public static extern BOOL GetKernelObjectSecurity( HANDLE Handle, // handle to object SECURITY_INFORMATION RequestedInformation, // request PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD DWORD nLength, // size of SD out DWORD lpnLengthNeeded // required size of buffer );
public NtStatus GetFileSecurityProxy(string rawFileName, ref SECURITY_INFORMATION rawRequestedInformation, IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength, ref uint rawSecurityDescriptorLengthNeeded, DokanFileInfo rawFileInfo) { FileSystemSecurity sec; var sect = AccessControlSections.None; if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION)) { sect |= AccessControlSections.Owner; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION)) { sect |= AccessControlSections.Group; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Access; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Audit; } try { this.logger.Debug("GetFileSecurityProxy : {0}", rawFileName); this.logger.Debug("\tFileSystemSecurity\t{0}", sect); this.logger.Debug("\tContext\t{0}", this.ToTrace(rawFileInfo)); NtStatus result = operations.GetFileSecurity(rawFileName, out sec, sect, rawFileInfo); if (result == DokanResult.Success /*&& sec != null*/) { Debug.Assert(sec != null); this.logger.Debug("\tFileSystemSecurity Result : {0}", sec); var buffer = sec.GetSecurityDescriptorBinaryForm(); rawSecurityDescriptorLengthNeeded = (uint)buffer.Length; if (buffer.Length > rawSecurityDescriptorLength) { return(DokanResult.BufferOverflow); } Marshal.Copy(buffer, 0, rawSecurityDescriptor, buffer.Length); } this.logger.Debug("GetFileSecurityProxy : {0} Return : {1}", rawFileName, result); return(result); } catch (Exception ex) { this.logger.Error("GetFileSecurityProxy : {0} Throw : {1}", rawFileName, ex.Message); return(DokanResult.InvalidParameter); } }
internal unsafe static void UnsafeSetNamedSecurityInfo( string objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { fixed(byte *pSidOwner = (sidOwner != null ? sidOwner.GetNativeSID() : null)) { fixed(byte *pSidGroup = (sidGroup != null ? sidGroup.GetNativeSID() : null)) { fixed(byte *pDacl = (dacl != null ? dacl.GetNativeACL() : null)) { fixed(byte *pSacl = (sacl != null ? sacl.GetNativeACL() : null)) { DWORD rc = Win32.SetNamedSecurityInfo(objectName, objectType, securityInfo, (IntPtr)pSidOwner, (IntPtr)pSidGroup, (IntPtr)pDacl, (IntPtr)pSacl); if (rc != Win32.ERROR_SUCCESS) { Win32.SetLastError(rc); Win32.ThrowLastError(); } } } } } }
ConvertSecurityDescriptorToStringSecurityDescriptor( [In] byte[] SecurityDescriptor, [In] int RequestedStringSDRevision, [In] SECURITY_INFORMATION SecurityInformation, [Out] out IntPtr StringSecurityDescriptor, [Out] out int StringSecurityDescriptorLen );
void ISecurityInformation.GetSecurity(SECURITY_INFORMATION requestInformation, out IntPtr ppSecurityDescriptor, bool fDefault) { System.Diagnostics.Debug.WriteLine($"GetSecurity: {requestInformation}{(fDefault ? " (Def)" : "")}"); ppSecurityDescriptor = GetPrivateObjectSecurity(fDefault ? prov.GetDefaultSecurity() : (IntPtr)pSD, requestInformation); System.Diagnostics.Debug.WriteLine( $"GetSecurity={SecurityDescriptorPtrToSdll(ppSecurityDescriptor, requestInformation) ?? "null"} <- {SecurityDescriptorPtrToSdll((IntPtr)pSD, requestInformation) ?? "null"}"); }
public static IEnumerable <INHERITED_FROM> GetInheritanceSource(string objectName, ResourceType objectType, SECURITY_INFORMATION securityInfo, bool container, IntPtr pAcl, ref GENERIC_MAPPING pGenericMapping) { var objSize = Marshal.SizeOf(typeof(INHERITED_FROM)); var aceCount = GetAceCount(pAcl); using (var pInherit = new SafeCoTaskMemHandle(objSize * (int)aceCount)) { var hr = 0; try { hr = AdvApi32.GetInheritanceSource(objectName, objectType, securityInfo, container, null, 0, pAcl, IntPtr.Zero, ref pGenericMapping, (IntPtr)pInherit); if (hr != 0) { throw new System.ComponentModel.Win32Exception(hr); } return(pInherit.ToIEnum <INHERITED_FROM>((int)aceCount)); } finally { if (hr != 0) { FreeInheritedFromArray((IntPtr)pInherit, (ushort)aceCount, IntPtr.Zero); } } } }
