public static FileSecurity GetAccessControl(this FileInfo fileInfo, AccessControlSections includeSections) { if (fileInfo == null) throw new ArgumentNullException (nameof (fileInfo)); return fileInfo.GetAccessControl (includeSections); }
public static DirectorySecurity GetAccessControl(this DirectoryInfo directoryInfo, AccessControlSections includeSections) { if (directoryInfo == null) throw new ArgumentNullException (nameof (directoryInfo)); return directoryInfo.GetAccessControl (includeSections); }
public ObjectSecurity GetAccessControl(AccessControlSections includeSections) { using (this.provider.CurrentPSTransaction) { return this.txRegKey.GetAccessControl(includeSections); } }
public static RegistrySecurity GetAccessControl (this RegistryKey key, AccessControlSections includeSections) { if (key == null) throw new ArgumentNullException (nameof (key)); return key.GetAccessControl (includeSections); }
public string GetSddlForm(AccessControlSections includeSections) { Contract.Requires(3 < this.BinaryLength); Contract.Ensures(System.Security.AccessControl.GenericSecurityDescriptor.Revision == 1); return default(string); }
/// <summary> /// Gets the security descriptor for the item specified by <paramref name="path"/>. /// </summary> /// /// <param name="path"> /// The path to the item. /// </param> /// /// <param name="sections"> /// Specifies the parts of a security descriptor to retrieve. /// </param> /// /// <returns> /// Nothing. An object that represents the security descriptor for the item /// specified by path is written to the WriteSecurityDescriptorObject method. /// </returns> public void GetSecurityDescriptor(string path, AccessControlSections sections) { ObjectSecurity sd = null; IRegistryWrapper key = null; // Validate input first. if (String.IsNullOrEmpty(path)) { throw PSTraceSource.NewArgumentNullException("path"); } if ((sections & ~AccessControlSections.All) != 0) { throw PSTraceSource.NewArgumentException("sections"); } path = NormalizePath(path); key = GetRegkeyForPathWriteIfError(path, false); if (key != null) { try { sd = key.GetAccessControl(sections); } catch (System.Security.SecurityException e) { WriteError(new ErrorRecord(e, e.GetType().FullName, ErrorCategory.PermissionDenied, path)); return; } WriteSecurityDescriptorObject(sd, path); } }
protected NativeObjectSecurity (bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections) : this (isContainer, resourceType, name, includeSections, null, null) { }
protected NativeObjectSecurity (bool isContainer, ResourceType resourceType, SafeHandle handle, AccessControlSections includeSections) : this (isContainer, resourceType, handle, includeSections, null, null) { }
private static CommonSecurityDescriptor CreateInternal(ResourceType resourceType, bool isContainer, string name, SafeHandle handle, AccessControlSections includeSections, bool createByName, ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext) { RawSecurityDescriptor descriptor; if (createByName && (name == null)) { throw new ArgumentNullException("name"); } if (!createByName && (handle == null)) { throw new ArgumentNullException("handle"); } int errorCode = System.Security.AccessControl.Win32.GetSecurityInfo(resourceType, name, handle, includeSections, out descriptor); if (errorCode == 0) { return new CommonSecurityDescriptor(isContainer, false, descriptor, true); } Exception exception = null; if (exceptionFromErrorCode != null) { exception = exceptionFromErrorCode(errorCode, name, handle, exceptionContext); } if (exception == null) { switch (errorCode) { case 5: exception = new UnauthorizedAccessException(); goto Label_0132; case 0x51b: exception = new InvalidOperationException(Environment.GetResourceString("AccessControl_InvalidOwner")); goto Label_0132; case 0x51c: exception = new InvalidOperationException(Environment.GetResourceString("AccessControl_InvalidGroup")); goto Label_0132; case 0x57: exception = new InvalidOperationException(Environment.GetResourceString("AccessControl_UnexpectedError", new object[] { errorCode })); goto Label_0132; case 0x7b: exception = new ArgumentException(Environment.GetResourceString("Argument_InvalidName"), "name"); goto Label_0132; case 2: exception = (name == null) ? new FileNotFoundException() : new FileNotFoundException(name); goto Label_0132; case 0x546: exception = new NotSupportedException(Environment.GetResourceString("AccessControl_NoAssociatedSecurity")); goto Label_0132; } exception = new InvalidOperationException(Environment.GetResourceString("AccessControl_UnexpectedError", new object[] { errorCode })); } Label_0132: throw exception; }
