protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { modify_access_called = true; modify_access_called_count++; return(base.ModifyAccess(modification, rule, out modified)); }
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified) { if (rule == null) { throw new ArgumentNullException("rule"); } if (!this.AuditRuleType.IsAssignableFrom(rule.GetType())) { throw new ArgumentException( Environment.GetResourceString("AccessControl_InvalidAuditRuleType"), "rule"); } Contract.EndContractBlock(); WriteLock(); try { return(ModifyAudit(modification, rule, out modified)); } finally { WriteUnlock(); } }
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified) { if (rule == null) { throw new ArgumentNullException("rule"); } if (!this.AccessRuleType.GetTypeInfo().IsAssignableFrom(rule.GetType().GetTypeInfo())) { throw new ArgumentException( SR.AccessControl_InvalidAccessRuleType, "rule"); } Contract.EndContractBlock(); WriteLock(); try { return(ModifyAccess(modification, rule, out modified)); } finally { WriteUnlock(); } }
public override bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified) { if (!this.DaclRetrieved()) { throw new InvalidOperationException(Res.GetString("CannotModifyDacl")); } return base.ModifyAccessRule(modification, rule, out modified); }
public override bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified) { if (!this.SaclRetrieved()) { throw new InvalidOperationException(Res.GetString("CannotModifySacl")); } return(base.ModifyAuditRule(modification, rule, out modified)); }
public virtual new bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified) { Contract.Requires(this.AccessRuleType != null); modified = default(bool); return default(bool); }
/// <summary>将指定修改应用于与此 <see cref="T:System.Security.AccessControl.DirectoryObjectSecurity" /> 对象关联的系统访问控制列表 (SACL)。</summary> /// <returns>如果成功修改了 SACL,则为 true;否则为 false。</returns> /// <param name="modification">要应用于 SACL 的修改。</param> /// <param name="rule">要修改的审核规则。</param> /// <param name="modified">如果成功修改了 SACL,则为 true;否则为 false。</param> protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { if (!this.AuditRuleType.IsAssignableFrom(rule.GetType())) { throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAuditRuleType"), "rule"); } return(this.ModifyAudit(modification, rule as ObjectAuditRule, out modified)); }
public virtual new bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified) { Contract.Requires(this.AuditRuleType != null); modified = default(bool); return(default(bool)); }
public static bool SetFolderACL(String FolderPath, String UserName, FileSystemRights Rights, AccessControlType AllowOrDeny, InheritanceFlags Inherits, PropagationFlags PropagateToChildren, AccessControlModification AddResetOrRemove) { bool ret; DirectoryInfo folder = new DirectoryInfo(FolderPath); DirectorySecurity dSecurity = folder.GetAccessControl(AccessControlSections.All); FileSystemAccessRule accRule = new FileSystemAccessRule(UserName, Rights, Inherits, PropagateToChildren, AllowOrDeny); dSecurity.ModifyAccessRule(AddResetOrRemove, accRule, out ret); folder.SetAccessControl(dSecurity); return ret; }
public override bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified) { if (!DaclRetrieved()) { throw new InvalidOperationException(SR.CannotModifyDacl); } return(base.ModifyAccessRule(modification, rule, out modified)); }
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { if (!this.AccessRuleType.IsAssignableFrom(rule.GetType())) { throw new ArgumentException( Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule"); } Contract.EndContractBlock(); return(ModifyAccess(modification, rule as ObjectAccessRule, out modified)); }
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { //if (this.AccessRuleType.IsAssignableFrom(rule.GetType().GetTypeInfo())) ////if (!TypeExtensions.IsAssignableFrom(this.AuditRuleType, rule.GetType())) //{ // throw new ArgumentException( // SR.AccessControl_InvalidAuditRuleType, // "rule"); //} return(ModifyAudit(modification, rule as ObjectAuditRule, out modified)); }
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified) { if (rule == null) { throw new ArgumentNullException("rule"); } if (!AuditRuleType.IsAssignableFrom(rule.GetType())) { throw new ArgumentException("rule"); } return(ModifyAudit(modification, rule, out modified)); }
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { foreach (AccessRule r in access_rules) { if (rule != r) { continue; } switch (modification) { case AccessControlModification.Add: AddAccessRule(rule); break; case AccessControlModification.Set: SetAccessRule(rule); break; case AccessControlModification.Reset: ResetAccessRule(rule); break; case AccessControlModification.Remove: RemoveAccessRule(rule); break; case AccessControlModification.RemoveAll: RemoveAccessRuleAll(rule); break; case AccessControlModification.RemoveSpecific: RemoveAccessRuleSpecific(rule); break; } modified = true; return(true); } modified = false; return(false); }