/// <summary> /// Return the selected components of the security descriptor of a given kernel object handle /// </summary> /// <param name="fileName">The kernel object handle</param> /// <param name="secInfo">The components of the security descriptor to return</param> /// <returns>The security descriptor</returns> public static SecurityDescriptor GetKernelObjectSecurity(HANDLE handle, SECURITY_INFORMATION secInfo) { DWORD cbLength; BOOL rc = Win32.GetKernelObjectSecurity(handle, secInfo, IntPtr.Zero, 0, out cbLength); switch (Win32.GetLastError()) { case Win32.SUCCESS: throw new InvalidOperationException("Unexpected return code from GetKernelObjectSecurity()"); case Win32.ERROR_INSUFFICIENT_BUFFER: IntPtr secDescPtr = Win32.AllocGlobal(cbLength); try { rc = Win32.GetKernelObjectSecurity(handle, secInfo, secDescPtr, cbLength, out cbLength); Win32.CheckCall(rc); return(new SecurityDescriptor(secDescPtr)); } catch { Win32.FreeGlobal(secDescPtr); throw; } default: Win32.ThrowLastError(); return(null); // Never executed } }
public static extern BOOL GetFileSecurity( LPCTSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, out DWORD lpnLengthNeeded );
public static extern uint SetSecurityInfo( IntPtr handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);
private static extern int SetNamedSecurityInfo( string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);
/// <summary> /// Sets a keys security descriptor. /// See http://msdn.microsoft.com/en-us/library/ee210774(v=vs.85).aspx /// </summary> /// <param name="hKey">Handle to an open key.</param> /// <param name="securityInformation">The type of security information to set.</param> /// <param name="pSecurityDescriptor">Pointer to data buffer.</param> /// <returns> /// <see cref="Win32Result" /> of the result. Win32Result.ERROR_SUCCESS indicates success. /// </returns> public static Win32Result SetKeySecurity(IntPtr hKey, SECURITY_INFORMATION securityInformation, /*ref IntPtr*/ IntPtr pSecurityDescriptor) { return(Is64BitProcess ? SetKeySecurity64(hKey, securityInformation, pSecurityDescriptor) : SetKeySecurity32(hKey, securityInformation, pSecurityDescriptor)); }
internal static SafeSecurityDescriptor GetSD(string filename, SECURITY_INFORMATION si = SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION) { var err = GetNamedSecurityInfo(filename, SE_OBJECT_TYPE.SE_FILE_OBJECT, si, out _, out _, out _, out _, out var pSD); Assert.That(err, Is.EqualTo(0)); Assert.That(!pSD.IsInvalid); return(pSD); }
public static extern DWORD SetNamedSecurityInfo( LPCTSTR pObjectName, //REVIEW: Why is it documented as LPTSTR SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl);
public static extern uint SetSecurityInfo( IntPtr handle, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInformation, IntPtr pOwner, IntPtr pGroup, IntPtr pDacl, IntPtr pSacl);
public static extern DWORD SetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl);
public static extern Win32Error GetNamedSecurityInfo( string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr ppsidOwner, out IntPtr ppsidGroup, out IntPtr ppDacl, out IntPtr ppSacl, out SafeSecurityDescriptor ppSecurityDescriptor);
static extern uint SetSecurityInfo( IntPtr handle, _SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out IntPtr pSecurityDescriptor);
