public static extern BOOL GetKernelObjectSecurity(
HANDLE Handle, // handle to object
SECURITY_INFORMATION RequestedInformation, // request
PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD
DWORD nLength, // size of SD
out DWORD lpnLengthNeeded // required size of buffer
);
public NtStatus GetFileSecurityProxy(string rawFileName,
ref SECURITY_INFORMATION rawRequestedInformation,
IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength,
ref uint rawSecurityDescriptorLengthNeeded,
DokanFileInfo rawFileInfo)
{
FileSystemSecurity sec;
var sect = AccessControlSections.None;
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Owner;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Group;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Access;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Audit;
}
try
{
this.logger.Debug("GetFileSecurityProxy : {0}", rawFileName);
this.logger.Debug("\tFileSystemSecurity\t{0}", sect);
this.logger.Debug("\tContext\t{0}", this.ToTrace(rawFileInfo));
NtStatus result = operations.GetFileSecurity(rawFileName, out sec, sect, rawFileInfo);
if (result == DokanResult.Success /*&& sec != null*/)
{
Debug.Assert(sec != null);
this.logger.Debug("\tFileSystemSecurity Result : {0}", sec);
var buffer = sec.GetSecurityDescriptorBinaryForm();
rawSecurityDescriptorLengthNeeded = (uint)buffer.Length;
if (buffer.Length > rawSecurityDescriptorLength)
{
return(DokanResult.BufferOverflow);
}
Marshal.Copy(buffer, 0, rawSecurityDescriptor, buffer.Length);
}
this.logger.Debug("GetFileSecurityProxy : {0} Return : {1}", rawFileName, result);
return(result);
}
catch (Exception ex)
{
this.logger.Error("GetFileSecurityProxy : {0} Throw : {1}", rawFileName, ex.Message);
return(DokanResult.InvalidParameter);
}
}
internal unsafe static void UnsafeSetNamedSecurityInfo(
string objectName,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
Sid sidOwner,
Sid sidGroup,
Dacl dacl,
Sacl sacl)
{
fixed(byte *pSidOwner = (sidOwner != null ? sidOwner.GetNativeSID() : null))
{
fixed(byte *pSidGroup = (sidGroup != null ? sidGroup.GetNativeSID() : null))
{
fixed(byte *pDacl = (dacl != null ? dacl.GetNativeACL() : null))
{
fixed(byte *pSacl = (sacl != null ? sacl.GetNativeACL() : null))
{
DWORD rc = Win32.SetNamedSecurityInfo(objectName, objectType, securityInfo,
(IntPtr)pSidOwner, (IntPtr)pSidGroup, (IntPtr)pDacl, (IntPtr)pSacl);
if (rc != Win32.ERROR_SUCCESS)
{
Win32.SetLastError(rc);
Win32.ThrowLastError();
}
}
}
}
}
}
ConvertSecurityDescriptorToStringSecurityDescriptor(
[In] byte[] SecurityDescriptor,
[In] int RequestedStringSDRevision,
[In] SECURITY_INFORMATION SecurityInformation,
[Out] out IntPtr StringSecurityDescriptor,
[Out] out int StringSecurityDescriptorLen
);
void ISecurityInformation.GetSecurity(SECURITY_INFORMATION requestInformation, out IntPtr ppSecurityDescriptor, bool fDefault)
{
System.Diagnostics.Debug.WriteLine($"GetSecurity: {requestInformation}{(fDefault ? " (Def)" : "")}");
ppSecurityDescriptor = GetPrivateObjectSecurity(fDefault ? prov.GetDefaultSecurity() : (IntPtr)pSD, requestInformation);
System.Diagnostics.Debug.WriteLine(
$"GetSecurity={SecurityDescriptorPtrToSdll(ppSecurityDescriptor, requestInformation) ?? "null"} <- {SecurityDescriptorPtrToSdll((IntPtr)pSD, requestInformation) ?? "null"}");
}
public static IEnumerable <INHERITED_FROM> GetInheritanceSource(string objectName, ResourceType objectType,
SECURITY_INFORMATION securityInfo, bool container, IntPtr pAcl, ref GENERIC_MAPPING pGenericMapping)
{
var objSize = Marshal.SizeOf(typeof(INHERITED_FROM));
var aceCount = GetAceCount(pAcl);
using (var pInherit = new SafeCoTaskMemHandle(objSize * (int)aceCount))
{
var hr = 0;
try
{
hr = AdvApi32.GetInheritanceSource(objectName, objectType, securityInfo, container, null, 0, pAcl, IntPtr.Zero, ref pGenericMapping, (IntPtr)pInherit);
if (hr != 0)
{