/// <summary>Applies the specified modification to the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.</summary> /// <returns>true if the DACL is successfully modified; otherwise, false.</returns> /// <param name="modification">The modification to apply to the DACL.</param> /// <param name="rule">The access rule to modify.</param> /// <param name="modified">true if the DACL is successfully modified; otherwise, false.</param> protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { foreach (AccessRule accessRule in this.access_rules) { if (rule == accessRule) { switch (modification) { case AccessControlModification.Add: this.AddAccessRule(rule); break; case AccessControlModification.Set: this.SetAccessRule(rule); break; case AccessControlModification.Reset: this.ResetAccessRule(rule); break; case AccessControlModification.Remove: this.RemoveAccessRule(rule); break; case AccessControlModification.RemoveAll: this.RemoveAccessRuleAll(rule); break; case AccessControlModification.RemoveSpecific: this.RemoveAccessRuleSpecific(rule); break; } modified = true; return(true); } } modified = false; return(false); }
/// <summary>Applies the specified modification to the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.</summary> /// <param name="modification">The modification to apply to the DACL.</param> /// <param name="rule">The access rule to modify.</param> /// <param name="modified"> /// <see langword="true" /> if the DACL is successfully modified; otherwise, <see langword="false" />.</param> /// <returns> /// <see langword="true" /> if the DACL is successfully modified; otherwise, <see langword="false" />.</returns> // Token: 0x06001FB8 RID: 8120 RVA: 0x0006EBB0 File Offset: 0x0006CDB0 public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified) { if (rule == null) { throw new ArgumentNullException("rule"); } if (!this.AccessRuleType.IsAssignableFrom(rule.GetType())) { throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule"); } this.WriteLock(); bool result; try { result = this.ModifyAccess(modification, rule, out modified); } finally { this.WriteUnlock(); } return(result); }
public override bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified) { if (this.SaclRetrieved()) { return base.ModifyAuditRule(modification, rule, out modified); } else { throw new InvalidOperationException("CannotModifySacl"); } }
public override bool ModifyAccessRule (AccessControlModification modification, AccessRule rule, out bool modified) { throw new NotImplementedException (); }
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { modified = false; return(modified); }
// // Modifies the DACL // protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); WriteLock(); try { bool result = true; if ( _securityDescriptor.DiscretionaryAcl == null ) { if ( modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific ) { modified = false; return result; } _securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl( IsContainer, IsDS, GenericAcl.AclRevision, 1 ); _securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent); } SecurityIdentifier sid = rule.IdentityReference.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier; if ( rule.AccessControlType == AccessControlType.Allow ) { switch ( modification ) { case AccessControlModification.Add: _securityDescriptor.DiscretionaryAcl.AddAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Set: _securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Reset: _securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 ); _securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Remove: result = _securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.RemoveAll: result = _securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 ); if ( result == false ) { Contract.Assert( false, "Invalid operation" ); throw new SystemException(); } break; case AccessControlModification.RemoveSpecific: _securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific( AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; default : throw new ArgumentOutOfRangeException( "modification", Environment.GetResourceString( "ArgumentOutOfRange_Enum" )); } } else if ( rule.AccessControlType == AccessControlType.Deny ) { switch ( modification ) { case AccessControlModification.Add : _securityDescriptor.DiscretionaryAcl.AddAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Set : _securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Reset : _securityDescriptor.DiscretionaryAcl.RemoveAccess( AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 ); _securityDescriptor.DiscretionaryAcl.SetAccess( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Remove : result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.RemoveAll : result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 ); if ( result == false ) { Contract.Assert( false, "Invalid operation" ); throw new SystemException(); } break; case AccessControlModification.RemoveSpecific : _securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific( AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; default : throw new ArgumentOutOfRangeException( "modification", Environment.GetResourceString( "ArgumentOutOfRange_Enum" )); } } else { Contract.Assert( false, "rule.AccessControlType unrecognized" ); throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)rule.AccessControlType), "rule.AccessControlType" ); } modified = result; AccessRulesModified |= modified; return result; } finally { WriteUnlock(); } }
