public unsafe static extern BOOL AddAccessAllowedAceEx( ACL *pAcl, uint dwAceRevision, // This is AceInheritence uint AceFlags, ACCESS_MASK AccessMask, SID *pSid);
protected unsafe static extern bool AddAccessAllowedAceEx( [In, Out] ACL *pAcl, uint dwAceRevision, uint AceFlags, uint AccessMask, SID *pSid );
// Get User's SID from UserName protected unsafe SID *getUserSid(string szUserName) { string szDomain = null; uint cbDomain = 0; uint cbUserSID = 0; SID * pUserSID = null; SID_NAME_USE snuType; int fAPISuccess = LookupAccountName(null, szUserName, pUserSID, &cbUserSID, szDomain, &cbDomain, &snuType); if (fAPISuccess != 0) { // It worked. There is no way this will happen. return(pUserSID); } pUserSID = (SID *)LocalAlloc(0, cbUserSID); if (pUserSID == null) { throw new Exception(); } szDomain = new String('a', (int)cbDomain); LookupAccountName(null, szUserName, pUserSID, &cbUserSID, szDomain, &cbDomain, &snuType); if (IsValidSid(pUserSID) == 0) { throw new Exception(); } return(pUserSID); }
/// <summary> /// Use this to copy from a native buffer, as the defined SID will likely not have a full set of SubAuthorities. /// </summary> public unsafe SID(SID *native) { this = default; Revision = native->Revision; SubAuthorityCount = native->SubAuthorityCount; IdentifierAuthority = native->IdentifierAuthority; _subAuthorities.CopyAuthorities(in native->_subAuthorities, SubAuthorityCount); }
protected unsafe static extern bool AllocateAndInitializeSid( SID_IDENTIFIER_AUTHORITY *pIdentifierAuthority, byte nSubAuthorityCount, uint dwSubAuthority0, uint dwSubAuthority1, uint dwSubAuthority2, uint dwSubAuthority3, uint dwSubAuthority4, uint dwSubAuthority5, uint dwSubAuthority6, uint dwSubAuthority8, out SID *pSid );
public unsafe void PassedAsInDoesNotCopy() { SID sid = new SID(); SID *sp = &sid; void CheckSid(in SID insid, SID *insp) { fixed(SID *pinsid = &insid) { (pinsid == insp).Should().BeTrue(); } } CheckSid(sid, sp); }
/// <summary> /// Use this to copy from a native buffer, as the defined SID will likely not have /// a full set of SubAuthorities. /// </summary> public unsafe static void CopyFromNative(SID *native, out SID copy) { copy = new SID { Revision = native->Revision, SubAuthorityCount = native->SubAuthorityCount, IdentifierAuthority = native->IdentifierAuthority }; if (copy.SubAuthorityCount != 0) { ReadOnlySpan <uint> source = new ReadOnlySpan <uint>(native->SubAuthority, copy.SubAuthorityCount); fixed(uint *c = copy.SubAuthority) { Span <uint> destination = new Span <uint>(c, copy.SubAuthorityCount); source.CopyTo(destination); } } }
public TRUSTEE(SID *sid) { this = default; TrusteeForm = TrusteeForm.Sid; pstrName = sid; }
public unsafe static extern BOOL CopySid( uint nDestinationSidLength, out SID pDestinationSid, SID *pSourceSid);
public unsafe static extern BOOL CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType, SID *DomainSid, SID *pSid, ref uint cbSid);
protected unsafe static extern int IsValidSid(SID *pSid);
internal SecurityACL(string username) { // Get SID for user puserSID = getUserSid(username); }