throw new System.ComponentModel.Win32Exception(hr);
}
return(pInherit.ToIEnum <INHERITED_FROM>((int)aceCount));
}
finally
{
if (hr != 0)
{
FreeInheritedFromArray((IntPtr)pInherit, (ushort)aceCount, IntPtr.Zero);
}
}
}
}
/// <summary>
/// Return the selected components of the security descriptor of a given kernel object handle
/// </summary>
/// <param name="fileName">The kernel object handle</param>
/// <param name="secInfo">The components of the security descriptor to return</param>
/// <returns>The security descriptor</returns>
public static SecurityDescriptor GetKernelObjectSecurity(HANDLE handle, SECURITY_INFORMATION secInfo)
{
DWORD cbLength;
BOOL rc = Win32.GetKernelObjectSecurity(handle, secInfo, IntPtr.Zero, 0, out cbLength);
switch (Win32.GetLastError())
{
case Win32.SUCCESS:
throw new InvalidOperationException("Unexpected return code from GetKernelObjectSecurity()");
case Win32.ERROR_INSUFFICIENT_BUFFER:
IntPtr secDescPtr = Win32.AllocGlobal(cbLength);
try {
rc = Win32.GetKernelObjectSecurity(handle, secInfo, secDescPtr, cbLength, out cbLength);
Win32.CheckCall(rc);
return(new SecurityDescriptor(secDescPtr));
}
catch {
Win32.FreeGlobal(secDescPtr);
throw;
}
default:
Win32.ThrowLastError();
return(null); // Never executed
}
}
public static extern BOOL GetFileSecurity(
LPCTSTR lpFileName,
SECURITY_INFORMATION RequestedInformation,
PSECURITY_DESCRIPTOR pSecurityDescriptor,
DWORD nLength,
out DWORD lpnLengthNeeded
);
public static extern uint SetSecurityInfo(
IntPtr handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
IntPtr psidOwner,
IntPtr psidGroup,
IntPtr pDacl,
IntPtr pSacl);
private static extern int SetNamedSecurityInfo(
string pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
IntPtr psidOwner,
IntPtr psidGroup,
IntPtr pDacl,
IntPtr pSacl);
/// <summary>
/// Sets a keys security descriptor.
/// See http://msdn.microsoft.com/en-us/library/ee210774(v=vs.85).aspx
/// </summary>
/// <param name="hKey">Handle to an open key.</param>
/// <param name="securityInformation">The type of security information to set.</param>
/// <param name="pSecurityDescriptor">Pointer to data buffer.</param>
/// <returns>
/// <see cref="Win32Result" /> of the result. Win32Result.ERROR_SUCCESS indicates success.
/// </returns>
public static Win32Result SetKeySecurity(IntPtr hKey,
SECURITY_INFORMATION securityInformation,
/*ref IntPtr*/ IntPtr pSecurityDescriptor)
{
return(Is64BitProcess
? SetKeySecurity64(hKey, securityInformation, pSecurityDescriptor)
: SetKeySecurity32(hKey, securityInformation, pSecurityDescriptor));
}
internal static SafeSecurityDescriptor GetSD(string filename, SECURITY_INFORMATION si = SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION)
{
var err = GetNamedSecurityInfo(filename, SE_OBJECT_TYPE.SE_FILE_OBJECT, si, out _, out _, out _, out _, out var pSD);
Assert.That(err, Is.EqualTo(0));
Assert.That(!pSD.IsInvalid);
return(pSD);
}
public static extern DWORD SetNamedSecurityInfo(
LPCTSTR pObjectName, //REVIEW: Why is it documented as LPTSTR
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl);
public static extern uint SetSecurityInfo(
IntPtr handle,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInformation,
IntPtr pOwner,
IntPtr pGroup,
IntPtr pDacl,
IntPtr pSacl);
public static extern DWORD SetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl);
public static extern Win32Error GetNamedSecurityInfo(
string pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
out IntPtr ppsidOwner,
out IntPtr ppsidGroup,
out IntPtr ppDacl,
out IntPtr ppSacl,
out SafeSecurityDescriptor ppSecurityDescriptor);
static extern uint SetSecurityInfo(
IntPtr handle,
_SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
out IntPtr pSidOwner,
out IntPtr pSidGroup,
out IntPtr pDacl,
out IntPtr pSacl,
out IntPtr pSecurityDescriptor);
/// <summary>
/// Gets a keys security descriptor.