/// <summary> /// Gets a keys security descriptor. /// See http://msdn.microsoft.com/en-us/library/ee210766(v=vs.85).aspx /// </summary> /// <param name="hKey">Handle to an open key.</param> /// <param name="securityInformation">The type of security information to request.</param> /// <param name="pSecurityDescriptor">Pointer to data buffer.</param> /// <param name="lpcbSecurityDescriptor">Size of the data buffer.</param> /// <returns> /// <see cref="Win32Result" /> of the result. Win32Result.ERROR_SUCCESS indicates success. /// </returns> public static Win32Result GetKeySecurity(IntPtr hKey, SECURITY_INFORMATION securityInformation, IntPtr pSecurityDescriptor, ref uint lpcbSecurityDescriptor) { return(Is64BitProcess ? GetKeySecurity64(hKey, securityInformation, pSecurityDescriptor, ref lpcbSecurityDescriptor) : GetKeySecurity32(hKey, securityInformation, pSecurityDescriptor, ref lpcbSecurityDescriptor)); }
public int SetFileSecurity( IntPtr rawFileName, ref SECURITY_INFORMATION rawSecurityInformation, ref SECURITY_DESCRIPTOR rawSecurityDescriptor, ref uint rawSecurityDescriptorLengthNeeded, ref DOKAN_FILE_INFO rawFileInfo) { return(-1); }
static extern int GetNamedSecurityInfo( String objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, out IntPtr sidOwner, out IntPtr sidGroup, out IntPtr dacl, out IntPtr sacl, out IntPtr securityDescriptor);
public static extern int GetSecurityInfo( IntPtr handle, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, out IntPtr sidOwner, out IntPtr sidGroup, out IntPtr dacl, out IntPtr sacl, out IntPtr securityDescriptor);
public static extern DWORD GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, ref PSID ppsidOwner, ref PSID ppsidGroup, ref PACL ppDacl, ref PACL ppSacl, ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
public static extern DWORD GetNamedSecurityInfo( LPCTSTR pObjectName, //REVIEW: Why is it documented as LPTSTR SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, ref PSID ppsidOwner, ref PSID ppsidGroup, ref PACL ppDacl, ref PACL ppSacl, ref PSECURITY_DESCRIPTOR ppSecurityDescriptor);
static extern uint GetNamedSecurityInfo( string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out IntPtr pSecurityDescriptor);
public static extern uint GetSecurityInfo( IntPtr handle, _SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, ref IntPtr ppsidOwner, ref IntPtr ppsidGroup, ref IntPtr ppDacl, ref IntPtr ppSacl, ref IntPtr ppSecurityDescriptor );
public void SetRegistryKeySecurity(HKEY hKey, SECURITY_INFORMATION secInfo) { int rc = Win32.RegSetKeySecurity(hKey, secInfo, this._secDesc); if (rc != Win32.SUCCESS) { Win32.SetLastError((uint)rc); Win32.ThrowLastError(); } }
public int GetFileSecurityProxy(string rawFileName, ref SECURITY_INFORMATION rawRequestedInformation, IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength, ref uint rawSecurityDescriptorLengthNeeded, DokanFileInfo rawFileInfo) { FileSystemSecurity sec; var sect = AccessControlSections.None; if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION)) { sect |= AccessControlSections.Owner; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION)) { sect |= AccessControlSections.Group; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Access; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Audit; } try { int ret = (int)_operations.GetFileSecurity(rawFileName, out sec, sect, rawFileInfo); if (ret == ERROR_SUCCESS /*&& sec != null*/) { Debug.Assert(sec != null); var buffer = sec.GetSecurityDescriptorBinaryForm(); rawSecurityDescriptorLengthNeeded = (uint)buffer.Length; if (buffer.Length > rawSecurityDescriptorLength) { return(ERROR_INSUFFICIENT_BUFFER); } Marshal.Copy(buffer, 0, rawSecurityDescriptor, buffer.Length); } return(ret); } catch { #if DEBUGDOKAN Log("UnmountProxy: {0}\n", rawFileName); //throw; #endif return(ERROR_INVALID_FUNCTION); } }