protected NativeObjectSecurity (bool isContainer, ResourceType resourceType, SafeHandle handle, AccessControlSections includeSections, ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext) : this (isContainer, resourceType, handle, includeSections) { }
public static RegistrySecurity GetAccessControl(this RegistryKey key, AccessControlSections includeSections) { if (key.Handle == null) { throw new ObjectDisposedException(key.Name, SR.ObjectDisposed_RegKeyClosed); } return new RegistrySecurity(key.Handle, key.Name, includeSections); }
internal FileSecurity(SafeFileHandle handle, string fullPath, AccessControlSections includeSections) : base(false, handle, includeSections, false) { if (fullPath != null) { new FileIOPermission(FileIOPermissionAccess.NoAccess, AccessControlActions.View, fullPath).Demand(); } else { new FileIOPermission(PermissionState.Unrestricted).Demand(); } }
private static bool TryGetFileSecurity(string path, AccessControlSections sectionsNeeded, out FileSystemSecurity security) { var exists = false; security = null; if (File.Exists(path)) { exists = true; security = File.GetAccessControl(path, sectionsNeeded); } return exists; }
private bool TryGetDirectorySecurity(string path, AccessControlSections sectionsNeeded, out FileSystemSecurity security) { var exists = false; security = null; if (Directory.Exists(path)) { exists = true; security = Directory.GetAccessControl(path, sectionsNeeded); } return exists; }
} // GetPermissionProviderInstance #endregion private methods #region GetSecurityDescriptor /// <summary> /// Gets the security descriptor from the specified item. /// </summary> /// /// <param name="path"> /// The path to the item to retrieve the security descriptor from. /// </param> /// /// <param name="sections"> /// Specifies the parts of a security descriptor to retrieve. /// </param> /// /// <returns> /// The security descriptor for the item at the specified path. /// </returns> /// internal Collection<PSObject> GetSecurityDescriptor(string path, AccessControlSections sections) { if (path == null) { throw PSTraceSource.NewArgumentNullException("path"); } CmdletProviderContext context = new CmdletProviderContext(this.ExecutionContext); GetSecurityDescriptor(path, sections, context); context.ThrowFirstErrorOrDoNothing(); Collection<PSObject> contextResults = context.GetAccumulatedObjects() ?? new Collection<PSObject>(); return contextResults; } // GetSecurityDescriptor
/// <summary> /// Internal wrapper for the GetSecurityDescriptor protected method. This method will /// only be called if the provider implements the ISecurityDescriptorCmdletProvider interface. /// </summary> /// /// <param name="path"> /// The path to the item to retrieve the security descriptor from. /// </param> /// /// <param name="sections"> /// Specifies the parts of a security descriptor to retrieve. /// </param> /// /// <param name="context"> /// The context under which this method is being called. /// </param> /// /// <returns> /// Nothing. An instance of an object that represents the security descriptor /// for the item specified by the path should be written to the context. /// </returns> /// internal void GetSecurityDescriptor( string path, AccessControlSections sections, CmdletProviderContext context) { Context = context; ISecurityDescriptorCmdletProvider permissionProvider = this as ISecurityDescriptorCmdletProvider; // // if this is not supported, the fn will throw // CheckIfSecurityDescriptorInterfaceIsSupported(permissionProvider); // Call interface method permissionProvider.GetSecurityDescriptor(path, sections); } // GetSecurityDescriptor
/// <summary> /// Gets the SecurityDescriptor at the specified path, including only the specified /// AccessControlSections. /// </summary> /// /// <param name="path"> /// The path of the item to retrieve. It may be a drive or provider-qualified path and may include. /// glob characters. /// </param> /// /// <param name="sections"> /// The sections of the security descriptor to include. /// </param> /// /// <returns> /// Nothing. An object that represents the security descriptor for the item /// specified by path is written to the context's pipeline. /// </returns> /// /// <exception cref="System.ArgumentException"> /// path is null or empty. /// path doesn't exist /// sections is not valid. /// </exception> public void GetSecurityDescriptor(string path, AccessControlSections sections) { ObjectSecurity sd = null; path = NormalizePath(path); if (String.IsNullOrEmpty(path)) { throw PSTraceSource.NewArgumentNullException("path"); } if ((sections & ~AccessControlSections.All) != 0) { throw PSTraceSource.NewArgumentException("sections"); } var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE(); try { PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState); if (Directory.Exists(path)) { sd = new DirectorySecurity(path, sections); } else { sd = new FileSecurity(path, sections); } } catch (System.Security.SecurityException e) { WriteError(new ErrorRecord(e, e.GetType().FullName, ErrorCategory.PermissionDenied, path)); } finally { PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState); } WriteSecurityDescriptorObject(sd, path); }