/// See http://msdn.microsoft.com/en-us/library/ee210766(v=vs.85).aspx
/// </summary>
/// <param name="hKey">Handle to an open key.</param>
/// <param name="securityInformation">The type of security information to request.</param>
/// <param name="pSecurityDescriptor">Pointer to data buffer.</param>
/// <param name="lpcbSecurityDescriptor">Size of the data buffer.</param>
/// <returns>
/// <see cref="Win32Result" /> of the result. Win32Result.ERROR_SUCCESS indicates success.
/// </returns>
public static Win32Result GetKeySecurity(IntPtr hKey,
SECURITY_INFORMATION securityInformation,
IntPtr pSecurityDescriptor,
ref uint lpcbSecurityDescriptor)
{
return(Is64BitProcess
? GetKeySecurity64(hKey, securityInformation, pSecurityDescriptor, ref lpcbSecurityDescriptor)
: GetKeySecurity32(hKey, securityInformation, pSecurityDescriptor, ref lpcbSecurityDescriptor));
}
public int SetFileSecurity(
IntPtr rawFileName,
ref SECURITY_INFORMATION rawSecurityInformation,
ref SECURITY_DESCRIPTOR rawSecurityDescriptor,
ref uint rawSecurityDescriptorLengthNeeded,
ref DOKAN_FILE_INFO rawFileInfo)
{
return(-1);
}
static extern int GetNamedSecurityInfo(
String objectName,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
out IntPtr sidOwner,
out IntPtr sidGroup,
out IntPtr dacl,
out IntPtr sacl,
out IntPtr securityDescriptor);
public static extern int GetSecurityInfo(
IntPtr handle,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
out IntPtr sidOwner,
out IntPtr sidGroup,
out IntPtr dacl,
out IntPtr sacl,
out IntPtr securityDescriptor);
public static extern DWORD GetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
ref PSID ppsidOwner,
ref PSID ppsidGroup,
ref PACL ppDacl,
ref PACL ppSacl,
ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
public static extern DWORD GetNamedSecurityInfo(
LPCTSTR pObjectName, //REVIEW: Why is it documented as LPTSTR
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
ref PSID ppsidOwner,
ref PSID ppsidGroup,
ref PACL ppDacl,
ref PACL ppSacl,
ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
static extern uint GetNamedSecurityInfo(
string pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
out IntPtr pSidOwner,
out IntPtr pSidGroup,
out IntPtr pDacl,
out IntPtr pSacl,
out IntPtr pSecurityDescriptor);
public static extern uint GetSecurityInfo(
IntPtr handle,
_SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
ref IntPtr ppsidOwner,
ref IntPtr ppsidGroup,
ref IntPtr ppDacl,
ref IntPtr ppSacl,
ref IntPtr ppSecurityDescriptor
);
public void SetRegistryKeySecurity(HKEY hKey, SECURITY_INFORMATION secInfo)
{
int rc = Win32.RegSetKeySecurity(hKey, secInfo, this._secDesc);
if (rc != Win32.SUCCESS)
{
Win32.SetLastError((uint)rc);
Win32.ThrowLastError();
}
}
public int GetFileSecurityProxy(string rawFileName, ref SECURITY_INFORMATION rawRequestedInformation,
IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength,
ref uint rawSecurityDescriptorLengthNeeded,
DokanFileInfo rawFileInfo)
{
FileSystemSecurity sec;
var sect = AccessControlSections.None;
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Owner;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Group;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Access;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Audit;
}
try
{
int ret = (int)_operations.GetFileSecurity(rawFileName, out sec, sect, rawFileInfo);
if (ret == ERROR_SUCCESS /*&& sec != null*/)
{
Debug.Assert(sec != null);
var buffer = sec.GetSecurityDescriptorBinaryForm();
rawSecurityDescriptorLengthNeeded = (uint)buffer.Length;
if (buffer.Length > rawSecurityDescriptorLength)
{
return(ERROR_INSUFFICIENT_BUFFER);
}
Marshal.Copy(buffer, 0, rawSecurityDescriptor, buffer.Length);
}
return(ret);
}
catch
{
#if DEBUGDOKAN
Log("UnmountProxy: {0}\n", rawFileName);
//throw;
#endif
return(ERROR_INVALID_FUNCTION);
}
}