public static extern UInt32 GetInheritanceSource( [MarshalAs(UnmanagedType.LPTStr)] string pObjectName, ResourceType ObjectType, SECURITY_INFORMATION SecurityInfo, [MarshalAs(UnmanagedType.Bool)] bool Container, IntPtr pObjectClassGuids, UInt32 GuidCount, byte[] pAcl, IntPtr pfnArray, ref GENERIC_MAPPING pGenericMapping, IntPtr pInheritArray);
public static void SetNamedSecurityInfo( string objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { UnsafeSetNamedSecurityInfo(objectName, objectType, securityInfo, sidOwner, sidGroup, dacl, sacl); }
public static IEnumerable <INHERITED_FROM> GetInheritanceSource(string objectName, System.Security.AccessControl.ResourceType objectType, SECURITY_INFORMATION securityInfo, bool container, IntPtr pAcl, ref GENERIC_MAPPING pGenericMapping) { var objSize = Marshal.SizeOf(typeof(INHERITED_FROM)); var aceCount = GetAceCount(pAcl); using (var pInherit = new SafeInheritedFromArray((ushort)aceCount)) { AdvApi32.GetInheritanceSource(objectName, (SE_OBJECT_TYPE)objectType, securityInfo, container, null, 0, pAcl, IntPtr.Zero, ref pGenericMapping, pInherit).ThrowIfFailed(); return(pInherit.Results); } }
public static SecurityDescriptor GetRegistryKeySecurity(HKEY hKey, SECURITY_INFORMATION secInfo) { DWORD cbLength = 0; int rc = Win32.RegGetKeySecurity(hKey, secInfo, IntPtr.Zero, ref cbLength); if (rc != Win32.SUCCESS) Win32.SetLastError((uint)rc); switch(rc) { case Win32.SUCCESS: throw new InvalidOperationException("Unexpected return code from RegGetKeySecurity()"); case Win32.ERROR_INSUFFICIENT_BUFFER: IntPtr secDescPtr = Win32.AllocGlobal(cbLength); try { rc = Win32.RegGetKeySecurity(hKey, secInfo, secDescPtr, ref cbLength); if (rc != Win32.SUCCESS) { Win32.SetLastError((uint)rc); Win32.ThrowLastError(); } return new SecurityDescriptor(secDescPtr); } catch { Win32.FreeGlobal(secDescPtr); throw; } default: Win32.ThrowLastError(); return null; // Never executed } }
private static extern long GetSecurityInfo(IntPtr handle, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, out IntPtr ppsidOwner, out IntPtr ppsidGroup, out IntPtr ppDacl, out IntPtr ppSacl, out IntPtr ppSecurityDescriptor);
public static extern BOOL SetKernelObjectSecurity( HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor );
private static extern bool ConvertSecurityDescriptorToStringSecurityDescriptor(byte[] sd, uint rev, SECURITY_INFORMATION secinfo, out IntPtr str, out int length);
public static extern bool GetKernelObjectSecurity(IntPtr Handle, SECURITY_INFORMATION RequestedInformation, IntPtr pSecurityDescriptor, uint nLength, out uint lpnLengthNeeded);
public static extern bool SetKernelObjectSecurity(IntPtr Handle, SECURITY_INFORMATION SecurityInformation, IntPtr SecurityDescriptor);
static extern int SetNamedSecurityInfo([MarshalAs(UnmanagedType.LPTStr)] string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, IntPtr psidOwner, IntPtr psidGroup, IntPtr pDacl, IntPtr pSacl);
internal unsafe static void UnsafeSetNamedSecurityInfo( string objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { byte[] pSidOwner = (sidOwner != null) ? sidOwner.GetNativeSID() : null; byte[] pSidGroup = (sidGroup != null) ? sidGroup.GetNativeSID() : null; byte[] pDacl = (dacl != null) ? dacl.GetNativeACL() : null; byte[] pSacl = (sacl != null) ? sacl.GetNativeACL() : null; DWORD rc = Win32.SetNamedSecurityInfo(objectName, objectType, securityInfo, pSidOwner, pSidGroup, pDacl, pSacl); if (rc != Win32.ERROR_SUCCESS) { Win32.SetLastError(rc); Win32.ThrowLastError(); } }