/// <inheritdoc /> public DirectorySecurity GetAccessControl(string path, AccessControlSections includeSections) { return(this.SurroundWithExtension(() => System.IO.Directory.GetAccessControl(path, includeSections), path, includeSections)); }
public void SetSecurityDescriptorSddlForm(string sddlForm, AccessControlSections includeSections) { }
public DirectorySecurity(string name, AccessControlSections includeSections) { }
public GenericSecurity( bool isContainer, ResourceType resType, SafeHandle objectHandle, AccessControlSections sectionsRequested) : base(isContainer, resType, objectHandle, sectionsRequested) { }
public FileSecurity GetAccessControl(AccessControlSections includeSections) { return(File.GetAccessControlCore <FileSecurity>(false, LongFullName, includeSections, PathFormat.LongFullPath)); }
internal FileSystemSecurity(bool isContainer, SafeFileHandle?handle, AccessControlSections includeSections, bool isDirectory) : base(isContainer, s_ResourceType, handle, includeSections, _HandleErrorCode, isDirectory) { }
internal FileSystemSecurity(bool isContainer, string name, AccessControlSections includeSections, bool isDirectory) : base(isContainer, s_ResourceType, PathInternal.EnsureExtendedPrefixIfNeeded(Path.GetFullPath(name)), includeSections, _HandleErrorCode, isDirectory) { }
internal FileSystemSecurity(bool isContainer, string name, AccessControlSections includeSections, bool isDirectory) : base(isContainer, ResourceType.FileObject, name, includeSections, new NativeObjectSecurity.ExceptionFromErrorCode(FileSystemSecurity._HandleErrorCode), isDirectory) { }
// // Wrapper around advapi32.GetSecurityInfo // internal static unsafe int GetSecurityInfo( ResourceType resourceType, string?name, SafeHandle?handle, AccessControlSections accessControlSections, out RawSecurityDescriptor?resultSd ) { resultSd = null; int errorCode; IntPtr SidOwner, SidGroup, Dacl, Sacl, ByteArray; SecurityInfos SecurityInfos = 0; Privilege? privilege = null; if ((accessControlSections & AccessControlSections.Owner) != 0) { SecurityInfos |= SecurityInfos.Owner; } if ((accessControlSections & AccessControlSections.Group) != 0) { SecurityInfos |= SecurityInfos.Group; } if ((accessControlSections & AccessControlSections.Access) != 0) { SecurityInfos |= SecurityInfos.DiscretionaryAcl; } if ((accessControlSections & AccessControlSections.Audit) != 0) { SecurityInfos |= SecurityInfos.SystemAcl; privilege = new Privilege(Privilege.Security); } try { if (privilege != null) { try { privilege.Enable(); } catch (PrivilegeNotHeldException) { // we will ignore this exception and press on just in case this is a remote resource } } if (name != null) { errorCode = (int)Interop.Advapi32.GetSecurityInfoByName(name, (uint)resourceType, (uint)SecurityInfos, out SidOwner, out SidGroup, out Dacl, out Sacl, out ByteArray); } else if (handle != null) { if (handle.IsInvalid) { throw new ArgumentException( SR.Argument_InvalidSafeHandle, nameof(handle)); } else { errorCode = (int)Interop.Advapi32.GetSecurityInfoByHandle(handle, (uint)resourceType, (uint)SecurityInfos, &SidOwner, &SidGroup, &Dacl, &Sacl, &ByteArray); } } else { // both are null, shouldn't happen // Changing from SystemException to ArgumentException as this code path is indicative of a null name argument // as well as an accessControlSections argument with an audit flag throw new ArgumentException(); } if (errorCode == Interop.Errors.ERROR_SUCCESS && IntPtr.Zero.Equals(ByteArray)) { // // This means that the object doesn't have a security descriptor. And thus we throw // a specific exception for the caller to catch and handle properly. // throw new InvalidOperationException(SR.InvalidOperation_NoSecurityDescriptor); } else if (errorCode == Interop.Errors.ERROR_NOT_ALL_ASSIGNED || errorCode == Interop.Errors.ERROR_PRIVILEGE_NOT_HELD) { throw new PrivilegeNotHeldException(Privilege.Security); } else if (errorCode == Interop.Errors.ERROR_ACCESS_DENIED || errorCode == Interop.Errors.ERROR_CANT_OPEN_ANONYMOUS) { throw new UnauthorizedAccessException(); } if (errorCode != Interop.Errors.ERROR_SUCCESS) { goto Error; } } catch { // protection against exception filter-based luring attacks privilege?.Revert(); throw; } finally { privilege?.Revert(); } // // Extract data from the returned pointer // uint Length = Interop.Advapi32.GetSecurityDescriptorLength(ByteArray); byte[] BinaryForm = new byte[Length]; Marshal.Copy(ByteArray, BinaryForm, 0, (int)Length); Marshal.FreeHGlobal(ByteArray); resultSd = new RawSecurityDescriptor(BinaryForm, 0); return(Interop.Errors.ERROR_SUCCESS); Error: if (errorCode == Interop.Errors.ERROR_NOT_ENOUGH_MEMORY) { throw new OutOfMemoryException(); } return(errorCode); }
