public static void GetNamedSecurityInfo(
string objectName,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
out Sid sidOwner,
out Sid sidGroup,
out Dacl dacl,
out Sacl sacl,
out SecurityDescriptor secDesc)
{
sidOwner = null;
sidGroup = null;
dacl = null;
sacl = null;
secDesc = null;
IntPtr ptrOwnerSid = IntPtr.Zero;
IntPtr ptrGroupSid = IntPtr.Zero;
IntPtr ptrDacl = IntPtr.Zero;
IntPtr ptrSacl = IntPtr.Zero;
IntPtr ptrSecDesc = IntPtr.Zero;
DWORD rc = Win32.GetNamedSecurityInfo(objectName, objectType, securityInfo,
ref ptrOwnerSid, ref ptrGroupSid, ref ptrDacl, ref ptrSacl, ref ptrSecDesc);
if (rc != Win32.ERROR_SUCCESS)
{
Win32.SetLastError(rc);
Win32.ThrowLastError();
}
try
{
if (ptrOwnerSid != IntPtr.Zero)
sidOwner = new Sid(ptrOwnerSid);
if (ptrGroupSid != IntPtr.Zero)
sidGroup = new Sid(ptrGroupSid);
if (ptrDacl != IntPtr.Zero)
dacl = new Dacl(ptrDacl);
if (ptrSacl != IntPtr.Zero)
sacl = new Sacl(ptrSacl);
if (ptrSecDesc != IntPtr.Zero)
secDesc = new SecurityDescriptor(ptrSecDesc, true);
}
catch
{
if (ptrSecDesc != IntPtr.Zero)
Win32.LocalFree(ptrSecDesc);
throw;
}
}
public System.IntPtr MarshalManagedToNative(object ManagedObj)
{
SecurityDescriptor sdIn = (SecurityDescriptor)ManagedObj;
IntPtr sdPtr = IntPtr.Zero;
if (sdIn != null)
{
_wrapper = sdIn; // Keep a ref to the managed object
sdPtr = sdIn.Ptr;
}
Debug.Assert(sdPtr != IntPtr.Zero,
"Warning: It's almost always a bad idea to use a NULL security descriptor");
return sdPtr;
}
private static void UnsafeSetSacl(SecurityDescriptor secDesc, Sacl sacl, bool defaulted)
{
if (sacl == null)
throw new ArgumentException("Can't set null SACL on a security descriptor", "sacl");
secDesc.MakeAbsolute();
// First we have to get a copy of the old group ptr, so that
// we can free it if everything goes well.
BOOL rc;
IntPtr pOldSacl = IntPtr.Zero;
if(!secDesc.IsNull)
{
BOOL oldDefaulted, oldPresent;
rc = Win32.GetSecurityDescriptorSacl(secDesc._secDesc, out oldPresent, ref pOldSacl, out oldDefaulted);
Win32.CheckCall(rc);
}
else
{
secDesc.AllocateAndInitializeSecurityDescriptor();
}
IntPtr pNewSacl = IntPtr.Zero;
try
{
if(!sacl.IsNull && !sacl.IsEmpty)
{
byte []pacl = sacl.GetNativeACL();
pNewSacl = Win32.AllocGlobal(pacl.Length);
Marshal.Copy(pacl, 0, pNewSacl, pacl.Length);
}
bool present = (sacl.IsNull || (pNewSacl != IntPtr.Zero));
rc = Win32.SetSecurityDescriptorSacl(
secDesc._secDesc, (present ? Win32.TRUE : Win32.FALSE),
pNewSacl, (defaulted ? Win32.TRUE : Win32.FALSE));
Win32.CheckCall(rc);
Win32.FreeGlobal(pOldSacl);
}
catch
{
Win32.FreeGlobal(pNewSacl);
throw;
}
}
private static unsafe void UnsafeSetOwner(SecurityDescriptor secDesc, Sid owner, bool defaulted)
{
if (! owner.IsValid)
throw new ArgumentException("SID must be valid to set as owner of a security descriptor", "owner");
secDesc.MakeAbsolute();
// First we have to get a copy of the old owner ptr, so that
// we can free it if everything goes well.
BOOL rc;
IntPtr pOldOwner;
if(!secDesc.IsNull)
{
BOOL oldDefaulted;
rc = Win32.GetSecurityDescriptorOwner(secDesc._secDesc, out pOldOwner, out oldDefaulted);
Win32.CheckCall(rc);
}
else
{
secDesc.AllocateAndInitializeSecurityDescriptor();
pOldOwner = IntPtr.Zero;
}
DWORD cbSidSize = (DWORD)owner.Size;
IntPtr pNewOwner = Win32.AllocGlobal(cbSidSize);
try
{
// Copy the SID content to pNewOwner memory
fixed (byte *pNewSid = owner.GetNativeSID())
{
rc = Win32.CopySid(cbSidSize, pNewOwner, (IntPtr)pNewSid);
Win32.CheckCall(rc);
}
// Set the new owner SID
rc = Win32.SetSecurityDescriptorOwner(secDesc._secDesc,
pNewOwner, (defaulted ? Win32.TRUE : Win32.FALSE));
Win32.CheckCall(rc);
// Now, we can free the old owner
Win32.FreeGlobal(pOldOwner);
}
catch
{
Win32.FreeGlobal(pNewOwner);
throw;
}
}
//
// Only called from the custom marshaler
//
internal void Parse(IntPtr pSecAttr)
{
if (pSecAttr == IntPtr.Zero)
throw new ArgumentException("Can't parse a NULL struct", "pSecAttr");
SECURITY_ATTRIBUTES attrs = (SECURITY_ATTRIBUTES)
new MemoryMarshaler(pSecAttr).ParseStruct(typeof(SECURITY_ATTRIBUTES));
_inheritHandles = Win32.ToBool(attrs.bInheritHandle);
if (attrs.lpSecurityDescriptor != IntPtr.Zero)
{
// Create a new SecDesc only if we don't already have one or
// if the one we have hasn't the same ptr to unmanged memory
if (_secDesc == null || _secDesc.Ptr != attrs.lpSecurityDescriptor)
_secDesc = new SecurityDescriptor(attrs.lpSecurityDescriptor);
}
}