public static extern UInt32 GetInheritanceSource(
[MarshalAs(UnmanagedType.LPTStr)] string pObjectName,
ResourceType ObjectType,
SECURITY_INFORMATION SecurityInfo,
[MarshalAs(UnmanagedType.Bool)] bool Container,
IntPtr pObjectClassGuids,
UInt32 GuidCount,
byte[] pAcl,
IntPtr pfnArray,
ref GENERIC_MAPPING pGenericMapping,
IntPtr pInheritArray);
public static void SetNamedSecurityInfo(
string objectName,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
Sid sidOwner,
Sid sidGroup,
Dacl dacl,
Sacl sacl)
{
UnsafeSetNamedSecurityInfo(objectName, objectType, securityInfo,
sidOwner, sidGroup, dacl, sacl);
}
public static IEnumerable <INHERITED_FROM> GetInheritanceSource(string objectName, System.Security.AccessControl.ResourceType objectType,
SECURITY_INFORMATION securityInfo, bool container, IntPtr pAcl, ref GENERIC_MAPPING pGenericMapping)
{
var objSize = Marshal.SizeOf(typeof(INHERITED_FROM));
var aceCount = GetAceCount(pAcl);
using (var pInherit = new SafeInheritedFromArray((ushort)aceCount))
{
AdvApi32.GetInheritanceSource(objectName, (SE_OBJECT_TYPE)objectType, securityInfo, container, null, 0, pAcl, IntPtr.Zero, ref pGenericMapping, pInherit).ThrowIfFailed();
return(pInherit.Results);
}
}
public static SecurityDescriptor GetRegistryKeySecurity(HKEY hKey, SECURITY_INFORMATION secInfo)
{
DWORD cbLength = 0;
int rc = Win32.RegGetKeySecurity(hKey, secInfo, IntPtr.Zero, ref cbLength);
if (rc != Win32.SUCCESS)
Win32.SetLastError((uint)rc);
switch(rc)
{
case Win32.SUCCESS:
throw new InvalidOperationException("Unexpected return code from RegGetKeySecurity()");
case Win32.ERROR_INSUFFICIENT_BUFFER:
IntPtr secDescPtr = Win32.AllocGlobal(cbLength);
try
{
rc = Win32.RegGetKeySecurity(hKey, secInfo, secDescPtr, ref cbLength);
if (rc != Win32.SUCCESS)
{
Win32.SetLastError((uint)rc);
Win32.ThrowLastError();
}
return new SecurityDescriptor(secDescPtr);
}
catch
{
Win32.FreeGlobal(secDescPtr);
throw;
}
default:
Win32.ThrowLastError();
return null; // Never executed
}
}
private static extern long GetSecurityInfo(IntPtr handle, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, out IntPtr ppsidOwner, out IntPtr ppsidGroup, out IntPtr ppDacl, out IntPtr ppSacl, out IntPtr ppSecurityDescriptor);
public static extern BOOL GetKernelObjectSecurity( HANDLE Handle, // handle to object SECURITY_INFORMATION RequestedInformation, // request PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD DWORD nLength, // size of SD out DWORD lpnLengthNeeded // required size of buffer );
public static extern BOOL SetKernelObjectSecurity( HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor );
static extern int GetNamedSecurityInfo(
String objectName,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
out IntPtr sidOwner,
out IntPtr sidGroup,
out IntPtr dacl,
out IntPtr sacl,
out IntPtr securityDescriptor);
private static extern bool ConvertSecurityDescriptorToStringSecurityDescriptor(byte[] sd, uint rev, SECURITY_INFORMATION secinfo, out IntPtr str, out int length);
public static extern bool GetKernelObjectSecurity(IntPtr Handle, SECURITY_INFORMATION RequestedInformation, IntPtr pSecurityDescriptor, uint nLength, out uint lpnLengthNeeded);
public static extern bool SetKernelObjectSecurity(IntPtr Handle, SECURITY_INFORMATION SecurityInformation, IntPtr SecurityDescriptor);
static extern int SetNamedSecurityInfo([MarshalAs(UnmanagedType.LPTStr)] string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);
internal unsafe static void UnsafeSetNamedSecurityInfo(
string objectName,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
Sid sidOwner,
Sid sidGroup,
Dacl dacl,
Sacl sacl)
{
byte[] pSidOwner = (sidOwner != null) ? sidOwner.GetNativeSID() : null;
byte[] pSidGroup = (sidGroup != null) ? sidGroup.GetNativeSID() : null;
byte[] pDacl = (dacl != null) ? dacl.GetNativeACL() : null;
byte[] pSacl = (sacl != null) ? sacl.GetNativeACL() : null;
