internal static UnsafeNativeMethods.SECURITY_ATTRIBUTES GetSecAttrs(HandleInheritability inheritability) { UnsafeNativeMethods.SECURITY_ATTRIBUTES secAttrs = null; if ((inheritability & HandleInheritability.Inheritable) != 0) { secAttrs = new UnsafeNativeMethods.SECURITY_ATTRIBUTES(); secAttrs.nLength = (int)Marshal.SizeOf(secAttrs); secAttrs.bInheritHandle = 1; } return secAttrs; }
internal LogStream(String path, int bufferSize, LogRetentionOption retention, long maxFileSize, int maxNumOfFiles) { Debug.Assert(!String.IsNullOrEmpty(path)); // Get absolute path - Security needs this to prevent something // like trying to create a file in c:\tmp with the name // "..\WinNT\System32\ntoskrnl.exe". Store it for user convenience. //String filePath = Path.GetFullPathInternal(path); String filePath = Path.GetFullPath(path); _fileName = filePath; // Prevent access to your disk drives as raw block devices. if (filePath.StartsWith("\\\\.\\", StringComparison.Ordinal)) throw new NotSupportedException(SR.GetString(SR.NotSupported_IONonFileDevices)); UnsafeNativeMethods.SECURITY_ATTRIBUTES secAttrs = GetSecAttrs(FileShare.Read); // For mitigating local elevation of privilege attack through named pipes // make sure we always call CreateFile with SECURITY_ANONYMOUS so that the // named pipe server can't impersonate a high privileged client security context int flagsAndAttributes = (int)FileOptions.None | (UnsafeNativeMethods.SECURITY_SQOS_PRESENT | UnsafeNativeMethods.SECURITY_ANONYMOUS); // Only write is enabled //_canRead = false; //_canSeek = false; _canWrite = true; _pathSav = filePath; _fAccessSav = UnsafeNativeMethods.GENERIC_WRITE; _shareSav = FileShare.Read; _secAttrsSav = secAttrs; _secAccessSav = FileIOPermissionAccess.Write; _modeSav = (retention != LogRetentionOption.SingleFileUnboundedSize)? FileMode.Create : FileMode.OpenOrCreate; _flagsAndAttributesSav = flagsAndAttributes; _seekToEndSav = (retention != LogRetentionOption.SingleFileUnboundedSize)? false : true; this.bufferSize = bufferSize; _retention = retention; _maxFileSize = maxFileSize; _maxNumberOfFiles = maxNumOfFiles; _Init(filePath, _fAccessSav, _shareSav, _secAttrsSav, _secAccessSav, _modeSav, _flagsAndAttributesSav, _seekToEndSav); }
internal unsafe static UnsafeNativeMethods.SECURITY_ATTRIBUTES GetSecAttrs(HandleInheritability inheritability, PipeSecurity pipeSecurity, out Object pinningHandle) { pinningHandle = null; UnsafeNativeMethods.SECURITY_ATTRIBUTES secAttrs = null; if ((inheritability & HandleInheritability.Inheritable) != 0 || pipeSecurity != null) { secAttrs = new UnsafeNativeMethods.SECURITY_ATTRIBUTES(); secAttrs.nLength = (int)Marshal.SizeOf(secAttrs); if ((inheritability & HandleInheritability.Inheritable) != 0) { secAttrs.bInheritHandle = 1; } // For ACLs, get the security descriptor from the PipeSecurity. if (pipeSecurity != null) { byte[] sd = pipeSecurity.GetSecurityDescriptorBinaryForm(); pinningHandle = GCHandle.Alloc(sd, GCHandleType.Pinned); fixed (byte* pSecDescriptor = sd) { secAttrs.pSecurityDescriptor = pSecDescriptor; } } } return secAttrs; }
private static UnsafeNativeMethods.SECURITY_ATTRIBUTES GetSecAttrs(FileShare share) { UnsafeNativeMethods.SECURITY_ATTRIBUTES secAttrs = null; if ((share & FileShare.Inheritable) != 0) { secAttrs = new UnsafeNativeMethods.SECURITY_ATTRIBUTES(); secAttrs.nLength = (int)Marshal.SizeOf(secAttrs); secAttrs.bInheritHandle = 1; } return secAttrs; }