/// <summary> /// Gets the security information of specified handle from file system /// </summary> /// <param name="sidHandle">Handle to get file security information</param> /// <returns><see cref="CommonObjectSecurity"/>Result</returns> private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle) { var zeroHandle = new IntPtr(); var pSecurityDescriptor = new IntPtr(); try { var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject, Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation, out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor); var win32Error = Marshal.GetLastWin32Error(); // Cancel if call failed if (namedSecInfoResult != 0) { NativeExceptionMapping(PathInfo.FullName, win32Error); } var securityDescriptorLength = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor); var securityDescriptorDataArray = new byte[securityDescriptorLength]; Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, (int)securityDescriptorLength); CommonObjectSecurity securityInfo; if (ContainsFileAttribute(PathInfo.Attributes, FileAttributes.Directory)) { securityInfo = new DirectorySecurity(); securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray); } else { securityInfo = new System.Security.AccessControl.FileSecurity(); securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray); } return(securityInfo); } finally { Win32SafeNativeMethods.LocalFree(zeroHandle); Win32SafeNativeMethods.LocalFree(pSecurityDescriptor); } }
/// <summary> /// Copies the Access Control List (ACL) from one file to another and specify additional ACL rules on the destination file. /// </summary> /// <param name="pathToSourceFile">The path to the source file.</param> /// <param name="pathToDestinationFile">The path to the destination file.</param> /// <param name="additionalFileSystemAccessRules">An array of <see cref="FileSystemAccessRule"/>. The additional ACLs.</param> public static void CopyAccessControlList(string pathToSourceFile, string pathToDestinationFile, FileSystemAccessRule[] additionalFileSystemAccessRules) { if (additionalFileSystemAccessRules == null) { throw new ArgumentNullException("additionalFileSystemAccessRules"); } CheckFilePathParameter("pathToSourceFile", pathToSourceFile); CheckFilePathParameter("pathToDestinationFile", pathToDestinationFile); FileSecurity sourceFileSecurity = File.GetAccessControl(pathToSourceFile); FileSecurity destinationFileSecurity = new FileSecurity(); byte[] securityDescriptor = sourceFileSecurity.GetSecurityDescriptorBinaryForm(); destinationFileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptor); foreach (FileSystemAccessRule fileSystemAccessRule in additionalFileSystemAccessRules) { destinationFileSecurity.AddAccessRule(fileSystemAccessRule); } File.SetAccessControl(pathToDestinationFile, destinationFileSecurity); }
public static FileSecurity GetAccessControl(string path, AccessControlSections includeSections) { var normalizedPath = Path.NormalizeLongPath(Path.GetFullPath(path)); IntPtr SidOwner, SidGroup, Dacl, Sacl, ByteArray; SecurityInfos SecurityInfos = Common.ToSecurityInfos(includeSections); int errorCode = (int)NativeMethods.GetSecurityInfoByName(normalizedPath, (uint)ResourceType.FileObject, (uint)SecurityInfos, out SidOwner, out SidGroup, out Dacl, out Sacl, out ByteArray); ThrowIfError(errorCode, ByteArray); uint Length = NativeMethods.GetSecurityDescriptorLength(ByteArray); byte[] BinaryForm = new byte[Length]; Marshal.Copy(ByteArray, BinaryForm, 0, (int)Length); NativeMethods.LocalFree(ByteArray); var fs = new FileSecurity(); fs.SetSecurityDescriptorBinaryForm(BinaryForm); return fs; }
public FileSecurity GetAccessControl() { IntPtr pSidOwner, pSidGroup, pDacl, pSacl; SafeGlobalMemoryBufferHandle pSecurityDescriptor; uint lastError = SecurityNativeMethods.GetSecurityInfo(SafeFileHandle, ObjectType.FileObject, SecurityInformation.Group | SecurityInformation.Owner | SecurityInformation.Label | SecurityInformation.Dacl | SecurityInformation.Sacl, out pSidOwner, out pSidGroup, out pDacl, out pSacl, out pSecurityDescriptor); try { if (lastError != Win32Errors.ERROR_SUCCESS) NativeError.ThrowException((int)lastError); if (pSecurityDescriptor.IsInvalid) throw new IOException(Resources.InvalidSecurityDescriptorReturnedFromSystem); uint length = SecurityNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor); byte[] managedBuffer = new byte[length]; // See File.GetAccessControlInternal(): .CopyTo() does not work there? pSecurityDescriptor.CopyTo(managedBuffer, 0, (int)length); FileSecurity fs = new FileSecurity(); fs.SetSecurityDescriptorBinaryForm(managedBuffer); return fs; } finally { if (pSecurityDescriptor != null) pSecurityDescriptor.Close(); } }
