private void PopulateData()
{
if (!_data_populated)
{
_data_populated = true;
if (NtObject.CanOpenType(TypeName))
{
try
{
using (NtObject obj = ToObject())
{
if (obj.IsAccessGrantedRaw(GenericAccessRights.ReadControl))
{
_sd = obj.SecurityDescriptor;
}
NtSymbolicLink link = obj as NtSymbolicLink;
if (link != null && link.IsAccessGranted(SymbolicLinkAccessRights.Query))
{
_symlink_target = link.Target;
}
_maximum_granted_access = obj.GrantedAccessObject;
}
}
catch
{
}
}
}
}
static void UpdateSecurity(string path)
{
var sd = new NtApiDotNet.SecurityDescriptor("D:AI(A;;FA;;;WD)(A;;FA;;;AC)");
using (var file = NtFile.Open(NtFileUtils.DosFileNameToNt(path), null, FileAccessRights.WriteDac))
{
file.SetSecurityDescriptor(sd, NtApiDotNet.SecurityInformation.Dacl);
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="object_name">The object name, can be null.</param>
/// <param name="attributes">The object attribute flags.</param>
/// <param name="root">An optional root handle, can be SafeKernelObjectHandle.Null. Will duplicate the handle.</param>
/// <param name="sqos">An optional security quality of service.</param>
/// <param name="security_descriptor">An optional security descriptor.</param>
public ObjectAttributes(string object_name, AttributeFlags attributes, NtObject root,
SecurityQualityOfService sqos, SecurityDescriptor security_descriptor)
: this(object_name, attributes, root != null ? root.Handle : SafeKernelObjectHandle.Null, sqos, security_descriptor)
{
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="object_name">The object name, can be null.</param>
/// <param name="attributes">The object attribute flags.</param>
/// <param name="root">An optional root handle, can be SafeKernelObjectHandle.Null. Will duplicate the handle.</param>
/// <param name="sqos">An optional security quality of service.</param>
/// <param name="security_descriptor">An optional security descriptor.</param>
public ObjectAttributes(string object_name, AttributeFlags attributes, SafeKernelObjectHandle root,
SecurityQualityOfService sqos, SecurityDescriptor security_descriptor)
{
Length = Marshal.SizeOf(this);
if (object_name != null)
{
ObjectName = new UnicodeString(object_name).ToBuffer();
}
else
{
ObjectName = SafeHGlobalBuffer.Null;
}
Attributes = attributes;
if (sqos != null)
{
SecurityQualityOfService = sqos.ToBuffer();
}
else
{
SecurityQualityOfService = SafeHGlobalBuffer.Null;
}
RootDirectory = !root.IsInvalid ? NtObject.DuplicateHandle(root) : SafeKernelObjectHandle.Null;
if (security_descriptor != null)
{
SecurityDescriptor = security_descriptor.ToSafeBuffer();
}
else
{
SecurityDescriptor = SafeHGlobalBuffer.Null;
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="base_object">Base object for security descriptor</param>
/// <param name="token">Token for determining user rights</param>
/// <param name="is_directory">True if a directory security descriptor</param>
public SecurityDescriptor(NtObject base_object, NtToken token, bool is_directory) : this()
{
if ((base_object == null) && (token == null))
{
throw new ArgumentNullException();
}
SecurityDescriptor parent_sd = null;
if (base_object != null)
{
parent_sd = base_object.SecurityDescriptor;
}
SecurityDescriptor creator_sd = null;
if (token != null)
{
creator_sd = new SecurityDescriptor();
creator_sd.Owner = new SecurityDescriptorSid(token.Owner, false);
creator_sd.Group = new SecurityDescriptorSid(token.PrimaryGroup, false);
creator_sd.Dacl = token.DefaultDalc;
}
NtType type = NtType.GetTypeByName(base_object.NtTypeName);
SafeBuffer parent_sd_buffer = SafeHGlobalBuffer.Null;
SafeBuffer creator_sd_buffer = SafeHGlobalBuffer.Null;
SafeSecurityObjectHandle security_obj = null;
try
{
if (parent_sd != null)
{
parent_sd_buffer = parent_sd.ToSafeBuffer();
}
if (creator_sd != null)
{
creator_sd_buffer = creator_sd.ToSafeBuffer();
}
GenericMapping mapping = type.GenericMapping;