protected unsafe ACL *insertAccessAllowedAce(ACL *pdaclOld, uint grfMask, uint grfInherit, SID *psid) { ACL_SIZE_INFORMATION si; uint size = (uint)sizeof(ACL_SIZE_INFORMATION); if (GetAclInformation(pdaclOld, out si, size, ACL_INFORMATION_CLASS.AclSizeInformation) == 0) { throw new Exception(); } uint cb = si.AclBytesInUse + _maxVersion2AceSize; ACL *pdaclNew = (ACL *)LocalAlloc(0, cb); InitializeAcl(ref (*pdaclNew), cb, ACL_REVISION); if (!AddAccessAllowedAceEx(pdaclNew, ACL_REVISION, grfInherit, grfMask, ref *psid)) { throw new Exception(); } for (uint i = 0; i < si.AceCount; ++i) { ACE_HEADER *pace; GetAce(pdaclOld, i, out pace); AddAce(pdaclNew, ACL_REVISION, MAXDWORD, pace, (uint)pace->AceSize); } return(pdaclNew); }
public unsafe static extern Boolean32 CreateWellKnownSid( WellKnownSID WellKnownSidType, SID *DomainSid, SID *pSid, ref uint cbSid);
protected unsafe static extern bool IsValidSid(SID *pSid);
// ACLQueue: // - Local System - Full Control // - Administrators - Full Control internal unsafe static bool ACLQueue(string messageQueue) { messageQueue = @messageQueue; ACL_SIZE_INFORMATION si = new ACL_SIZE_INFORMATION(); uint size = (uint)sizeof(ACL_SIZE_INFORMATION); uint cb = si.AclBytesInUse + _maxVersion2AceSize; // Files and Folders inherit all ACE's uint grfInherit = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE; SID * pAdminSID = null; SID * pSystemSID = null; ACL * pdacl = null; void *pSD = null; try { SID_IDENTIFIER_AUTHORITY SIDAuthNT = new SID_IDENTIFIER_AUTHORITY(); // Defined in winnt.h (&SIDAuthNT.Value_6)[0] = 0; (&SIDAuthNT.Value_6)[1] = 0; (&SIDAuthNT.Value_6)[2] = 0; (&SIDAuthNT.Value_6)[3] = 0; (&SIDAuthNT.Value_6)[4] = 0; (&SIDAuthNT.Value_6)[5] = 5; uint SECURITY_BUILTIN_DOMAIN_RID = 0x00000020; //defined in winnt.h uint DOMAIN_ALIAS_RID_ADMINS = 0x00000220; // defined in winnt.h uint SECURITY_LOCAL_SYSTEM_RID = 0x00000012; // defined in winnt.h ACL *pdaclNew = (ACL *)LocalAlloc(0, cb); InitializeAcl(ref (*pdaclNew), cb, ACL_REVISION); // Administrators Full Control if (AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, out pAdminSID)) { if (IsValidSid(pAdminSID)) { if (!AddAccessAllowedAceEx(pdaclNew, ACL_REVISION, grfInherit, MQSEC_QUEUE_GENERIC_ALL, pAdminSID)) { throw new Exception(); } } } // Local System Full Control if (AllocateAndInitializeSid(&SIDAuthNT, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, out pSystemSID)) { if (IsValidSid(pSystemSID)) { if (!AddAccessAllowedAceEx(pdaclNew, ACL_REVISION, grfInherit, MQSEC_QUEUE_GENERIC_ALL, pSystemSID)) { throw new Exception(); } } } pSD = (void *)LocalAlloc(0, 200); if (!InitializeSecurityDescriptor(pSD, 1)) { throw new Exception(); } if (!SetSecurityDescriptorDacl(pSD, true, pdaclNew, false)) { throw new Exception(); } if (!IsValidSecurityDescriptor(pSD)) { throw new Exception(); } MessageQueue mq = new MessageQueue(messageQueue); if (MQSetQueueSecurity(mq.FormatName, DACL_SECURITY_INFORMATION, pSD) != 0) { throw new Exception(); } } catch { return(false); } finally { if (pSD != null) { LocalFree(pSD); } if (pdacl != null) { LocalFree(pdacl); } if (pAdminSID != null) { LocalFree(pAdminSID); } if (pSystemSID != null) { LocalFree(pSystemSID); } } return(true); }