/// <summary>
/// Gets the security information of specified handle from file system
/// </summary>
/// <param name="sidHandle">Handle to get file security information</param>
/// <returns><see cref="CommonObjectSecurity"/>Result</returns>
private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle)
{
var zeroHandle = new IntPtr();
var pSecurityDescriptor = new IntPtr();
try
{
var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject,
Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation,
out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor);
var win32Error = Marshal.GetLastWin32Error();
// Cancel if call failed
if (namedSecInfoResult != 0)
{
NativeExceptionMapping(PathInfo.FullName, win32Error);
}
var securityDescriptorLength = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor);
var securityDescriptorDataArray = new byte[securityDescriptorLength];
Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, (int)securityDescriptorLength);
CommonObjectSecurity securityInfo;
if (ContainsFileAttribute(PathInfo.Attributes, FileAttributes.Directory))
{
securityInfo = new DirectorySecurity();
securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
}
else
{
securityInfo = new System.Security.AccessControl.FileSecurity();
securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
}
return(securityInfo);
}
finally
{
Win32SafeNativeMethods.LocalFree(zeroHandle);
Win32SafeNativeMethods.LocalFree(pSecurityDescriptor);
}
}
/// <summary>
/// Copies the Access Control List (ACL) from one file to another and specify additional ACL rules on the destination file.
/// </summary>
/// <param name="pathToSourceFile">The path to the source file.</param>
/// <param name="pathToDestinationFile">The path to the destination file.</param>
/// <param name="additionalFileSystemAccessRules">An array of <see cref="FileSystemAccessRule"/>. The additional ACLs.</param>
public static void CopyAccessControlList(string pathToSourceFile, string pathToDestinationFile, FileSystemAccessRule[] additionalFileSystemAccessRules)
{
if (additionalFileSystemAccessRules == null)
{
throw new ArgumentNullException("additionalFileSystemAccessRules");
}
CheckFilePathParameter("pathToSourceFile", pathToSourceFile);
CheckFilePathParameter("pathToDestinationFile", pathToDestinationFile);
FileSecurity sourceFileSecurity = File.GetAccessControl(pathToSourceFile);
FileSecurity destinationFileSecurity = new FileSecurity();
byte[] securityDescriptor = sourceFileSecurity.GetSecurityDescriptorBinaryForm();
destinationFileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptor);
foreach (FileSystemAccessRule fileSystemAccessRule in additionalFileSystemAccessRules)
{
destinationFileSecurity.AddAccessRule(fileSystemAccessRule);
}
File.SetAccessControl(pathToDestinationFile, destinationFileSecurity);
}
public static FileSecurity GetAccessControl(string path, AccessControlSections includeSections)
{
var normalizedPath = Path.NormalizeLongPath(Path.GetFullPath(path));
IntPtr SidOwner, SidGroup, Dacl, Sacl, ByteArray;
SecurityInfos SecurityInfos =
Common.ToSecurityInfos(includeSections);
int errorCode = (int)NativeMethods.GetSecurityInfoByName(normalizedPath,
(uint)ResourceType.FileObject,
(uint)SecurityInfos,
out SidOwner,
out SidGroup,
out Dacl,
out Sacl,
out ByteArray);
ThrowIfError(errorCode, ByteArray);
uint Length = NativeMethods.GetSecurityDescriptorLength(ByteArray);
byte[] BinaryForm = new byte[Length];
Marshal.Copy(ByteArray, BinaryForm, 0, (int)Length);
NativeMethods.LocalFree(ByteArray);
var fs = new FileSecurity();
fs.SetSecurityDescriptorBinaryForm(BinaryForm);
return fs;
}
public FileSecurity GetAccessControl()
{
IntPtr pSidOwner, pSidGroup, pDacl, pSacl;
SafeGlobalMemoryBufferHandle pSecurityDescriptor;
uint lastError = SecurityNativeMethods.GetSecurityInfo(SafeFileHandle, ObjectType.FileObject,
SecurityInformation.Group | SecurityInformation.Owner | SecurityInformation.Label | SecurityInformation.Dacl | SecurityInformation.Sacl,
out pSidOwner, out pSidGroup, out pDacl, out pSacl, out pSecurityDescriptor);
try
{
if (lastError != Win32Errors.ERROR_SUCCESS)
NativeError.ThrowException((int)lastError);
if (pSecurityDescriptor.IsInvalid)
throw new IOException(Resources.InvalidSecurityDescriptorReturnedFromSystem);
uint length = SecurityNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor);
byte[] managedBuffer = new byte[length];
// See File.GetAccessControlInternal(): .CopyTo() does not work there?
pSecurityDescriptor.CopyTo(managedBuffer, 0, (int)length);
FileSecurity fs = new FileSecurity();
fs.SetSecurityDescriptorBinaryForm(managedBuffer);
return fs;
}
finally
{
if (pSecurityDescriptor != null)
pSecurityDescriptor.Close();
}
}
private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
{
byte[] securityDescriptorBinaryForm = sd.GetSecurityDescriptorBinaryForm();
if (Directory.Exists(path))
{
DirectorySecurity directorySecurity = new DirectorySecurity();
directorySecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections);
Directory.SetAccessControl(path, directorySecurity);
base.WriteSecurityDescriptorObject(directorySecurity, path);
}
else
{
FileSecurity fileSecurity = new FileSecurity();
fileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections);
File.SetAccessControl(path, fileSecurity);
base.WriteSecurityDescriptorObject(fileSecurity, path);
}
}
/// <summary>
/// Gets the security information of specified handle from file system
/// </summary>
/// <param name="sidHandle">Handle to get file security information</param>
/// <returns><see cref="CommonObjectSecurity"/>Result</returns>
private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle)
{
var zeroHandle = new IntPtr();
var pSecurityDescriptor = new IntPtr();
try
{
var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject,
Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation,
out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor);
var win32Error = Marshal.GetLastWin32Error();
// Cancel if call failed
if (namedSecInfoResult != 0)
{
NativeExceptionMapping(PathInfo.FullName, win32Error);
}
var securityDescriptorLength = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor);
var securityDescriptorDataArray = new byte[securityDescriptorLength];
Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, (int)securityDescriptorLength);
CommonObjectSecurity securityInfo;
if (ContainsFileAttribute(PathInfo.Attributes, FileAttributes.Directory))
{
securityInfo = new DirectorySecurity();
securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
}
else
{
securityInfo = new System.Security.AccessControl.FileSecurity();
securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray);
}
return securityInfo;
}
finally
{
Win32SafeNativeMethods.LocalFree(zeroHandle);
Win32SafeNativeMethods.LocalFree(pSecurityDescriptor);
}
}
} // SetSecurityDescriptor
private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections)
{
var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE();
byte[] securityDescriptorBinary = null;
try
{
// Get the binary form of the descriptor.
PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm();
}
finally
{
PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState);
}
try
{
PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
// Transfer it to the new file / directory.
// We keep these two code branches so that we can have more
// granular information when we ouput the object type via
// WriteSecurityDescriptorObject.
if (Directory.Exists(path))
{
DirectorySecurity newDescriptor = new DirectorySecurity();
newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
new DirectoryInfo(path).SetAccessControl(newDescriptor);
WriteSecurityDescriptorObject(newDescriptor, path);
}
else
{
FileSecurity newDescriptor = new FileSecurity();
newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections);
new FileInfo(path).SetAccessControl(newDescriptor);
WriteSecurityDescriptorObject(newDescriptor, path);
}
}
finally
{
PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState);
}
}
