public static Boolean CreateDir(String strSitePath, String strUserName) { Boolean bOk; try { Directory.CreateDirectory(strSitePath); SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); Dacl dacl = secDesc.Dacl; Sid sidUser = new Sid (strUserName); // allow: folder, subfolder and files // modify dacl.AddAce (new AceAccessAllowed (sidUser, AccessType.GENERIC_WRITE | AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE , AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE)); // deny: this folder // write attribs // write extended attribs // delete // change permissions // take ownership DirectoryAccessType DAType = DirectoryAccessType.FILE_WRITE_ATTRIBUTES | DirectoryAccessType.FILE_WRITE_EA | DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | DirectoryAccessType.WRITE_DAC; AccessType AType = (AccessType)DAType; dacl.AddAce (new AceAccessDenied (sidUser, AType)); secDesc.SetDacl(dacl); secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION); bOk = true; } catch { bOk = false; } return bOk; }
public void SetOwner(Sid owner) { SetOwner(owner, false); }
public void SetGroup(Sid group, bool defaulted) { UnsafeSetGroup(this, group, defaulted); }
public void SetGroup(Sid group) { SetGroup(group, false); }
internal TokenGroup(MemoryMarshaler m) { SID_AND_ATTRIBUTES sa = (SID_AND_ATTRIBUTES)m.ParseStruct(typeof(SID_AND_ATTRIBUTES)); _sid = new Sid(sa.Sid); _attributes = (GroupAttributes)sa.Attributes; }
public void SetOwner(Sid owner, bool bDefaulted) { UnsafeSetOwner(this, owner, bDefaulted); }
internal static unsafe void UnsafeSetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { fixed(byte *pSidOwner = (sidOwner != null ? sidOwner.GetNativeSID() : null)) { fixed(byte *pSidGroup = (sidGroup != null ? sidGroup.GetNativeSID() : null)) { fixed(byte *pDacl = (dacl != null ? dacl.GetNativeACL() : null)) { fixed(byte *pSacl = (sacl != null ? sacl.GetNativeACL() : null)) { DWORD rc = Win32.SetSecurityInfo(handle, ObjectType, SecurityInfo, (IntPtr)pSidOwner, (IntPtr)pSidGroup, (IntPtr)pDacl, (IntPtr)pSacl); if (rc != Win32.ERROR_SUCCESS) { Win32.SetLastError(rc); Win32.ThrowLastError(); } } } } } }
public static void SetNamedSecurityInfo( string objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { UnsafeSetNamedSecurityInfo (objectName, objectType, securityInfo, sidOwner, sidGroup, dacl, sacl); }
private static unsafe bool UnsafeEqualsPrefixSids(Sid s1, Sid s2) { if (object.ReferenceEquals(s1, null) && object.ReferenceEquals(s2, null)) return true; if (object.ReferenceEquals(s1, null) || object.ReferenceEquals(s2, null)) return false; if (!s1.IsValid) return false; if (!s2.IsValid) return false; fixed(byte *psid1 = s1._psid, psid2 = s2._psid) { IntPtr psid1Ptr = (IntPtr)psid1; IntPtr psid2Ptr = (IntPtr)psid2; BOOL rc = Win32.EqualPrefixSid(psid1Ptr, psid2Ptr); return (rc != Win32.FALSE); } }
protected void BaseInit(ACE_HEADER header, AccessType accessType, Sid sid) { _header = header; _accessType = accessType; _sid = sid; }
protected void BaseInit(AceType type, int size, AceFlags flags, Sid sid, AccessType accessType) { if (size >= ushort.MaxValue) throw new ArgumentException("Ace size is limited to an 16-bit integer", "size"); if (size <= ACE_HEADER.SizeOf) throw new ArgumentException("Ace size must be at least the size of an ACE_HEADER", "size"); _header.AceType = type; _header.AceSize = (ushort)size; _header.AceFlags = flags; _accessType = accessType; _sid = sid; }
private static void AddAceForAccount(Dacl dacl, string account) { bool accountExists = true; Sid sid = null; try { sid = new Sid(account); } catch (COMException) { accountExists = false; } if (accountExists) { AceAccessAllowed netAce = new AceAccessAllowed(sid, AccessType.GENERIC_ALL, AceFlags.CONTAINER_INHERIT_ACE | AceFlags.OBJECT_INHERIT_ACE); dacl.AddAce(netAce); } }