DWORD rc = Win32.SetNamedSecurityInfo(objectName, objectType, securityInfo,
pSidOwner, pSidGroup, pDacl, pSacl);
if (rc != Win32.ERROR_SUCCESS)
{
Win32.SetLastError(rc);
Win32.ThrowLastError();
}
}
public int SetFileSecurityProxy(
string rawFileName, ref SECURITY_INFORMATION rawSecurityInformation,
IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength,
DokanFileInfo rawFileInfo)
{
var sect = AccessControlSections.None;
if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Owner;
}
if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Group;
}
if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) ||
rawSecurityInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) ||
rawSecurityInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Access;
}
if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) ||
rawSecurityInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) ||
rawSecurityInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Audit;
}
var buffer = new byte[rawSecurityDescriptorLength];
try
{
Marshal.Copy(rawSecurityDescriptor, buffer, 0, (int)rawSecurityDescriptorLength);
var sec = rawFileInfo.IsDirectory ? (FileSystemSecurity)new DirectorySecurity() : new FileSecurity();
sec.SetSecurityDescriptorBinaryForm(buffer);
return (int)_operations.SetFileSecurity(rawFileName, sec, sect, rawFileInfo);
}
catch
{
#if DEBUG
throw;
#else
return ERROR_INVALID_FUNCTION;
#endif
}
}
public NtStatus SetFileSecurityProxy(string rawFileName,
ref SECURITY_INFORMATION rawSecurityInformation, IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength,
DokanFileInfo rawFileInfo)
{
var sect = AccessControlSections.None;
if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Owner;
}
if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Group;
}
if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) ||
rawSecurityInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) ||
rawSecurityInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Access;
}
if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) ||
rawSecurityInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) ||
rawSecurityInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Audit;
}
var buffer = new byte[rawSecurityDescriptorLength];
try
{
Marshal.Copy(rawSecurityDescriptor, buffer, 0, (int)rawSecurityDescriptorLength);
var sec = rawFileInfo.IsDirectory ? (FileSystemSecurity)new DirectorySecurity() : new FileSecurity();
sec.SetSecurityDescriptorBinaryForm(buffer);
Trace("\nSetFileSecurityProxy : " + rawFileName);
Trace("\tAccessControlSections\t" + sect);
Trace("\tFileSystemSecurity\t" + sec);
Trace("\tContext\t" + ToTrace(rawFileInfo));
NtStatus result = operations.SetFileSecurity(rawFileName, sec, sect, rawFileInfo);
Trace("SetFileSecurityProxy : " + rawFileName + " Return : " + result);
return result;
}
#pragma warning disable 0168
catch (Exception ex)
#pragma warning restore 0168
{
Trace("SetFileSecurityProxy : " + rawFileName + " Throw : " + ex.Message);
return DokanResult.InvalidParameter;
}
}
public static void SetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
Sid sidOwner,
Sid sidGroup,
Dacl dacl,
Sacl sacl)
{
UnsafeSetSecurityInfo (handle, ObjectType, SecurityInfo,
sidOwner, sidGroup, dacl, sacl);
}
internal static unsafe void UnsafeSetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
Sid sidOwner,
Sid sidGroup,
Dacl dacl,
Sacl sacl)
{
fixed(byte *pSidOwner = (sidOwner != null ? sidOwner.GetNativeSID() : null))
{
fixed(byte *pSidGroup = (sidGroup != null ? sidGroup.GetNativeSID() : null))
{
fixed(byte *pDacl = (dacl != null ? dacl.GetNativeACL() : null))
{
fixed(byte *pSacl = (sacl != null ? sacl.GetNativeACL() : null))
{
DWORD rc = Win32.SetSecurityInfo(handle, ObjectType, SecurityInfo,
(IntPtr)pSidOwner, (IntPtr)pSidGroup, (IntPtr)pDacl, (IntPtr)pSacl);