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { return(DokanResult.Error); }
public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { security = (FileSystemSecurity)null; return(NtStatus.NoSuchPrivilege); }
public override DirectorySecurity GetAccessControl(AccessControlSections includeSections) { return(instance.GetAccessControl(includeSections)); }
public override FileSecurity GetAccessControl(string path, AccessControlSections includeSections) { return(new FileInfo(path).GetAccessControl(includeSections)); }
internal RegistrySecurity(SafeRegistryHandle hKey, string name, AccessControlSections includeSections) : base(true, ResourceType.RegistryKey, hKey, includeSections, _HandleErrorCode, null) { }
public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { OnFileRead(fileName); try { security = info.IsDirectory ? (FileSystemSecurity)Directory.GetAccessControl(GetPath(fileName)) : File.GetAccessControl(GetPath(fileName)); return(Trace(nameof(GetFileSecurity), fileName, info, DokanResult.Success, sections.ToString())); } catch (UnauthorizedAccessException) { security = null; return(Trace(nameof(GetFileSecurity), fileName, info, DokanResult.AccessDenied, sections.ToString())); } }
new public void Persist(SafeHandle handle, AccessControlSections includeSections) { base.Persist(handle, includeSections); }
internal static T GetAccessControlCore <T>(bool isFolder, string path, AccessControlSections includeSections, PathFormat pathFormat) { SecurityInformation securityInfo = 0; PrivilegeEnabler privilegeEnabler = null; if ((includeSections & AccessControlSections.Access) != 0) { securityInfo |= SecurityInformation.Dacl; } if ((includeSections & AccessControlSections.Group) != 0) { securityInfo |= SecurityInformation.Group; } if ((includeSections & AccessControlSections.Owner) != 0) { securityInfo |= SecurityInformation.Owner; } if ((includeSections & AccessControlSections.Audit) != 0) { // We need the SE_SECURITY_NAME privilege enabled to be able to get the // SACL descriptor. So we enable it here for the remainder of this function. privilegeEnabler = new PrivilegeEnabler(Privilege.Security); securityInfo |= SecurityInformation.Sacl; } using (privilegeEnabler) { string pathLp = Path.GetExtendedLengthPathCore(null, path, pathFormat, GetFullPathOptions.RemoveTrailingDirectorySeparator | GetFullPathOptions.FullCheck); IntPtr pSidOwner, pSidGroup, pDacl, pSacl; SafeGlobalMemoryBufferHandle pSecurityDescriptor; ObjectSecurity objectSecurity; uint lastError = Security.NativeMethods.GetNamedSecurityInfo(pathLp, ObjectType.FileObject, securityInfo, out pSidOwner, out pSidGroup, out pDacl, out pSacl, out pSecurityDescriptor); try { if (lastError == Win32Errors.ERROR_FILE_NOT_FOUND || lastError == Win32Errors.ERROR_PATH_NOT_FOUND) { lastError = (isFolder ? Win32Errors.ERROR_PATH_NOT_FOUND : Win32Errors.ERROR_FILE_NOT_FOUND); } // If the function fails, the return value is zero. if (lastError != Win32Errors.ERROR_SUCCESS) { NativeError.ThrowException(lastError, pathLp); } if (!NativeMethods.IsValidHandle(pSecurityDescriptor, false)) { throw new IOException(Resources.Returned_Invalid_Security_Descriptor); } uint length = Security.NativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor); // Seems not to work: Method .CopyTo: length > Capacity, so an Exception is thrown. //byte[] managedBuffer = new byte[length]; //pSecurityDescriptor.CopyTo(managedBuffer, 0, (int) length); byte[] managedBuffer = pSecurityDescriptor.ToByteArray(0, (int)length); objectSecurity = (isFolder) ? (ObjectSecurity) new DirectorySecurity() : new FileSecurity(); objectSecurity.SetSecurityDescriptorBinaryForm(managedBuffer); } finally { if (pSecurityDescriptor != null) { pSecurityDescriptor.Close(); } } return((T)(object)objectSecurity); } }
