Summary description for SecurityDescriptor.
Inheritance: DisposableObject
Exemple #1
0
        public static void GetNamedSecurityInfo(
			string objectName,
			SE_OBJECT_TYPE objectType,
			SECURITY_INFORMATION securityInfo,
			out Sid sidOwner,
			out Sid sidGroup,
			out Dacl dacl,
			out Sacl sacl,
			out SecurityDescriptor secDesc)
        {
            sidOwner = null;
            sidGroup = null;
            dacl = null;
            sacl = null;
            secDesc = null;

            IntPtr ptrOwnerSid = IntPtr.Zero;
            IntPtr ptrGroupSid = IntPtr.Zero;
            IntPtr ptrDacl = IntPtr.Zero;
            IntPtr ptrSacl = IntPtr.Zero;
            IntPtr ptrSecDesc = IntPtr.Zero;

            DWORD rc = Win32.GetNamedSecurityInfo(objectName, objectType, securityInfo,
                ref ptrOwnerSid, ref ptrGroupSid, ref ptrDacl, ref ptrSacl, ref ptrSecDesc);

            if (rc != Win32.ERROR_SUCCESS)
            {
                Win32.SetLastError(rc);
                Win32.ThrowLastError();
            }

            try
            {
                if (ptrOwnerSid != IntPtr.Zero)
                    sidOwner = new Sid(ptrOwnerSid);

                if (ptrGroupSid != IntPtr.Zero)
                    sidGroup = new Sid(ptrGroupSid);

                if (ptrDacl != IntPtr.Zero)
                    dacl = new Dacl(ptrDacl);

                if (ptrSacl != IntPtr.Zero)
                    sacl = new Sacl(ptrSacl);

                if (ptrSecDesc != IntPtr.Zero)
                    secDesc = new SecurityDescriptor(ptrSecDesc, true);
            }
            catch
            {
                if (ptrSecDesc != IntPtr.Zero)
                    Win32.LocalFree(ptrSecDesc);
                throw;
            }
        }
        public System.IntPtr MarshalManagedToNative(object ManagedObj)
        {
            SecurityDescriptor sdIn = (SecurityDescriptor)ManagedObj;
            IntPtr sdPtr = IntPtr.Zero;
            if (sdIn != null)
            {
                _wrapper = sdIn;		// Keep a ref to the managed object
                sdPtr = sdIn.Ptr;
            }

            Debug.Assert(sdPtr != IntPtr.Zero,
                "Warning: It's almost always a bad idea to use a NULL security descriptor");
            return sdPtr;
        }
        private static void UnsafeSetSacl(SecurityDescriptor secDesc, Sacl sacl, bool defaulted)
        {
            if (sacl == null)
            throw new ArgumentException("Can't set null SACL on a security descriptor", "sacl");

              secDesc.MakeAbsolute();

              // First we have to get a copy of the old group ptr, so that
              // we can free it if everything goes well.
              BOOL rc;
              IntPtr pOldSacl = IntPtr.Zero;
              if(!secDesc.IsNull)
              {
            BOOL oldDefaulted, oldPresent;
            rc = Win32.GetSecurityDescriptorSacl(secDesc._secDesc, out oldPresent, ref pOldSacl, out oldDefaulted);
            Win32.CheckCall(rc);
              }
              else
              {
            secDesc.AllocateAndInitializeSecurityDescriptor();
              }

              IntPtr pNewSacl = IntPtr.Zero;
              try
              {
            if(!sacl.IsNull && !sacl.IsEmpty)
            {
              byte []pacl = sacl.GetNativeACL();
              pNewSacl = Win32.AllocGlobal(pacl.Length);
              Marshal.Copy(pacl, 0, pNewSacl, pacl.Length);
            }

            bool present = (sacl.IsNull || (pNewSacl != IntPtr.Zero));
            rc = Win32.SetSecurityDescriptorSacl(
              secDesc._secDesc, (present ? Win32.TRUE : Win32.FALSE),
              pNewSacl, (defaulted ?  Win32.TRUE : Win32.FALSE));
            Win32.CheckCall(rc);

            Win32.FreeGlobal(pOldSacl);
              }
              catch
              {
            Win32.FreeGlobal(pNewSacl);
            throw;
              }
        }
        private static unsafe void UnsafeSetOwner(SecurityDescriptor secDesc, Sid owner, bool defaulted)
        {
            if (! owner.IsValid)
            throw new ArgumentException("SID must be valid to set as owner of a security descriptor", "owner");

              secDesc.MakeAbsolute();

              // First we have to get a copy of the old owner ptr, so that
              // we can free it if everything goes well.
              BOOL rc;
              IntPtr pOldOwner;
              if(!secDesc.IsNull)
              {
            BOOL oldDefaulted;
            rc = Win32.GetSecurityDescriptorOwner(secDesc._secDesc, out pOldOwner, out oldDefaulted);
            Win32.CheckCall(rc);
              }
              else
              {
            secDesc.AllocateAndInitializeSecurityDescriptor();
            pOldOwner = IntPtr.Zero;
              }

              DWORD cbSidSize = (DWORD)owner.Size;
              IntPtr pNewOwner = Win32.AllocGlobal(cbSidSize);
              try
              {
            // Copy the SID content to pNewOwner memory
            fixed (byte *pNewSid = owner.GetNativeSID())
            {
              rc = Win32.CopySid(cbSidSize, pNewOwner, (IntPtr)pNewSid);
              Win32.CheckCall(rc);
            }
            // Set the new owner SID
            rc = Win32.SetSecurityDescriptorOwner(secDesc._secDesc,
              pNewOwner, (defaulted ? Win32.TRUE : Win32.FALSE));
            Win32.CheckCall(rc);

            // Now, we can free the old owner
            Win32.FreeGlobal(pOldOwner);
              }
              catch
              {
            Win32.FreeGlobal(pNewOwner);
            throw;
              }
        }
        //
        // Only called from the custom marshaler
        //
        internal void Parse(IntPtr pSecAttr)
        {
            if (pSecAttr == IntPtr.Zero)
                throw new ArgumentException("Can't parse a NULL struct", "pSecAttr");

            SECURITY_ATTRIBUTES attrs = (SECURITY_ATTRIBUTES)
                new MemoryMarshaler(pSecAttr).ParseStruct(typeof(SECURITY_ATTRIBUTES));

            _inheritHandles = Win32.ToBool(attrs.bInheritHandle);

            if (attrs.lpSecurityDescriptor != IntPtr.Zero)
            {
                // Create a new SecDesc only if we don't already have one or
                // if the one we have hasn't the same ptr to unmanged memory
                if (_secDesc == null || _secDesc.Ptr != attrs.lpSecurityDescriptor)
                    _secDesc = new SecurityDescriptor(attrs.lpSecurityDescriptor);
            }
        }