if (rc != Win32.ERROR_SUCCESS)
{
Win32.SetLastError(rc);
Win32.ThrowLastError();
}
}
}
}
}
}
public static extern bool SetServiceObjectSecurity(
SafeServiceHandle hService,
SECURITY_INFORMATION dwSecurityInformation,
byte[] lpSecurityDescriptor);
public static void SetNamedSecurityInfo(
string objectName,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
Sid sidOwner,
Sid sidGroup,
Dacl dacl,
Sacl sacl)
{
UnsafeSetNamedSecurityInfo (objectName, objectType, securityInfo,
sidOwner, sidGroup, dacl, sacl);
}
public NtStatus GetFileSecurityProxy(string rawFileName,
ref SECURITY_INFORMATION rawRequestedInformation,
IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength,
ref uint rawSecurityDescriptorLengthNeeded,
DokanFileInfo rawFileInfo)
{
FileSystemSecurity sec;
var sect = AccessControlSections.None;
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Owner;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Group;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Access;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Audit;
}
try
{
Trace("\nGetFileSecurityProxy : " + rawFileName);
Trace("\tFileSystemSecurity\t" + sect);
Trace("\tContext\t" + ToTrace(rawFileInfo));
NtStatus result = operations.GetFileSecurity(rawFileName, out sec, sect, rawFileInfo);
if (result == DokanResult.Success /*&& sec != null*/)
{
Debug.Assert(sec != null);
Trace("\tFileSystemSecurity Result : " + sec);
var buffer = sec.GetSecurityDescriptorBinaryForm();
rawSecurityDescriptorLengthNeeded = (uint)buffer.Length;
if (buffer.Length > rawSecurityDescriptorLength)
return DokanResult.BufferOverflow;
Marshal.Copy(buffer, 0, rawSecurityDescriptor, buffer.Length);
}
Trace("GetFileSecurityProxy : " + rawFileName + " Return : " + result);
return result;
}
#pragma warning disable 0168
catch (Exception ex)
#pragma warning restore 0168
{
Trace("GetFileSecurityProxy : " + rawFileName + " Throw : " + ex.Message);
return DokanResult.InvalidParameter;
}
}
public static extern bool QueryServiceObjectSecurity(
SafeServiceHandle hService,
SECURITY_INFORMATION dwSecurityInformation,
byte[] lpSecurityDescriptor,
int cbBufSize,
out int pcbBytesNeeded);
public void SetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo)
{
Sid ownerSid = (((securityInfo & SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION) == 0) ? null : this.Owner);
Sid groupSid = (((securityInfo & SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION) == 0) ? null : this.Group);
Dacl dacl = (((securityInfo & SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) == 0) ? null : this.Dacl);
Sacl sacl = (((securityInfo & SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) == 0) ? null : this.Sacl);
Win32Helpers.SetSecurityInfo(handle, objectType, securityInfo,
ownerSid, groupSid, dacl, sacl);
}
/// <summary>
/// Retrieves a copy of the security descriptor associated with a service object. You can also use the
/// GetNamedSecurityInfo function to retrieve a security descriptor.
/// </summary>
/// <param name="hService">
/// A handle to the service control manager or the service. Handles to the service control manager
/// are returned by the <see cref="OpenSCManager" /> function, and handles to a service are returned by either the
/// <see cref="OpenService" /> or <see cref="CreateService(SafeServiceHandle,string,string,ACCESS_MASK,ServiceType,ServiceStartType,ServiceErrorControl,string,string,int, string,string,string)" /> function. The handle must have the READ_CONTROL access
/// right.
/// </param>
/// <param name="dwSecurityInformation">
/// A set of bit flags that indicate the type of security information to retrieve. This
/// parameter can be a combination of the <see cref="SECURITY_INFORMATION" /> flags, with the exception that this
/// function does not support the <see cref="SECURITY_INFORMATION.LABEL_SECURITY_INFORMATION" /> value.