// // Modifies the DACL // private bool ModifyAccess(AccessControlModification modification, ObjectAccessRule rule, out bool modified) { bool result = true; if (_securityDescriptor.DiscretionaryAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return result; } _securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1); _securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset ) && ( rule.ObjectFlags != ObjectAceFlags.None )) { // // This will result in an object ace being added to the dacl, so the dacl revision must be AclRevisionDS // if ( _securityDescriptor.DiscretionaryAcl.Revision < GenericAcl.AclRevisionDS ) { // // we need to create a new dacl with the same aces as the existing one but the revision should be AclRevisionDS // byte[] binaryForm = new byte[_securityDescriptor.DiscretionaryAcl.BinaryLength]; _securityDescriptor.DiscretionaryAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form _securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0)); } } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier )) as SecurityIdentifier; if (rule.AccessControlType == AccessControlType.Allow) { switch (modification) { case AccessControlModification.Add : _securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Set : _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Reset : _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Remove : result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.RemoveAll : result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { Contract.Assert(false, "Invalid operation"); throw new SystemException(); } break; case AccessControlModification.RemoveSpecific : _securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; default : throw new ArgumentOutOfRangeException( "modification", Environment.GetResourceString( "ArgumentOutOfRange_Enum" )); } } else if (rule.AccessControlType == AccessControlType.Deny) { switch (modification) { case AccessControlModification.Add : _securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Set : _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Reset : _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Remove : result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.RemoveAll : result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { Contract.Assert(false, "Invalid operation"); throw new SystemException(); } break; case AccessControlModification.RemoveSpecific : _securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; default : throw new ArgumentOutOfRangeException( "modification", Environment.GetResourceString( "ArgumentOutOfRange_Enum" )); } } else { Contract.Assert(false, "rule.AccessControlType unrecognized"); throw new SystemException(); } modified = result; AccessRulesModified |= modified; return result; }
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule ruleout, System.Boolean& modified) { }
/// <summary> /// This member is not implemented. /// </summary> /// <param name="modification"> /// The modification to apply to the SACL. /// </param> /// <param name="rule"> /// The audit rule to modify. /// </param> /// <param name="modified"> /// <strong>True</strong> if the SACL is successfully modified; otherwise, <strong>False</strong>. /// </param> /// <exception cref="NotSupportedException">The exception is thrown when the method is invoked.</exception> /// <returns>This method always throws exception.</returns> /// <remarks>This member is not implemented.</remarks> public override bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out Boolean modified) { throw new NotSupportedException("Audit rules are not supported for this object"); }
// // Modifies the SACL // private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified) { bool result = true; if (SecurityDescriptor.SystemAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return(result); } //_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1); //_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); SecurityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None)) { // // This will result in an object ace being added to the sacl, so the sacl revision must be AclRevisionDS // if (SecurityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS) { // // we need to create a new sacl with the same aces as the existing one but the revision should be AclRevisionDS // byte[] binaryForm = new byte[SecurityDescriptor.SystemAcl.BinaryLength]; SecurityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form SecurityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0)); } } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: //_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.SystemAcl.AddAudit(sid, rule); break; case AccessControlModification.Set: //_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.SystemAcl.SetAudit(sid, rule); break; case AccessControlModification.Reset: SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); //_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.SystemAcl.SetAudit(sid, rule); break; case AccessControlModification.Remove: //result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); result = SecurityDescriptor.SystemAcl.RemoveAudit(sid, rule); break; case AccessControlModification.RemoveAll: result = SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { throw new InvalidOperationException(SR.InvalidOperation_RemoveFail); } break; case AccessControlModification.RemoveSpecific: //_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule); break; default: throw new ArgumentOutOfRangeException( nameof(modification), SR.ArgumentOutOfRange_Enum); } modified = result; AuditRulesModified |= modified; return(result); }
protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified) { foreach (AccessRule r in access_rules) { if (rule != r) continue; switch (modification) { case AccessControlModification.Add: AddAccessRule (rule); break; case AccessControlModification.Set: SetAccessRule (rule); break; case AccessControlModification.Reset: ResetAccessRule (rule); break; case AccessControlModification.Remove: RemoveAccessRule (rule); break; case AccessControlModification.RemoveAll: RemoveAccessRuleAll (rule); break; case AccessControlModification.RemoveSpecific: RemoveAccessRuleSpecific (rule); break; } modified = true; return true; } modified = false; return false; }
protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified) { modify_access_called = true; modified = true; return modified; }
protected override bool ModifyAudit (AccessControlModification modification, AuditRule rule, out bool modified) { modified = false; return modified; }
private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified) { bool flag = true; if (base._securityDescriptor.SystemAcl == null) { if (((modification == AccessControlModification.Remove) || (modification == AccessControlModification.RemoveAll)) || (modification == AccessControlModification.RemoveSpecific)) { modified = false; return flag; } base._securityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, GenericAcl.AclRevisionDS, 1); base._securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); } else if ((((modification == AccessControlModification.Add) || (modification == AccessControlModification.Set)) || (modification == AccessControlModification.Reset)) && ((rule.ObjectFlags != ObjectAceFlags.None) && (base._securityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS))) { byte[] binaryForm = new byte[base._securityDescriptor.SystemAcl.BinaryLength]; base._securityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; base._securityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, new RawAcl(binaryForm, 0)); } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: base._securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Set: base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Reset: base._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Remove: flag = base._securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.RemoveAll: flag = base._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (!flag) { throw new SystemException(); } break; case AccessControlModification.RemoveSpecific: base._securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; default: throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum")); } modified = flag; base.AuditRulesModified |= modified; return flag; }
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { if (!this.AccessRuleType.IsAssignableFrom(rule.GetType())) { throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule"); } return this.ModifyAccess(modification, rule as ObjectAccessRule, out modified); }
protected override bool ModifyAccess (AccessControlModification modification, AccessRule rule, out bool modified) { if (null == rule) throw new ArgumentNullException ("rule"); modified = true; WriteLock (); try { switch (modification) { case AccessControlModification.Add: descriptor.DiscretionaryAcl.AddAccess (rule.AccessControlType, SidFromIR (rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Set: descriptor.DiscretionaryAcl.SetAccess (rule.AccessControlType, SidFromIR (rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Reset: PurgeAccessRules (rule.IdentityReference); goto case AccessControlModification.Add; case AccessControlModification.Remove: modified = descriptor.DiscretionaryAcl.RemoveAccess (rule.AccessControlType, SidFromIR (rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.RemoveAll: PurgeAccessRules (rule.IdentityReference); break; case AccessControlModification.RemoveSpecific: descriptor.DiscretionaryAcl.RemoveAccessSpecific (rule.AccessControlType, SidFromIR (rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; default: throw new ArgumentOutOfRangeException ("modification"); } if (modified) AccessRulesModified = true; } finally { WriteUnlock (); } return modified; }
public virtual bool ModifyAuditRule (AccessControlModification modification, AuditRule rule, out bool modified) { if (rule == null) throw new ArgumentNullException ("rule"); if (!AuditRuleType.IsAssignableFrom (rule.GetType())) throw new ArgumentException ("rule"); return ModifyAudit (modification, rule, out modified); }
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified);
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { modified = default(bool); return default(bool); }
// // Modifies the DACL // protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); WriteLock(); try { bool result = true; if (_securityDescriptor.DiscretionaryAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return(result); } _securityDescriptor.DiscretionaryAcl = new DiscretionaryAcl(IsContainer, IsDS, GenericAcl.AclRevision, 1); _securityDescriptor.AddControlFlags(ControlFlags.DiscretionaryAclPresent); } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; if (rule.AccessControlType == AccessControlType.Allow) { switch (modification) { case AccessControlModification.Add: _securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Set: _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Reset: _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0); _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Remove: result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.RemoveAll: result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0); if (result == false) { Contract.Assert(false, "Invalid operation"); throw new InvalidOperationException(); } break; case AccessControlModification.RemoveSpecific: _securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Allow, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; default: throw new ArgumentOutOfRangeException( "modification", SR.ArgumentOutOfRange_Enum); } } else if (rule.AccessControlType == AccessControlType.Deny) { switch (modification) { case AccessControlModification.Add: _securityDescriptor.DiscretionaryAcl.AddAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Set: _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Reset: _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Allow, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0); _securityDescriptor.DiscretionaryAcl.SetAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Remove: result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.RemoveAll: result = _securityDescriptor.DiscretionaryAcl.RemoveAccess(AccessControlType.Deny, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0); if (result == false) { Contract.Assert(false, "Invalid operation"); throw new InvalidOperationException(); } break; case AccessControlModification.RemoveSpecific: _securityDescriptor.DiscretionaryAcl.RemoveAccessSpecific(AccessControlType.Deny, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; default: throw new ArgumentOutOfRangeException( "modification", SR.ArgumentOutOfRange_Enum); } } else { Contract.Assert(false, "rule.AccessControlType unrecognized"); throw new ArgumentException(SR.Format(SR.Arg_EnumIllegalVal, (int)rule.AccessControlType), "rule.AccessControlType"); } modified = result; AccessRulesModified |= modified; return(result); } finally { WriteUnlock(); } }
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified);
// // Modifies the SACL // private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified) { bool result = true; if (_securityDescriptor.SystemAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return result; } //_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1); //_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); _securityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None)) { // // This will result in an object ace being added to the sacl, so the sacl revision must be AclRevisionDS // if (_securityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS) { // // we need to create a new sacl with the same aces as the existing one but the revision should be AclRevisionDS // byte[] binaryForm = new byte[_securityDescriptor.SystemAcl.BinaryLength]; _securityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form _securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0)); } } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: //_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.SystemAcl.AddAudit(sid, rule); break; case AccessControlModification.Set: //_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.SystemAcl.SetAudit(sid, rule); break; case AccessControlModification.Reset: _securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); //_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.SystemAcl.SetAudit(sid, rule); break; case AccessControlModification.Remove: //result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); result = _securityDescriptor.SystemAcl.RemoveAudit(sid, rule); break; case AccessControlModification.RemoveAll: result = _securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { Debug.Assert(false, "Invalid operation"); throw new Exception(); } break; case AccessControlModification.RemoveSpecific: //_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule); break; default: throw new ArgumentOutOfRangeException( "modification", SR.ArgumentOutOfRange_Enum); } modified = result; AuditRulesModified |= modified; return result; }
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule ruleout , System.Boolean& modified) {}
public virtual bool ModifyAccessRule(AccessControlModification modification, AccessRule rule, out bool modified) { bool flag; if (rule == null) { throw new ArgumentNullException("rule"); } if (!this.AccessRuleType.IsAssignableFrom(rule.GetType())) { throw new ArgumentException(Environment.GetResourceString("AccessControl_InvalidAccessRuleType"), "rule"); } this.WriteLock(); try { flag = this.ModifyAccess(modification, rule, out modified); } finally { this.WriteUnlock(); } return flag; }
// // Modifies the SACL // protected override bool ModifyAudit( AccessControlModification modification, AuditRule rule, out bool modified ) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); WriteLock(); try { bool result = true; if ( _securityDescriptor.SystemAcl == null ) { if ( modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific ) { modified = false; return result; } _securityDescriptor.SystemAcl = new SystemAcl( IsContainer, IsDS, GenericAcl.AclRevision, 1 ); _securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); } SecurityIdentifier sid = rule.IdentityReference.Translate( typeof( SecurityIdentifier )) as SecurityIdentifier; switch ( modification ) { case AccessControlModification.Add : _securityDescriptor.SystemAcl.AddAudit( rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Set : _securityDescriptor.SystemAcl.SetAudit( rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Reset : _securityDescriptor.SystemAcl.SetAudit( rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.Remove : result = _securityDescriptor.SystemAcl.RemoveAudit( rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; case AccessControlModification.RemoveAll : result = _securityDescriptor.SystemAcl.RemoveAudit( AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0 ); if ( result == false ) { throw new InvalidProgramException(); } break; case AccessControlModification.RemoveSpecific : _securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags ); break; default : throw new ArgumentOutOfRangeException( "modification", Environment.GetResourceString( "ArgumentOutOfRange_Enum" )); } modified = result; AuditRulesModified |= modified; return result; } finally { WriteUnlock(); } }
protected abstract bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified);
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { if ( !this.AuditRuleType.IsAssignableFrom(rule.GetType()) ) { throw new ArgumentException( Environment.GetResourceString("AccessControl_InvalidAuditRuleType"), "rule"); } Contract.EndContractBlock(); return ModifyAudit(modification, rule as ObjectAuditRule, out modified); }
protected override bool ModifyAudit (AccessControlModification modification, AuditRule rule, out bool modified) { if (null == rule) throw new ArgumentNullException ("rule"); modified = true; WriteLock (); try { switch (modification) { case AccessControlModification.Add: if (null == descriptor.SystemAcl) descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1); descriptor.SystemAcl.AddAudit (rule.AuditFlags, SidFromIR (rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Set: if (null == descriptor.SystemAcl) descriptor.SystemAcl = new SystemAcl (IsContainer, IsDS, 1); descriptor.SystemAcl.SetAudit (rule.AuditFlags, SidFromIR (rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Reset: break; case AccessControlModification.Remove: if (null == descriptor.SystemAcl) modified = false; else modified = descriptor.SystemAcl.RemoveAudit (rule.AuditFlags, SidFromIR (rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.RemoveAll: PurgeAuditRules (rule.IdentityReference); break; case AccessControlModification.RemoveSpecific: if (null != descriptor.SystemAcl) descriptor.SystemAcl.RemoveAuditSpecific (rule.AuditFlags, SidFromIR (rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; default: throw new ArgumentOutOfRangeException ("modification"); } if (modified) AuditRulesModified = true; } finally { WriteUnlock (); } return modified; }
public virtual bool ModifyAuditRule (AccessControlModification modification, AuditRule rule, out bool modified) { throw new NotImplementedException (); }
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { modify_access_called = true; modified = true; return(modified); }
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, ref bool modified) { throw new NotImplementedException(); }
protected abstract bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified);
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified) { if ( rule == null ) { throw new ArgumentNullException( "rule" ); } if ( !this.AuditRuleType.IsAssignableFrom(rule.GetType()) ) { throw new ArgumentException( Environment.GetResourceString("AccessControl_InvalidAuditRuleType"), "rule"); } Contract.EndContractBlock(); WriteLock(); try { return ModifyAudit(modification, rule, out modified); } finally { WriteUnlock(); } }
protected abstract bool ModifyAudit(AccessControlModification modification, AuditRule rule, ref bool modified);
// // Modifies the SACL // protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); WriteLock(); try { bool result = true; if (_securityDescriptor.SystemAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return(result); } _securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevision, 1); _securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: _securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Set: _securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Reset: _securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Remove: result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.RemoveAll: result = _securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, 0); if (result == false) { throw new InvalidOperationException(); } break; case AccessControlModification.RemoveSpecific: _securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; default: throw new ArgumentOutOfRangeException( "modification", SR.ArgumentOutOfRange_Enum); } modified = result; AuditRulesModified |= modified; return(result); } finally { WriteUnlock(); } }
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { throw new NotImplementedException(); }
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { //if (this.AccessRuleType.IsAssignableFrom(rule.GetType().GetTypeInfo())) ////if (!TypeExtensions.IsAssignableFrom(this.AuditRuleType, rule.GetType())) //{ // throw new ArgumentException( // SR.AccessControl_InvalidAuditRuleType, // "rule"); //} Contract.EndContractBlock(); return ModifyAudit(modification, rule as ObjectAuditRule, out modified); }