public void SetGroup(Sid group, bool defaulted) { UnsafeSetGroup(this, group, defaulted); }
public void SetGroup(Sid group) { SetGroup(group, false); }
public void SetOwner(Sid owner, bool bDefaulted) { UnsafeSetOwner(this, owner, bDefaulted); }
public bool EqualsPrefix(Sid other) { return UnsafeEqualsPrefixSids(this, other); }
private static unsafe void UnsafeSetOwner(SecurityDescriptor secDesc, Sid owner, bool defaulted) { if (! owner.IsValid) throw new ArgumentException("SID must be valid to set as owner of a security descriptor", "owner"); secDesc.MakeAbsolute(); // First we have to get a copy of the old owner ptr, so that // we can free it if everything goes well. BOOL rc; IntPtr pOldOwner; if(!secDesc.IsNull) { BOOL oldDefaulted; rc = Win32.GetSecurityDescriptorOwner(secDesc._secDesc, out pOldOwner, out oldDefaulted); Win32.CheckCall(rc); } else { secDesc.AllocateAndInitializeSecurityDescriptor(); pOldOwner = IntPtr.Zero; } DWORD cbSidSize = (DWORD)owner.Size; IntPtr pNewOwner = Win32.AllocGlobal(cbSidSize); try { // Copy the SID content to pNewOwner memory fixed (byte *pNewSid = owner.GetNativeSID()) { rc = Win32.CopySid(cbSidSize, pNewOwner, (IntPtr)pNewSid); Win32.CheckCall(rc); } // Set the new owner SID rc = Win32.SetSecurityDescriptorOwner(secDesc._secDesc, pNewOwner, (defaulted ? Win32.TRUE : Win32.FALSE)); Win32.CheckCall(rc); // Now, we can free the old owner Win32.FreeGlobal(pOldOwner); } catch { Win32.FreeGlobal(pNewOwner); throw; } }
/// <summary> /// Remove all ACEs having 'sid' as their sid. /// </summary> /// <param name="sid"></param> /// <returns></returns> public bool RemoveAces(Sid sid) { if (IsNull) return false; // Remove from end to start to avoid indices issues bool found = false; for(int i = AceCount - 1; i >= 0; i--) { if (GetAce(i).Sid == sid) { found = true; _aces.RemoveAt(i); } } // If at least one was remove, mark us as "Dirty" if (found) Dirty(); return found; }
public static void SetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { UnsafeSetSecurityInfo (handle, ObjectType, SecurityInfo, sidOwner, sidGroup, dacl, sacl); }
internal unsafe static void UnsafeSetNamedSecurityInfo( string objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { byte[] pSidOwner = (sidOwner != null) ? sidOwner.GetNativeSID() : null; byte[] pSidGroup = (sidGroup != null) ? sidGroup.GetNativeSID() : null; byte[] pDacl = (dacl != null) ? dacl.GetNativeACL() : null; byte[] pSacl = (sacl != null) ? sacl.GetNativeACL() : null; DWORD rc = Win32.SetNamedSecurityInfo(objectName, objectType, securityInfo, pSidOwner, pSidGroup, pDacl, pSacl); if (rc != Win32.ERROR_SUCCESS) { Win32.SetLastError(rc); Win32.ThrowLastError(); } }
public void SetOwner(Sid owner) { SetOwner(owner, false); }
public static void GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, out Sid sidOwner, out Sid sidGroup, out Dacl dacl, out Sacl sacl, out SecurityDescriptor secDesc) { sidOwner = null; sidGroup = null; dacl = null; sacl = null; secDesc = null; IntPtr ptrOwnerSid = IntPtr.Zero; IntPtr ptrGroupSid = IntPtr.Zero; IntPtr ptrDacl = IntPtr.Zero; IntPtr ptrSacl = IntPtr.Zero; IntPtr ptrSecDesc = IntPtr.Zero; DWORD rc = Win32.GetSecurityInfo(handle, objectType, securityInfo, ref ptrOwnerSid, ref ptrGroupSid, ref ptrDacl, ref ptrSacl, ref ptrSecDesc); if (rc != Win32.ERROR_SUCCESS) { Win32.SetLastError(rc); Win32.ThrowLastError(); } try { if (ptrOwnerSid != IntPtr.Zero) sidOwner = new Sid(ptrOwnerSid); if (ptrGroupSid != IntPtr.Zero) sidGroup = new Sid(ptrGroupSid); if (ptrDacl != IntPtr.Zero) dacl = new Dacl(ptrDacl); if (ptrSacl != IntPtr.Zero) sacl = new Sacl(ptrSacl); if (ptrSecDesc != IntPtr.Zero) secDesc = new SecurityDescriptor(ptrSecDesc, true); } catch { if (ptrSecDesc != IntPtr.Zero) Win32.LocalFree(ptrSecDesc); throw; } }