NtRtl.RtlNewSecurityObject(parent_sd_buffer, creator_sd_buffer, out security_obj, is_directory,
token != null ? token.Handle : SafeKernelObjectHandle.Null, ref mapping).ToNtException();
ParseSecurityDescriptor(security_obj);
}
finally
{
if (parent_sd_buffer != null)
{
parent_sd_buffer.Close();
}
if (creator_sd_buffer != null)
{
creator_sd_buffer.Close();
}
if (security_obj != null)
{
security_obj.Close();
}
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="base_object">Base object for security descriptor</param>
/// <param name="token">Token for determining user rights</param>
/// <param name="is_directory">True if a directory security descriptor</param>
public SecurityDescriptor(NtObject base_object, NtToken token, bool is_directory) : this()
{
if ((base_object == null) && (token == null))
{
throw new ArgumentNullException();
}
SecurityDescriptor parent_sd = null;
if (base_object != null)
{
parent_sd = base_object.SecurityDescriptor;
}
SecurityDescriptor creator_sd = null;
if (token != null)
{
creator_sd = new SecurityDescriptor();
creator_sd.Owner = new SecurityDescriptorSid(token.Owner, false);
creator_sd.Group = new SecurityDescriptorSid(token.PrimaryGroup, false);
creator_sd.Dacl = token.DefaultDalc;
}
NtType type = NtType.GetTypeByName(base_object.NtTypeName);
SafeBuffer parent_sd_buffer = SafeHGlobalBuffer.Null;
SafeBuffer creator_sd_buffer = SafeHGlobalBuffer.Null;
SafeSecurityObjectHandle security_obj = null;
try
{
if (parent_sd != null)
{
parent_sd_buffer = parent_sd.ToSafeBuffer();
}
if (creator_sd != null)
{
creator_sd_buffer = creator_sd.ToSafeBuffer();
}
GenericMapping mapping = type.GenericMapping;
NtRtl.RtlNewSecurityObject(parent_sd_buffer, creator_sd_buffer, out security_obj, is_directory,
token != null ? token.Handle : SafeKernelObjectHandle.Null, ref mapping).ToNtException();
ParseSecurityDescriptor(security_obj);
}
finally
{
if (parent_sd_buffer != null)
{
parent_sd_buffer.Close();
}
if (creator_sd_buffer != null)
{
creator_sd_buffer.Close();
}
if (security_obj != null)
{
security_obj.Close();
}
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="object_name">The object name, can be null.</param>
/// <param name="attributes">The object attribute flags.</param>
/// <param name="root">An optional root handle, Will duplicate the handle.</param>
/// <param name="sqos">An optional security quality of service.</param>
/// <param name="security_descriptor">An optional security descriptor.</param>
public ObjectAttributes(string object_name, AttributeFlags attributes, NtObject root,
SecurityQualityOfService sqos, SecurityDescriptor security_descriptor)
: this(object_name, attributes, root?.Handle ?? SafeKernelObjectHandle.Null, sqos, security_descriptor)
{
}
/// <summary> /// Get the security descriptor as an SDDL string /// </summary> /// <returns>The security descriptor as an SDDL string</returns> public string GetSddl() => SecurityDescriptor.ToSddl();
/// <summary>
/// Set the object's security descriptor
/// </summary>
/// <param name="security_desc">The security descriptor to set.</param>
/// <param name="security_information">What parts of the security descriptor to set</param>
public void SetSecurityDescriptor(SecurityDescriptor security_desc, SecurityInformation security_information)
{
SetSecurityDescriptor(security_desc, security_information, true);
}
/// <summary>
/// Set the object's security descriptor
/// </summary>
/// <param name="security_desc">The security descriptor to set.</param>
/// <param name="security_information">What parts of the security descriptor to set</param>
public void SetSecurityDescriptor(SecurityDescriptor security_desc, SecurityInformation security_information)
{
SetSecurityDescriptor(security_desc.ToByteArray(), security_information);
}
private void ReadStateData(NtKeyValue value)
{
_security_descriptor = new SecurityDescriptor(value.Data, NtType.GetTypeByName(WNF_NT_TYPE_NAME));
}