/// </param>
/// <returns>
/// A copy of the security descriptor of the specified service object. The calling process must have the
/// appropriate access to view the specified aspects of the security descriptor of the object.
/// </returns>
/// <exception cref="ArgumentNullException"><paramref name="hService" /> is NULL.</exception>
/// <exception cref="Win32Exception">If the call to the native method fails fails.</exception>
public static RawSecurityDescriptor QueryServiceObjectSecurity(SafeServiceHandle hService, SECURITY_INFORMATION dwSecurityInformation)
{
if (hService == null)
{
throw new ArgumentNullException(nameof(hService));
}
var securityDescriptor = new byte[0];
int bufSizeNeeded;
QueryServiceObjectSecurity(hService, dwSecurityInformation, securityDescriptor, 0, out bufSizeNeeded);
var lastError = GetLastError();
if (lastError != Win32ErrorCode.ERROR_INSUFFICIENT_BUFFER)
{
throw new Win32Exception(lastError);
}
securityDescriptor = new byte[bufSizeNeeded];
var success = QueryServiceObjectSecurity(hService, dwSecurityInformation, securityDescriptor, bufSizeNeeded, out bufSizeNeeded);
if (!success)
{
throw new Win32Exception();
}
return new RawSecurityDescriptor(securityDescriptor, 0);
}
public void SetKernelObjectSecurity(HANDLE handle, SECURITY_INFORMATION secInfo)
{
Win32.CheckCall(Win32.SetKernelObjectSecurity(handle, secInfo, this._secDesc));
}
public void SetRegistryKeySecurity(HKEY hKey, SECURITY_INFORMATION secInfo)
{
int rc = Win32.RegSetKeySecurity(hKey, secInfo, this._secDesc);
if (rc != Win32.SUCCESS)
{
Win32.SetLastError((uint)rc);
Win32.ThrowLastError();
}
}
public void SetFileSecurity(string fileName, SECURITY_INFORMATION secInfo)
{
Win32.CheckCall(Win32.SetFileSecurity(fileName, secInfo, this._secDesc));
}
/// <summary>
/// Return the selected components of the security descriptor of a given kernel object handle
/// </summary>
/// <param name="fileName">The kernel object handle</param>
/// <param name="secInfo">The components of the security descriptor to return</param>
/// <returns>The security descriptor</returns>
public static SecurityDescriptor GetKernelObjectSecurity(HANDLE handle, SECURITY_INFORMATION secInfo)
{
DWORD cbLength;
BOOL rc = Win32.GetKernelObjectSecurity(handle, secInfo, IntPtr.Zero, 0, out cbLength);
switch(Win32.GetLastError())
{
case Win32.SUCCESS:
throw new InvalidOperationException("Unexpected return code from GetKernelObjectSecurity()");
case Win32.ERROR_INSUFFICIENT_BUFFER:
IntPtr secDescPtr = Win32.AllocGlobal(cbLength);
try
{
rc = Win32.GetKernelObjectSecurity(handle, secInfo, secDescPtr, cbLength, out cbLength);
Win32.CheckCall(rc);
return new SecurityDescriptor(secDescPtr);
}
catch
{
Win32.FreeGlobal(secDescPtr);
throw;
}
default:
Win32.ThrowLastError();
return null; // Never executed
}
}
public int GetFileSecurityProxy(string rawFileName, ref SECURITY_INFORMATION rawRequestedInformation,
IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength,
ref uint rawSecurityDescriptorLengthNeeded,
DokanFileInfo rawFileInfo)
{
FileSystemSecurity sec;
var sect = AccessControlSections.None;
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Owner;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Group;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Access;
}
if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) ||
rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION))
{
sect |= AccessControlSections.Audit;
}
try
{
int ret = (int)_operations.GetFileSecurity(rawFileName, out sec, sect, rawFileInfo);
if (ret == ERROR_SUCCESS /*&& sec != null*/)
{
Debug.Assert(sec != null);
var buffer = sec.GetSecurityDescriptorBinaryForm();
rawSecurityDescriptorLengthNeeded = (uint)buffer.Length;
if (buffer.Length > rawSecurityDescriptorLength)
{
return ERROR_INSUFFICIENT_BUFFER;
}
Marshal.Copy(buffer, 0, rawSecurityDescriptor, buffer.Length);
}
return ret;
}
catch
{
#if DEBUG
throw;
#else
return ERROR_INVALID_FUNCTION;
#endif
}
}
/// <summary>The SetServiceObjectSecurity function sets the security descriptor of a service object.</summary>
/// <param name="hService">
/// A handle to the service. This handle is returned by the <see cref="OpenService" /> or
/// <see cref="CreateService(SafeServiceHandle,string,string,ACCESS_MASK,ServiceType,ServiceStartType,ServiceErrorControl,string,string,int, string,string,string)" /> function. The access required for this handle depends on the security information
/// specified in the <paramref name="dwSecurityInformation" /> parameter.