private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections) { byte[] securityDescriptorBinaryForm = sd.GetSecurityDescriptorBinaryForm(); if (Directory.Exists(path)) { DirectorySecurity directorySecurity = new DirectorySecurity(); directorySecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections); Directory.SetAccessControl(path, directorySecurity); base.WriteSecurityDescriptorObject(directorySecurity, path); } else { FileSecurity fileSecurity = new FileSecurity(); fileSecurity.SetSecurityDescriptorBinaryForm(securityDescriptorBinaryForm, sections); File.SetAccessControl(path, fileSecurity); base.WriteSecurityDescriptorObject(fileSecurity, path); } }
/// <summary> /// Gets the security information of specified handle from file system /// </summary> /// <param name="sidHandle">Handle to get file security information</param> /// <returns><see cref="CommonObjectSecurity"/>Result</returns> private CommonObjectSecurity ReceiveFileSystemSecurityInformation(out IntPtr sidHandle) { var zeroHandle = new IntPtr(); var pSecurityDescriptor = new IntPtr(); try { var namedSecInfoResult = Win32SafeNativeMethods.GetNamedSecurityInfo(PathInfo.FullNameUnc, Win32SecurityObjectType.SeFileObject, Win32FileSystemEntrySecurityInformation.OwnerSecurityInformation | Win32FileSystemEntrySecurityInformation.DaclSecurityInformation, out sidHandle, out zeroHandle, out zeroHandle, out zeroHandle, out pSecurityDescriptor); var win32Error = Marshal.GetLastWin32Error(); // Cancel if call failed if (namedSecInfoResult != 0) { NativeExceptionMapping(PathInfo.FullName, win32Error); } var securityDescriptorLength = Win32SafeNativeMethods.GetSecurityDescriptorLength(pSecurityDescriptor); var securityDescriptorDataArray = new byte[securityDescriptorLength]; Marshal.Copy(pSecurityDescriptor, securityDescriptorDataArray, 0, (int)securityDescriptorLength); CommonObjectSecurity securityInfo; if (ContainsFileAttribute(PathInfo.Attributes, FileAttributes.Directory)) { securityInfo = new DirectorySecurity(); securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray); } else { securityInfo = new System.Security.AccessControl.FileSecurity(); securityInfo.SetSecurityDescriptorBinaryForm(securityDescriptorDataArray); } return securityInfo; } finally { Win32SafeNativeMethods.LocalFree(zeroHandle); Win32SafeNativeMethods.LocalFree(pSecurityDescriptor); } }
} // SetSecurityDescriptor private void SetSecurityDescriptor(string path, ObjectSecurity sd, AccessControlSections sections) { var currentPrivilegeState = new PlatformInvokes.TOKEN_PRIVILEGE(); byte[] securityDescriptorBinary = null; try { // Get the binary form of the descriptor. PlatformInvokes.EnableTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState); securityDescriptorBinary = sd.GetSecurityDescriptorBinaryForm(); } finally { PlatformInvokes.RestoreTokenPrivilege("SeBackupPrivilege", ref currentPrivilegeState); } try { PlatformInvokes.EnableTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState); // Transfer it to the new file / directory. // We keep these two code branches so that we can have more // granular information when we ouput the object type via // WriteSecurityDescriptorObject. if (Directory.Exists(path)) { DirectorySecurity newDescriptor = new DirectorySecurity(); newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections); new DirectoryInfo(path).SetAccessControl(newDescriptor); WriteSecurityDescriptorObject(newDescriptor, path); } else { FileSecurity newDescriptor = new FileSecurity(); newDescriptor.SetSecurityDescriptorBinaryForm(securityDescriptorBinary, sections); new FileInfo(path).SetAccessControl(newDescriptor); WriteSecurityDescriptorObject(newDescriptor, path); } } finally { PlatformInvokes.RestoreTokenPrivilege("SeRestorePrivilege", ref currentPrivilegeState); } }