public int SetFileSecurityProxy( string rawFileName, ref SECURITY_INFORMATION rawSecurityInformation, IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength, DokanFileInfo rawFileInfo) { var sect = AccessControlSections.None; if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION)) { sect |= AccessControlSections.Owner; } if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION)) { sect |= AccessControlSections.Group; } if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) || rawSecurityInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) || rawSecurityInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Access; } if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) || rawSecurityInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) || rawSecurityInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Audit; } var buffer = new byte[rawSecurityDescriptorLength]; try { Marshal.Copy(rawSecurityDescriptor, buffer, 0, (int)rawSecurityDescriptorLength); var sec = rawFileInfo.IsDirectory ? (FileSystemSecurity)new DirectorySecurity() : new FileSecurity(); sec.SetSecurityDescriptorBinaryForm(buffer); return (int)_operations.SetFileSecurity(rawFileName, sec, sect, rawFileInfo); } catch { #if DEBUG throw; #else return ERROR_INVALID_FUNCTION; #endif } }
public NtStatus SetFileSecurityProxy(string rawFileName, ref SECURITY_INFORMATION rawSecurityInformation, IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength, DokanFileInfo rawFileInfo) { var sect = AccessControlSections.None; if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION)) { sect |= AccessControlSections.Owner; } if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION)) { sect |= AccessControlSections.Group; } if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) || rawSecurityInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) || rawSecurityInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Access; } if (rawSecurityInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) || rawSecurityInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) || rawSecurityInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Audit; } var buffer = new byte[rawSecurityDescriptorLength]; try { Marshal.Copy(rawSecurityDescriptor, buffer, 0, (int)rawSecurityDescriptorLength); var sec = rawFileInfo.IsDirectory ? (FileSystemSecurity)new DirectorySecurity() : new FileSecurity(); sec.SetSecurityDescriptorBinaryForm(buffer); Trace("\nSetFileSecurityProxy : " + rawFileName); Trace("\tAccessControlSections\t" + sect); Trace("\tFileSystemSecurity\t" + sec); Trace("\tContext\t" + ToTrace(rawFileInfo)); NtStatus result = operations.SetFileSecurity(rawFileName, sec, sect, rawFileInfo); Trace("SetFileSecurityProxy : " + rawFileName + " Return : " + result); return result; } #pragma warning disable 0168 catch (Exception ex) #pragma warning restore 0168 { Trace("SetFileSecurityProxy : " + rawFileName + " Throw : " + ex.Message); return DokanResult.InvalidParameter; } }
public static void SetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { UnsafeSetSecurityInfo (handle, ObjectType, SecurityInfo, sidOwner, sidGroup, dacl, sacl); }
internal static unsafe void UnsafeSetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { fixed(byte *pSidOwner = (sidOwner != null ? sidOwner.GetNativeSID() : null)) { fixed(byte *pSidGroup = (sidGroup != null ? sidGroup.GetNativeSID() : null)) { fixed(byte *pDacl = (dacl != null ? dacl.GetNativeACL() : null)) { fixed(byte *pSacl = (sacl != null ? sacl.GetNativeACL() : null)) { DWORD rc = Win32.SetSecurityInfo(handle, ObjectType, SecurityInfo, (IntPtr)pSidOwner, (IntPtr)pSidGroup, (IntPtr)pDacl, (IntPtr)pSacl); if (rc != Win32.ERROR_SUCCESS) { Win32.SetLastError(rc); Win32.ThrowLastError(); } } } } } }
public static extern bool SetServiceObjectSecurity( SafeServiceHandle hService, SECURITY_INFORMATION dwSecurityInformation, byte[] lpSecurityDescriptor);