/// </param>
/// <param name="dwSecurityInformation">
/// Specifies the components of the security descriptor to set. This parameter can be a
/// combination of the following values : <see cref="SECURITY_INFORMATION.DACL_SECURITY_INFORMATION" />,
/// <see cref="SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION" />,
/// <see cref="SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION" />,
/// <see cref="SECURITY_INFORMATION.SACL_SECURITY_INFORMATION" />. Note that flags not handled by
/// SetServiceObjectSecurity will be silently ignored.
/// </param>
/// <param name="lpSecurityDescriptor">The new security information.</param>
public static void SetServiceObjectSecurity(
SafeServiceHandle hService,
SECURITY_INFORMATION dwSecurityInformation,
RawSecurityDescriptor lpSecurityDescriptor)
{
var binaryForm = new byte[lpSecurityDescriptor.BinaryLength];
lpSecurityDescriptor.GetBinaryForm(binaryForm, 0);
if (!SetServiceObjectSecurity(hService, dwSecurityInformation, binaryForm))
{
throw new Win32Exception();
}
}
public static SecurityDescriptor GetNamedSecurityInfo(
string objectName,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo)
{
Sid sidOwner;
Sid sidGroup;
Dacl dacl;
Sacl sacl;
SecurityDescriptor secDesc;
Win32Helpers.GetNamedSecurityInfo(objectName, objectType, securityInfo,
out sidOwner, out sidGroup, out dacl, out sacl, out secDesc);
return secDesc;
}
public int SetFileSecurity(
IntPtr rawFileName,
ref SECURITY_INFORMATION rawSecurityInformation,
ref SECURITY_DESCRIPTOR rawSecurityDescriptor,
ref uint rawSecurityDescriptorLengthNeeded,
ref DOKAN_FILE_INFO rawFileInfo)
{
return -1;
}
public static extern uint GetNamedSecurityInfo(
string pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
out IntPtr pSidOwner,
out IntPtr pSidGroup,
out IntPtr pDacl,
out IntPtr pSacl,
out IntPtr pSecurityDescriptor);
public static void GetSecurityInfo(
HANDLE handle,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
out Sid sidOwner,
out Sid sidGroup,
out Dacl dacl,
out Sacl sacl,
out SecurityDescriptor secDesc)
{
sidOwner = null;
sidGroup = null;
dacl = null;
sacl = null;
secDesc = null;
IntPtr ptrOwnerSid = IntPtr.Zero;
IntPtr ptrGroupSid = IntPtr.Zero;
IntPtr ptrDacl = IntPtr.Zero;
IntPtr ptrSacl = IntPtr.Zero;
IntPtr ptrSecDesc = IntPtr.Zero;
DWORD rc = Win32.GetSecurityInfo(handle, objectType, securityInfo,
ref ptrOwnerSid, ref ptrGroupSid, ref ptrDacl, ref ptrSacl, ref ptrSecDesc);
if (rc != Win32.ERROR_SUCCESS)
{
Win32.SetLastError(rc);
Win32.ThrowLastError();
}
try
{
if (ptrOwnerSid != IntPtr.Zero)
sidOwner = new Sid(ptrOwnerSid);
if (ptrGroupSid != IntPtr.Zero)
sidGroup = new Sid(ptrGroupSid);
if (ptrDacl != IntPtr.Zero)
dacl = new Dacl(ptrDacl);
if (ptrSacl != IntPtr.Zero)
sacl = new Sacl(ptrSacl);
if (ptrSecDesc != IntPtr.Zero)
secDesc = new SecurityDescriptor(ptrSecDesc, true);
}
catch
{
if (ptrSecDesc != IntPtr.Zero)
Win32.LocalFree(ptrSecDesc);
throw;
}
}