/// <summary> /// Sets the security of a file or directory object. /// </summary> /// <param name="fileName">File path requested by the Kernel on the FileSystem.</param> /// <param name="security">A FileSystemSecurity with security information to set.</param> /// <param name="sections">A AccessControlSections with access sections on which.</param> /// <param name="info">An IDokanFileInfo with information about the file or directory.</param> /// <returns>NtStatus or DokanResult appropriate to the request result.</returns> public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, IDokanFileInfo info) { // TODO implement SetFileSecurity return(NtStatus.Success); }
protected NativeObjectSecurity(bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections);
/// <summary> /// Get specified information about the security of a file or directory. /// /// If NtStatus.NotImplemented is returned, dokan library will handle the request by building a sddl of the current process user with authenticate user rights for context menu. /// </summary> /// <param name="fileName">File or directory name.</param> /// <param name="security">A FileSystemSecurity with security information to return.</param> /// <param name="sections">A AccessControlSections with access sections to return.</param> /// <param name="info">An IDokanFileInfo with information about the file or directory.</param> /// <returns></returns> public NtStatus GetFileSecurity(string fileName, out FileSystemSecurity security, AccessControlSections sections, IDokanFileInfo info) { // TODO implement GetFileSecurity security = new DirectorySecurity(); // FileSecurity return(NtStatus.Success); }
protected sealed override void Persist(SafeHandle handle, AccessControlSections includeSections);
public void SetSecurityDescriptorBinaryForm(byte[] binaryForm, AccessControlSections includeSections) { }
protected sealed override void Persist(string name, AccessControlSections includeSections);
public string GetSecurityDescriptorSddlForm(AccessControlSections includeSections) { }
public string GetSecurityDescriptorSddlForm(AccessControlSections includeSections);
protected virtual void Persist(SafeHandle handle, AccessControlSections includeSections);
public void SetSecurityDescriptorBinaryForm(byte[] binaryForm, AccessControlSections includeSections);
public NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { OnFileChanged(fileName); try { if (info.IsDirectory) { Directory.SetAccessControl(GetPath(fileName), (DirectorySecurity)security); } else { File.SetAccessControl(GetPath(fileName), (FileSecurity)security); } return(Trace(nameof(SetFileSecurity), fileName, info, DokanResult.Success, sections.ToString())); } catch (UnauthorizedAccessException) { return(Trace(nameof(SetFileSecurity), fileName, info, DokanResult.AccessDenied, sections.ToString())); } }
public static FileSecurity GetAccessControl(string path, AccessControlSections includeSections) { return(GetAccessControlCore <FileSecurity>(false, path, includeSections, PathFormat.RelativePath)); }
protected NativeObjectSecurity(bool isContainer, ResourceType resourceType, SafeHandle handle, AccessControlSections includeSections);
public DirectorySecurity GetAccessControl(AccessControlSections includeSections) { return(Directory.GetAccessControl(base.FullPath, includeSections)); }
protected NativeObjectSecurity(bool isContainer, ResourceType resourceType, string name, AccessControlSections includeSections, NativeObjectSecurity.ExceptionFromErrorCode exceptionFromErrorCode, object exceptionContext);
public override NtStatus SetFileSecurity(string fileName, FileSystemSecurity security, AccessControlSections sections, DokanFileInfo info) { return(NtStatus.DiskFull); }
protected void Persist(SafeHandle handle, AccessControlSections includeSections, object exceptionContext);
public abstract FileSecurity GetAccessControl(string path, AccessControlSections includeSections);
protected void Persist(string name, AccessControlSections includeSections, object exceptionContext);
internal PipeSecurity(SafeHandle handle, AccessControlSections includeSections) : base(false, ResourceType.FileObject, handle, includeSections) { }
protected virtual void Persist(bool enableOwnershipPrivilege, string name, AccessControlSections includeSections);
public PipeSecurity(string pipeName, AccessControlSections sectionsRequested) : base("\\\\.\\pipe\\" + pipeName, ResourceType.FileObject, sectionsRequested, false) { }
protected virtual void Persist(string name, AccessControlSections includeSections);
public PipeSecurity(IntPtr pipeHandle, AccessControlSections sectionsRequested) : base(BaseSecurity.GetReadHandle(pipeHandle), ResourceType.FileObject, sectionsRequested, false) { }
public void SetSecurityDescriptorSddlForm(string sddlForm, AccessControlSections includeSections);
public static DirectorySecurity GetAccessControl(string path, AccessControlSections includeSections) { throw new PlatformNotSupportedException(); }