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { bool flag2; if (rule == null) { throw new ArgumentNullException("rule"); } base.WriteLock(); try { bool flag = true; if (base._securityDescriptor.SystemAcl == null) { if (((modification == AccessControlModification.Remove) || (modification == AccessControlModification.RemoveAll)) || (modification == AccessControlModification.RemoveSpecific)) { modified = false; return flag; } base._securityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, GenericAcl.AclRevision, 1); base._securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: base._securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Set: base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Reset: base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Remove: flag = base._securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.RemoveAll: flag = base._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None); if (!flag) { throw new InvalidProgramException(); } break; case AccessControlModification.RemoveSpecific: base._securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; default: throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum")); } modified = flag; base.AuditRulesModified |= modified; flag2 = flag; } finally { base.WriteUnlock(); } return flag2; }
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, out bool modified) { if ( rule == null ) { throw new ArgumentNullException( nameof(rule)); } if ( !this.AuditRuleType.GetTypeInfo().IsAssignableFrom(rule.GetType().GetTypeInfo()) ) { throw new ArgumentException( SR.AccessControl_InvalidAuditRuleType, nameof(rule)); } Contract.EndContractBlock(); WriteLock(); try { return ModifyAudit(modification, rule, out modified); } finally { WriteUnlock(); } }
/// <summary> /// 设置文件夹访问权限 /// </summary> /// <param name="folderPath">文件夹路径</param> /// <param name="userName">需要设置权限的用户名</param> /// <param name="rights">访问权限</param> /// <param name="allowOrDeny">允许拒绝访问</param> /// <param name="inherits">继承标志指定访问控制项 (ACE) 的继承语义</param> /// <param name="propagateToChildren">指定如何将访问面控制项 (ACE) 传播到子对象。仅当存在继承标志时,这些标志才有意义</param> /// <param name="addResetOrRemove">指定要执行的访问控制修改的类型。此枚举由 System.Security.AccessControl.ObjectSecurity 类及其子类的方法使用</param> private bool SetFolderACL(string folderPath, string userName, FileSystemRights rights, AccessControlType allowOrDeny, InheritanceFlags inherits, PropagationFlags propagateToChildren, AccessControlModification addResetOrRemove) { DirectoryInfo folder = new DirectoryInfo(folderPath); DirectorySecurity dSecurity = folder.GetAccessControl(AccessControlSections.All); FileSystemAccessRule accRule = new FileSystemAccessRule(userName, rights, inherits, propagateToChildren, allowOrDeny); bool modified; dSecurity.ModifyAccessRule(addResetOrRemove, accRule, out modified); folder.SetAccessControl(dSecurity); return(modified); }
public virtual bool ModifyAuditRule(AccessControlModification modification, AuditRule rule, ref bool modified) { throw new NotImplementedException(); }
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { if (null == rule) { throw new ArgumentNullException("rule"); } modified = true; WriteLock(); try { switch (modification) { case AccessControlModification.Add: if (null == descriptor.SystemAcl) { descriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, 1); } descriptor.SystemAcl.AddAudit(rule.AuditFlags, SidFromIR(rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Set: if (null == descriptor.SystemAcl) { descriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, 1); } descriptor.SystemAcl.SetAudit(rule.AuditFlags, SidFromIR(rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Reset: break; case AccessControlModification.Remove: if (null == descriptor.SystemAcl) { modified = false; } else { modified = descriptor.SystemAcl.RemoveAudit(rule.AuditFlags, SidFromIR(rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); } break; case AccessControlModification.RemoveAll: PurgeAuditRules(rule.IdentityReference); break; case AccessControlModification.RemoveSpecific: if (null != descriptor.SystemAcl) { descriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, SidFromIR(rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); } break; default: throw new ArgumentOutOfRangeException("modification"); } if (modified) { AuditRulesModified = true; } } finally { WriteUnlock(); } return(modified); }
protected override bool ModifyAccess(AccessControlModification modification, AccessRule rule, out bool modified) { if (null == rule) { throw new ArgumentNullException("rule"); } modified = true; WriteLock(); try { switch (modification) { case AccessControlModification.Add: descriptor.DiscretionaryAcl.AddAccess(rule.AccessControlType, SidFromIR(rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Set: descriptor.DiscretionaryAcl.SetAccess(rule.AccessControlType, SidFromIR(rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.Reset: PurgeAccessRules(rule.IdentityReference); goto case AccessControlModification.Add; case AccessControlModification.Remove: modified = descriptor.DiscretionaryAcl.RemoveAccess(rule.AccessControlType, SidFromIR(rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; case AccessControlModification.RemoveAll: PurgeAccessRules(rule.IdentityReference); break; case AccessControlModification.RemoveSpecific: descriptor.DiscretionaryAcl.RemoveAccessSpecific(rule.AccessControlType, SidFromIR(rule.IdentityReference), rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags); break; default: throw new ArgumentOutOfRangeException("modification"); } if (modified) { AccessRulesModified = true; } } finally { WriteUnlock(); } return(modified); }