurityInformation); break; } if (sd != null) { WriteObject(sd); } }
/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { SecurityDescriptor sd = null; switch (ParameterSetName) { case "FromName": sd = Win32Security.GetSecurityInfo(Name, Type, SecurityInformation); break; case "FromObject": sd = Win32Security.GetSecurityInfo(Object.Handle, Type, SecurityInformation); break; case "FromHandle": sd = Win32Security.GetSecurityInfo(Handle, Type, SecurityInformation); break; } if (sd != null) { WriteObject(sd); } }