public static uint ApiGetNamedSecurityInfo(
string objectName,
SecurityDescriptorApi.SE_OBJECT_TYPE object_type,
out SecurityDescriptorApi.SECURITY_DESCRIPTOR pSECURITY_DESCRIPTOR)
{
Logger.Log(string.Format("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo(objectName={0}", objectName), Logger.SecurityDescriptorLogLevel);
IntPtr pZero = IntPtr.Zero;
IntPtr pSidOwner = pZero;
IntPtr pSidGroup = pZero;
IntPtr pDacl = pZero;
IntPtr pSacl = pZero;
IntPtr pSecurityDescriptor = pZero;
uint errorReturn = 0;
pSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();
try
{
errorReturn = SecurityDescriptorApi.GetNamedSecurityInfo(
objectName,
object_type,
SecurityDescriptorApi.SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION |
SecurityDescriptorApi.SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION |
SecurityDescriptorApi.SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
out pSidOwner,
out pSidGroup,
out pDacl,
out pSacl,
out pSecurityDescriptor);
if (errorReturn != 0)
{
Console.WriteLine("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo() errorReturn: {0} ", errorReturn);
return errorReturn;
}
if (pSecurityDescriptor != IntPtr.Zero)
{
pSECURITY_DESCRIPTOR = new SecurityDescriptorApi.SECURITY_DESCRIPTOR();
pSECURITY_DESCRIPTOR = (SecurityDescriptorApi.SECURITY_DESCRIPTOR)Marshal.PtrToStructure(pSecurityDescriptor, typeof(SecurityDescriptorApi.SECURITY_DESCRIPTOR));
}
}
catch (Exception ex)
{
Logger.LogException(string.Format("SecurityDescriptorWrapper.ApiGetNamedSecurityInfo(objectName={0}", objectName), ex);
}
return errorReturn;
}
public static uint ApiBuildTrusteeWithSid(IntPtr pSid, out SecurityDescriptorApi.TRUSTEE Trustee)
{
uint errorReturn = 0;
IntPtr pTrustee = IntPtr.Zero;
Trustee = new SecurityDescriptorApi.TRUSTEE();
try
{
Logger.Log("SecurityDescriptorWrapper.ApiBuildTrusteeWithSid() called", Logger.SecurityDescriptorLogLevel);
pTrustee = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityDescriptorApi.TRUSTEE)));
bool bRet = SecurityDescriptorApi.BuildTrusteeWithSid(ref pTrustee, pSid);
errorReturn = (uint)Marshal.GetLastWin32Error();
Logger.Log("Build trustee returns" + errorReturn);
if (pTrustee != IntPtr.Zero)
{
Trustee = new SecurityDescriptorApi.TRUSTEE();
Trustee = (SecurityDescriptorApi.TRUSTEE)Marshal.PtrToStructure(pTrustee, typeof(SecurityDescriptorApi.TRUSTEE));
}
}
catch (Exception ex)
{
errorReturn = (uint)Marshal.GetLastWin32Error();
Logger.LogException("SecurityDescriptorWrapper.ApiBuildTrusteeWithSid()", ex);
Logger.Log("Build trustee " + Marshal.GetLastWin32Error());
}
return errorReturn;
}
public static extern WinError SetFileSecurity(
[MarshalAs(UnmanagedType.LPWStr)] string lpFileName,
SecurityDescriptorApi.SECURITY_INFORMATION SecurityInformation,
IntPtr pSecurityDescriptor
);
public static bool ApiAdjustTokenPrivileges(ref IntPtr pProcessTokenHandle, string sPrivilizeValue)
{
Logger.Log(string.Format("SecurityDescriptorWrapper.ApiAdjustTokenPrivileges()"), Logger.SecurityDescriptorLogLevel);
bool bIsSuccess = false;
uint returnLength = 0, IreturnLength = 0;
try
{
SecurityDescriptorApi.TOKEN_PRIVILEGES pPreviousTpStruct = new SecurityDescriptorApi.TOKEN_PRIVILEGES();
IntPtr pPreviousToken = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityDescriptorApi.TOKEN_PRIVILEGES)));
//Call the GetTokenInformation at the first time to get the length of the TOKEN_PRIVILEGES structure.
bIsSuccess = SecurityDescriptorApi.GetTokenInformation(
pProcessTokenHandle,
SecurityDescriptorApi.TOKEN_INFORMATION_CLASS.TokenPrivileges,
pPreviousTpStruct,
0,
out returnLength);
Logger.Log("Error at SecurityDescriptorApi.GetTokenInformation: " + Marshal.GetLastWin32Error(), Logger.SecurityDescriptorLogLevel);
bIsSuccess = SecurityDescriptorApi.GetTokenInformation(
pProcessTokenHandle,
SecurityDescriptorApi.TOKEN_INFORMATION_CLASS.TokenPrivileges,
pPreviousTpStruct,
returnLength,
out IreturnLength);
Logger.Log("Error at SecurityDescriptorApi.GetTokenInformation: " + Marshal.GetLastWin32Error(), Logger.SecurityDescriptorLogLevel);
IntPtr pLuid = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(SecurityDescriptorApi.LwLUID)));
SecurityDescriptorApi.LookupPrivilegeValueW("", sPrivilizeValue, out pLuid);
uint privilige = SecurityDescriptorApi.SE_PRIVILEGE_ENABLED; //| SecurityDescriptorApi.SE_SECURITY_NAME;
pPreviousTpStruct.Attributes = (int)privilige;
pPreviousTpStruct.PrivilegeCount = 1;
pPreviousTpStruct.Luid = pLuid;
bIsSuccess = SecurityDescriptorApi.AdjustTokenPrivileges(
pProcessTokenHandle,
false,
pPreviousTpStruct,
0,
IntPtr.Zero,
0);
Logger.Log("Error at SecurityDescriptorApi.AdjustTokenPrivileges: " + Marshal.GetLastWin32Error(), Logger.SecurityDescriptorLogLevel);
if (!bIsSuccess)
{
Logger.Log(string.Format("SecurityDescriptorWrapper.ApiAdjustTokenPrivileges:bIsSuccess()" + bIsSuccess), Logger.SecurityDescriptorLogLevel);
Logger.Log("Error code: " + Marshal.GetLastWin32Error());
}
}
catch (Exception ex)
{
Logger.LogException(string.Format("SecurityDescriptorWrapper.ApiAdjustTokenPrivileges()"), ex);
}
finally
{
//if (pProcessTokenHandle != IntPtr.Zero)
// SecurityDescriptorApi.CloseHandle(pProcessTokenHandle);
}
return(bIsSuccess);
}
public static extern WinError GetFileSecurity(
[MarshalAs(UnmanagedType.LPWStr)] string lpFileName,
SecurityDescriptorApi.SECURITY_INFORMATION RequestedInformation,
ref IntPtr pSecurityDescriptor,
uint nLength,
out uint lpnLengthNeeded
);