public static void SetNamedSecurityInfo( string objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, Sid sidOwner, Sid sidGroup, Dacl dacl, Sacl sacl) { UnsafeSetNamedSecurityInfo (objectName, objectType, securityInfo, sidOwner, sidGroup, dacl, sacl); }
public NtStatus GetFileSecurityProxy(string rawFileName, ref SECURITY_INFORMATION rawRequestedInformation, IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength, ref uint rawSecurityDescriptorLengthNeeded, DokanFileInfo rawFileInfo) { FileSystemSecurity sec; var sect = AccessControlSections.None; if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION)) { sect |= AccessControlSections.Owner; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION)) { sect |= AccessControlSections.Group; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Access; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Audit; } try { Trace("\nGetFileSecurityProxy : " + rawFileName); Trace("\tFileSystemSecurity\t" + sect); Trace("\tContext\t" + ToTrace(rawFileInfo)); NtStatus result = operations.GetFileSecurity(rawFileName, out sec, sect, rawFileInfo); if (result == DokanResult.Success /*&& sec != null*/) { Debug.Assert(sec != null); Trace("\tFileSystemSecurity Result : " + sec); var buffer = sec.GetSecurityDescriptorBinaryForm(); rawSecurityDescriptorLengthNeeded = (uint)buffer.Length; if (buffer.Length > rawSecurityDescriptorLength) return DokanResult.BufferOverflow; Marshal.Copy(buffer, 0, rawSecurityDescriptor, buffer.Length); } Trace("GetFileSecurityProxy : " + rawFileName + " Return : " + result); return result; } #pragma warning disable 0168 catch (Exception ex) #pragma warning restore 0168 { Trace("GetFileSecurityProxy : " + rawFileName + " Throw : " + ex.Message); return DokanResult.InvalidParameter; } }
public static extern bool QueryServiceObjectSecurity( SafeServiceHandle hService, SECURITY_INFORMATION dwSecurityInformation, byte[] lpSecurityDescriptor, int cbBufSize, out int pcbBytesNeeded);
public void SetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo) { Sid ownerSid = (((securityInfo & SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION) == 0) ? null : this.Owner); Sid groupSid = (((securityInfo & SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION) == 0) ? null : this.Group); Dacl dacl = (((securityInfo & SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) == 0) ? null : this.Dacl); Sacl sacl = (((securityInfo & SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) == 0) ? null : this.Sacl); Win32Helpers.SetSecurityInfo(handle, objectType, securityInfo, ownerSid, groupSid, dacl, sacl); }
/// <summary> /// Retrieves a copy of the security descriptor associated with a service object. You can also use the /// GetNamedSecurityInfo function to retrieve a security descriptor. /// </summary> /// <param name="hService"> /// A handle to the service control manager or the service. Handles to the service control manager /// are returned by the <see cref="OpenSCManager" /> function, and handles to a service are returned by either the /// <see cref="OpenService" /> or <see cref="CreateService(SafeServiceHandle,string,string,ACCESS_MASK,ServiceType,ServiceStartType,ServiceErrorControl,string,string,int, string,string,string)" /> function. The handle must have the READ_CONTROL access /// right. /// </param> /// <param name="dwSecurityInformation"> /// A set of bit flags that indicate the type of security information to retrieve. This /// parameter can be a combination of the <see cref="SECURITY_INFORMATION" /> flags, with the exception that this /// function does not support the <see cref="SECURITY_INFORMATION.LABEL_SECURITY_INFORMATION" /> value. /// </param> /// <returns> /// A copy of the security descriptor of the specified service object. The calling process must have the /// appropriate access to view the specified aspects of the security descriptor of the object. /// </returns> /// <exception cref="ArgumentNullException"><paramref name="hService" /> is NULL.</exception> /// <exception cref="Win32Exception">If the call to the native method fails fails.</exception> public static RawSecurityDescriptor QueryServiceObjectSecurity(SafeServiceHandle hService, SECURITY_INFORMATION dwSecurityInformation) { if (hService == null) { throw new ArgumentNullException(nameof(hService)); } var securityDescriptor = new byte[0]; int bufSizeNeeded; QueryServiceObjectSecurity(hService, dwSecurityInformation, securityDescriptor, 0, out bufSizeNeeded); var lastError = GetLastError(); if (lastError != Win32ErrorCode.ERROR_INSUFFICIENT_BUFFER) { throw new Win32Exception(lastError); } securityDescriptor = new byte[bufSizeNeeded]; var success = QueryServiceObjectSecurity(hService, dwSecurityInformation, securityDescriptor, bufSizeNeeded, out bufSizeNeeded); if (!success) { throw new Win32Exception(); } return new RawSecurityDescriptor(securityDescriptor, 0); }
public void SetKernelObjectSecurity(HANDLE handle, SECURITY_INFORMATION secInfo) { Win32.CheckCall(Win32.SetKernelObjectSecurity(handle, secInfo, this._secDesc)); }
public void SetFileSecurity(string fileName, SECURITY_INFORMATION secInfo) { Win32.CheckCall(Win32.SetFileSecurity(fileName, secInfo, this._secDesc)); }
/// <summary> /// Return the selected components of the security descriptor of a given kernel object handle /// </summary> /// <param name="fileName">The kernel object handle</param> /// <param name="secInfo">The components of the security descriptor to return</param> /// <returns>The security descriptor</returns> public static SecurityDescriptor GetKernelObjectSecurity(HANDLE handle, SECURITY_INFORMATION secInfo) { DWORD cbLength; BOOL rc = Win32.GetKernelObjectSecurity(handle, secInfo, IntPtr.Zero, 0, out cbLength); switch(Win32.GetLastError()) { case Win32.SUCCESS: throw new InvalidOperationException("Unexpected return code from GetKernelObjectSecurity()"); case Win32.ERROR_INSUFFICIENT_BUFFER: IntPtr secDescPtr = Win32.AllocGlobal(cbLength); try { rc = Win32.GetKernelObjectSecurity(handle, secInfo, secDescPtr, cbLength, out cbLength); Win32.CheckCall(rc); return new SecurityDescriptor(secDescPtr); } catch { Win32.FreeGlobal(secDescPtr); throw; } default: Win32.ThrowLastError(); return null; // Never executed } }
public int GetFileSecurityProxy(string rawFileName, ref SECURITY_INFORMATION rawRequestedInformation, IntPtr rawSecurityDescriptor, uint rawSecurityDescriptorLength, ref uint rawSecurityDescriptorLengthNeeded, DokanFileInfo rawFileInfo) { FileSystemSecurity sec; var sect = AccessControlSections.None; if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION)) { sect |= AccessControlSections.Owner; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION)) { sect |= AccessControlSections.Group; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.DACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_DACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_DACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Access; } if (rawRequestedInformation.HasFlag(SECURITY_INFORMATION.SACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.PROTECTED_SACL_SECURITY_INFORMATION) || rawRequestedInformation.HasFlag(SECURITY_INFORMATION.UNPROTECTED_SACL_SECURITY_INFORMATION)) { sect |= AccessControlSections.Audit; } try { int ret = (int)_operations.GetFileSecurity(rawFileName, out sec, sect, rawFileInfo); if (ret == ERROR_SUCCESS /*&& sec != null*/) { Debug.Assert(sec != null); var buffer = sec.GetSecurityDescriptorBinaryForm(); rawSecurityDescriptorLengthNeeded = (uint)buffer.Length; if (buffer.Length > rawSecurityDescriptorLength) { return ERROR_INSUFFICIENT_BUFFER; } Marshal.Copy(buffer, 0, rawSecurityDescriptor, buffer.Length); } return ret; } catch { #if DEBUG throw; #else return ERROR_INVALID_FUNCTION; #endif } }
/// <summary>The SetServiceObjectSecurity function sets the security descriptor of a service object.</summary> /// <param name="hService"> /// A handle to the service. This handle is returned by the <see cref="OpenService" /> or /// <see cref="CreateService(SafeServiceHandle,string,string,ACCESS_MASK,ServiceType,ServiceStartType,ServiceErrorControl,string,string,int, string,string,string)" /> function. The access required for this handle depends on the security information /// specified in the <paramref name="dwSecurityInformation" /> parameter. /// </param> /// <param name="dwSecurityInformation"> /// Specifies the components of the security descriptor to set. This parameter can be a /// combination of the following values : <see cref="SECURITY_INFORMATION.DACL_SECURITY_INFORMATION" />, /// <see cref="SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION" />, /// <see cref="SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION" />, /// <see cref="SECURITY_INFORMATION.SACL_SECURITY_INFORMATION" />. Note that flags not handled by /// SetServiceObjectSecurity will be silently ignored. /// </param> /// <param name="lpSecurityDescriptor">The new security information.</param> public static void SetServiceObjectSecurity( SafeServiceHandle hService, SECURITY_INFORMATION dwSecurityInformation, RawSecurityDescriptor lpSecurityDescriptor) { var binaryForm = new byte[lpSecurityDescriptor.BinaryLength]; lpSecurityDescriptor.GetBinaryForm(binaryForm, 0); if (!SetServiceObjectSecurity(hService, dwSecurityInformation, binaryForm)) { throw new Win32Exception(); } }
public static SecurityDescriptor GetNamedSecurityInfo( string objectName, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo) { Sid sidOwner; Sid sidGroup; Dacl dacl; Sacl sacl; SecurityDescriptor secDesc; Win32Helpers.GetNamedSecurityInfo(objectName, objectType, securityInfo, out sidOwner, out sidGroup, out dacl, out sacl, out secDesc); return secDesc; }
public int SetFileSecurity( IntPtr rawFileName, ref SECURITY_INFORMATION rawSecurityInformation, ref SECURITY_DESCRIPTOR rawSecurityDescriptor, ref uint rawSecurityDescriptorLengthNeeded, ref DOKAN_FILE_INFO rawFileInfo) { return -1; }
public static extern uint GetNamedSecurityInfo( string pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, out IntPtr pSidOwner, out IntPtr pSidGroup, out IntPtr pDacl, out IntPtr pSacl, out IntPtr pSecurityDescriptor);
public static void GetSecurityInfo( HANDLE handle, SE_OBJECT_TYPE objectType, SECURITY_INFORMATION securityInfo, out Sid sidOwner, out Sid sidGroup, out Dacl dacl, out Sacl sacl, out SecurityDescriptor secDesc) { sidOwner = null; sidGroup = null; dacl = null; sacl = null; secDesc = null; IntPtr ptrOwnerSid = IntPtr.Zero; IntPtr ptrGroupSid = IntPtr.Zero; IntPtr ptrDacl = IntPtr.Zero; IntPtr ptrSacl = IntPtr.Zero; IntPtr ptrSecDesc = IntPtr.Zero; DWORD rc = Win32.GetSecurityInfo(handle, objectType, securityInfo, ref ptrOwnerSid, ref ptrGroupSid, ref ptrDacl, ref ptrSacl, ref ptrSecDesc); if (rc != Win32.ERROR_SUCCESS) { Win32.SetLastError(rc); Win32.ThrowLastError(); } try { if (ptrOwnerSid != IntPtr.Zero) sidOwner = new Sid(ptrOwnerSid); if (ptrGroupSid != IntPtr.Zero) sidGroup = new Sid(ptrGroupSid); if (ptrDacl != IntPtr.Zero) dacl = new Dacl(ptrDacl); if (ptrSacl != IntPtr.Zero) sacl = new Sacl(ptrSacl); if (ptrSecDesc != IntPtr.Zero) secDesc = new SecurityDescriptor(ptrSecDesc, true); } catch { if (ptrSecDesc != IntPtr.Zero) Win32.LocalFree(ptrSecDesc); throw; } }